Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect and Browser Setting Hijacker [Solved]


  • This topic is locked This topic is locked

#16
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

I am getting my next fix approved. It may take a while. Thank you for your patience.


  • 0

Advertisements


#17
t5403cg

t5403cg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

No problem....appreciate the assistance...just wished to make sure I was not on the hook for anything...! :yes:


Edited by t5403cg, 16 April 2014 - 12:56 PM.

  • 0

#18
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
  • Step 1

    Download 'RogueKiller by Tigzy' and save it to your desktop.
    • Ensure all programs and windows are closed before proceeding.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Wait for its initial scan to complete.
      • Accept its EULA.
      • Click the Scan button after.
    • Once the scan has finished, click the Delete button.
    • Click Report--a log will pop-up shortly.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
    • The log will also be made available in the same location as RogueKiller, called RKreport[N]_D_MMDDYYYY_HHMMSS.txt.
  • Step 2

    Download 'ESET Services Repair by ESET' and save it to your desktop.
    • Double-click the file. It will ask for administrator privileges. Allow it by clicking Yes.
    • You will be asked to confirm. Press Yes to continue.
    • Once done, you will be asked to reboot. Press Yes once more.
  • Step 3

    If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.

      SNBlQhy.png

    • Copy and paste the following into the Custom Scans/Fixes box:
      netsvcs
      BASESERVICES
      %SYSTEMDRIVE%\*.exe
      dir "%systemdrive%\*" /S /A:L /C
      /md5start
      services.*
      explorer.exe
      Userinit.exe
      svchost.exe
      /md5stop
      CREATERESTOREPOINT
    • Click Run Scan.
    • Files are being searched and it may take some time. Once done, two Notepad windows will appear, named OTL.txt and Extras.txt. Alternatively, you can also find these at your desktop.
    • Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • RKreport[N]_D_MMDDYYYY_HHMMSS.txt (RogueKiller)
    • Extras.txt (OTL)
    • OTL.txt (OTL)

  • 0

#19
t5403cg

t5403cg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

RogueKiller Log:

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : t5403cg [Admin rights]
Mode : Remove -- Date : 04/17/2014 05:43:41
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : OTL ("C:\Users\t5403cg\Desktop\Maleware\OTL.exe" [-]) -> DELETED
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][SUSP PATH] HKCR\[...]\InprocServer32 :  (\\?\globalroot\Device\HarddiskVolume1\Users\t5403cg\AppData\Local\Temp\syncsvb\sxynbvq\wow.dll [x]) -> REPLACED (C:\Windows\system32\shell32.dll)

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] At1.job : C:\Users\t5403cg\AppData\Local\Temp\hisadconf.exe - -delete >> nul [x] -> DELETED
[V2][SUSP PATH] At1 : C:\Users\t5403cg\AppData\Local\Temp\hisadconf.exe - -delete >> nul [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @iexplore.exe (BeginBufferedAnimation) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DF38)
[Address] EAT @iexplore.exe (BeginBufferedPaint) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182B741)
[Address] EAT @iexplore.exe (BeginPanningFeedback) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718476AF)
[Address] EAT @iexplore.exe (BufferedPaintClear) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182BBDB)
[Address] EAT @iexplore.exe (BufferedPaintInit) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182B8D4)
[Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DE83)
[Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CE19)
[Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E428)
[Address] EAT @iexplore.exe (BufferedPaintUnInit) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837525)
[Address] EAT @iexplore.exe (CloseThemeData) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71821FA1)
[Address] EAT @iexplore.exe (DrawThemeBackground) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182D464)
[Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183436D)
[Address] EAT @iexplore.exe (DrawThemeEdge) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C01C)
[Address] EAT @iexplore.exe (DrawThemeIcon) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184D123)
[Address] EAT @iexplore.exe (DrawThemeParentBackground) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E776)
[Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E5C5)
[Address] EAT @iexplore.exe (DrawThemeText) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DB21)
[Address] EAT @iexplore.exe (DrawThemeTextEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182A70C)
[Address] EAT @iexplore.exe (EnableThemeDialogTexture) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183786D)
[Address] EAT @iexplore.exe (EnableTheming) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C9FF)
[Address] EAT @iexplore.exe (EndBufferedAnimation) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182ACE8)
[Address] EAT @iexplore.exe (EndBufferedPaint) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182ACE8)
[Address] EAT @iexplore.exe (EndPanningFeedback) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184762C)
[Address] EAT @iexplore.exe (GetBufferedPaintBits) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182CF26)
[Address] EAT @iexplore.exe (GetBufferedPaintDC) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CDCF)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CD86)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C893)
[Address] EAT @iexplore.exe (GetCurrentThemeName) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718363AE)
[Address] EAT @iexplore.exe (GetThemeAppProperties) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182EBD6)
[Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DA9E)
[Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837155)
[Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71830190)
[Address] EAT @iexplore.exe (GetThemeBitmap) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71824B9C)
[Address] EAT @iexplore.exe (GetThemeBool) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71826651)
[Address] EAT @iexplore.exe (GetThemeColor) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718227C0)
[Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C346)
[Address] EAT @iexplore.exe (GetThemeEnumValue) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718227C0)
[Address] EAT @iexplore.exe (GetThemeFilename) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B997)
[Address] EAT @iexplore.exe (GetThemeFont) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718376A2)
[Address] EAT @iexplore.exe (GetThemeInt) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718227C0)
[Address] EAT @iexplore.exe (GetThemeIntList) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B86E)
[Address] EAT @iexplore.exe (GetThemeMargins) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71822F97)
[Address] EAT @iexplore.exe (GetThemeMetric) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718355B4)
[Address] EAT @iexplore.exe (GetThemePartSize) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182289F)
[Address] EAT @iexplore.exe (GetThemePosition) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B80D)
[Address] EAT @iexplore.exe (GetThemePropertyOrigin) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71830923)
[Address] EAT @iexplore.exe (GetThemeRect) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B936)
[Address] EAT @iexplore.exe (GetThemeStream) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B8CF)
[Address] EAT @iexplore.exe (GetThemeString) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B7A1)
[Address] EAT @iexplore.exe (GetThemeSysBool) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CB86)
[Address] EAT @iexplore.exe (GetThemeSysColor) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71835530)
[Address] EAT @iexplore.exe (GetThemeSysColorBrush) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CA32)
[Address] EAT @iexplore.exe (GetThemeSysFont) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C3D8)
[Address] EAT @iexplore.exe (GetThemeSysInt) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C5E7)
[Address] EAT @iexplore.exe (GetThemeSysSize) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CC61)
[Address] EAT @iexplore.exe (GetThemeSysString) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C553)
[Address] EAT @iexplore.exe (GetThemeTextExtent) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718289FE)
[Address] EAT @iexplore.exe (GetThemeTextMetrics) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183778C)
[Address] EAT @iexplore.exe (GetThemeTransitionDuration) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E1A1)
[Address] EAT @iexplore.exe (GetWindowTheme) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183535B)
[Address] EAT @iexplore.exe (HitTestThemeBackground) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71832DC1)
[Address] EAT @iexplore.exe (IsAppThemed) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837009)
[Address] EAT @iexplore.exe (IsCompositionActive) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718265DF)
[Address] EAT @iexplore.exe (IsThemeActive) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71836F36)
[Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182281C)
[Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CB3F)
[Address] EAT @iexplore.exe (IsThemePartDefined) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718230CF)
[Address] EAT @iexplore.exe (OpenThemeData) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71825F29)
[Address] EAT @iexplore.exe (OpenThemeDataEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718306FE)
[Address] EAT @iexplore.exe (SetThemeAppProperties) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CCEC)
[Address] EAT @iexplore.exe (SetWindowTheme) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837AFC)
[Address] EAT @iexplore.exe (SetWindowThemeAttribute) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71829E39)
[Address] EAT @iexplore.exe (ThemeInitApiHook) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71824571)
[Address] EAT @iexplore.exe (UpdatePanningFeedback) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718475ED)
[Address] EAT @iexplore.exe (BeginBufferedAnimation) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DF38)
[Address] EAT @iexplore.exe (BeginBufferedPaint) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182B741)
[Address] EAT @iexplore.exe (BeginPanningFeedback) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718476AF)
[Address] EAT @iexplore.exe (BufferedPaintClear) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182BBDB)
[Address] EAT @iexplore.exe (BufferedPaintInit) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182B8D4)
[Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DE83)
[Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CE19)
[Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E428)
[Address] EAT @iexplore.exe (BufferedPaintUnInit) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837525)
[Address] EAT @iexplore.exe (CloseThemeData) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71821FA1)
[Address] EAT @iexplore.exe (DrawThemeBackground) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182D464)
[Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183436D)
[Address] EAT @iexplore.exe (DrawThemeEdge) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C01C)
[Address] EAT @iexplore.exe (DrawThemeIcon) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184D123)
[Address] EAT @iexplore.exe (DrawThemeParentBackground) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E776)
[Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E5C5)
[Address] EAT @iexplore.exe (DrawThemeText) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DB21)
[Address] EAT @iexplore.exe (DrawThemeTextEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182A70C)
[Address] EAT @iexplore.exe (EnableThemeDialogTexture) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183786D)
[Address] EAT @iexplore.exe (EnableTheming) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C9FF)
[Address] EAT @iexplore.exe (EndBufferedAnimation) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182ACE8)
[Address] EAT @iexplore.exe (EndBufferedPaint) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182ACE8)
[Address] EAT @iexplore.exe (EndPanningFeedback) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184762C)
[Address] EAT @iexplore.exe (GetBufferedPaintBits) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182CF26)
[Address] EAT @iexplore.exe (GetBufferedPaintDC) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CDCF)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CD86)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C893)
[Address] EAT @iexplore.exe (GetCurrentThemeName) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718363AE)
[Address] EAT @iexplore.exe (GetThemeAppProperties) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182EBD6)
[Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DA9E)
[Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837155)
[Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71830190)
[Address] EAT @iexplore.exe (GetThemeBitmap) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71824B9C)
[Address] EAT @iexplore.exe (GetThemeBool) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71826651)
[Address] EAT @iexplore.exe (GetThemeColor) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718227C0)
[Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C346)
[Address] EAT @iexplore.exe (GetThemeEnumValue) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718227C0)
[Address] EAT @iexplore.exe (GetThemeFilename) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B997)
[Address] EAT @iexplore.exe (GetThemeFont) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718376A2)
[Address] EAT @iexplore.exe (GetThemeInt) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718227C0)
[Address] EAT @iexplore.exe (GetThemeIntList) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B86E)
[Address] EAT @iexplore.exe (GetThemeMargins) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71822F97)
[Address] EAT @iexplore.exe (GetThemeMetric) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718355B4)
[Address] EAT @iexplore.exe (GetThemePartSize) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182289F)
[Address] EAT @iexplore.exe (GetThemePosition) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B80D)
[Address] EAT @iexplore.exe (GetThemePropertyOrigin) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71830923)
[Address] EAT @iexplore.exe (GetThemeRect) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B936)
[Address] EAT @iexplore.exe (GetThemeStream) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B8CF)
[Address] EAT @iexplore.exe (GetThemeString) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B7A1)
[Address] EAT @iexplore.exe (GetThemeSysBool) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CB86)
[Address] EAT @iexplore.exe (GetThemeSysColor) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71835530)
[Address] EAT @iexplore.exe (GetThemeSysColorBrush) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CA32)
[Address] EAT @iexplore.exe (GetThemeSysFont) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C3D8)
[Address] EAT @iexplore.exe (GetThemeSysInt) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C5E7)
[Address] EAT @iexplore.exe (GetThemeSysSize) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CC61)
[Address] EAT @iexplore.exe (GetThemeSysString) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C553)
[Address] EAT @iexplore.exe (GetThemeTextExtent) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718289FE)
[Address] EAT @iexplore.exe (GetThemeTextMetrics) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183778C)
[Address] EAT @iexplore.exe (GetThemeTransitionDuration) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E1A1)
[Address] EAT @iexplore.exe (GetWindowTheme) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183535B)
[Address] EAT @iexplore.exe (HitTestThemeBackground) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71832DC1)
[Address] EAT @iexplore.exe (IsAppThemed) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837009)
[Address] EAT @iexplore.exe (IsCompositionActive) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718265DF)
[Address] EAT @iexplore.exe (IsThemeActive) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71836F36)
[Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182281C)
[Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CB3F)
[Address] EAT @iexplore.exe (IsThemePartDefined) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718230CF)
[Address] EAT @iexplore.exe (OpenThemeData) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71825F29)
[Address] EAT @iexplore.exe (OpenThemeDataEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718306FE)
[Address] EAT @iexplore.exe (SetThemeAppProperties) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CCEC)
[Address] EAT @iexplore.exe (SetWindowTheme) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837AFC)
[Address] EAT @iexplore.exe (SetWindowThemeAttribute) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71829E39)
[Address] EAT @iexplore.exe (ThemeInitApiHook) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71824571)
[Address] EAT @iexplore.exe (UpdatePanningFeedback) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718475ED)
[Address] EAT @iexplore.exe (BeginBufferedAnimation) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DF38)
[Address] EAT @iexplore.exe (BeginBufferedPaint) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182B741)
[Address] EAT @iexplore.exe (BeginPanningFeedback) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718476AF)
[Address] EAT @iexplore.exe (BufferedPaintClear) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182BBDB)
[Address] EAT @iexplore.exe (BufferedPaintInit) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182B8D4)
[Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DE83)
[Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CE19)
[Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E428)
[Address] EAT @iexplore.exe (BufferedPaintUnInit) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837525)
[Address] EAT @iexplore.exe (CloseThemeData) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71821FA1)
[Address] EAT @iexplore.exe (DrawThemeBackground) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182D464)
[Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183436D)
[Address] EAT @iexplore.exe (DrawThemeEdge) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C01C)
[Address] EAT @iexplore.exe (DrawThemeIcon) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184D123)
[Address] EAT @iexplore.exe (DrawThemeParentBackground) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E776)
[Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E5C5)
[Address] EAT @iexplore.exe (DrawThemeText) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DB21)
[Address] EAT @iexplore.exe (DrawThemeTextEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182A70C)
[Address] EAT @iexplore.exe (EnableThemeDialogTexture) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183786D)
[Address] EAT @iexplore.exe (EnableTheming) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C9FF)
[Address] EAT @iexplore.exe (EndBufferedAnimation) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182ACE8)
[Address] EAT @iexplore.exe (EndBufferedPaint) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182ACE8)
[Address] EAT @iexplore.exe (EndPanningFeedback) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184762C)
[Address] EAT @iexplore.exe (GetBufferedPaintBits) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182CF26)
[Address] EAT @iexplore.exe (GetBufferedPaintDC) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CDCF)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CD86)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C893)
[Address] EAT @iexplore.exe (GetCurrentThemeName) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718363AE)
[Address] EAT @iexplore.exe (GetThemeAppProperties) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182EBD6)
[Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DA9E)
[Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837155)
[Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71830190)
[Address] EAT @iexplore.exe (GetThemeBitmap) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71824B9C)
[Address] EAT @iexplore.exe (GetThemeBool) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71826651)
[Address] EAT @iexplore.exe (GetThemeColor) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718227C0)
[Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C346)
[Address] EAT @iexplore.exe (GetThemeEnumValue) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718227C0)
[Address] EAT @iexplore.exe (GetThemeFilename) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B997)
[Address] EAT @iexplore.exe (GetThemeFont) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718376A2)
[Address] EAT @iexplore.exe (GetThemeInt) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718227C0)
[Address] EAT @iexplore.exe (GetThemeIntList) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B86E)
[Address] EAT @iexplore.exe (GetThemeMargins) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71822F97)
[Address] EAT @iexplore.exe (GetThemeMetric) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718355B4)
[Address] EAT @iexplore.exe (GetThemePartSize) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182289F)
[Address] EAT @iexplore.exe (GetThemePosition) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B80D)
[Address] EAT @iexplore.exe (GetThemePropertyOrigin) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71830923)
[Address] EAT @iexplore.exe (GetThemeRect) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B936)
[Address] EAT @iexplore.exe (GetThemeStream) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B8CF)
[Address] EAT @iexplore.exe (GetThemeString) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B7A1)
[Address] EAT @iexplore.exe (GetThemeSysBool) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CB86)
[Address] EAT @iexplore.exe (GetThemeSysColor) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71835530)
[Address] EAT @iexplore.exe (GetThemeSysColorBrush) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CA32)
[Address] EAT @iexplore.exe (GetThemeSysFont) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C3D8)
[Address] EAT @iexplore.exe (GetThemeSysInt) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C5E7)
[Address] EAT @iexplore.exe (GetThemeSysSize) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CC61)
[Address] EAT @iexplore.exe (GetThemeSysString) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C553)
[Address] EAT @iexplore.exe (GetThemeTextExtent) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718289FE)
[Address] EAT @iexplore.exe (GetThemeTextMetrics) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183778C)
[Address] EAT @iexplore.exe (GetThemeTransitionDuration) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E1A1)
[Address] EAT @iexplore.exe (GetWindowTheme) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183535B)
[Address] EAT @iexplore.exe (HitTestThemeBackground) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71832DC1)
[Address] EAT @iexplore.exe (IsAppThemed) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837009)
[Address] EAT @iexplore.exe (IsCompositionActive) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718265DF)
[Address] EAT @iexplore.exe (IsThemeActive) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71836F36)
[Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182281C)
[Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CB3F)
[Address] EAT @iexplore.exe (IsThemePartDefined) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718230CF)
[Address] EAT @iexplore.exe (OpenThemeData) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71825F29)
[Address] EAT @iexplore.exe (OpenThemeDataEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718306FE)
[Address] EAT @iexplore.exe (SetThemeAppProperties) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CCEC)
[Address] EAT @iexplore.exe (SetWindowTheme) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837AFC)
[Address] EAT @iexplore.exe (SetWindowThemeAttribute) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71829E39)
[Address] EAT @iexplore.exe (ThemeInitApiHook) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71824571)
[Address] EAT @iexplore.exe (UpdatePanningFeedback) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718475ED)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1600BEKT-08PVMT1 +++++
--- User ---
[MBR] 2b3e75cade1d0b4ecd8d1dc108f0a7ff
[BSP] 690a7c17ddc09714d5cee3f12f1c9dad : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB
Error reading LL1 MBR! ([0x1] Incorrect function. )
User != LL2 ... KO!
--- LL2 ---
[MBR] bba47f050e4e5b3420cf305212aa0feb
[BSP] af9eb0b34d8dbf75e1d170dae7bf74e8 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB

Finished : << RKreport[0]_D_04172014_054341.txt >>
RKreport[0]_S_04162014_130250.txt;RKreport[0]_S_04172014_054333.txt


  • 0

#20
t5403cg

t5403cg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

OTL Log:

 

OTL logfile created on: 4/17/2014 6:09:23 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\t5403cg\Desktop\Maleware
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.89 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 54.90% Memory free
7.77 Gb Paging File | 6.06 Gb Available in Paging File | 78.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 90.71 Gb Free Space | 60.86% Space Free | Partition Type: NTFS
 
Computer Name: CID-TDENZL403CG | User Name: T5403CG | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/16 07:22:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\t5403cg\Desktop\Maleware\OTL.exe
PRC - [2014/03/07 00:44:22 | 010,311,968 | ---- | M] (Tanium Inc.) -- C:\Program Files (x86)\Tanium\Tanium Client\TaniumClient.exe
PRC - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/12/18 12:14:27 | 000,642,816 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2011/09/12 13:16:02 | 000,108,456 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/09/12 13:15:58 | 000,115,624 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/09/12 13:15:44 | 001,839,888 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011/09/12 13:15:36 | 000,050,592 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2011/09/06 08:49:57 | 001,375,064 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Altiris\Altiris Agent\AeXNSAgent.exe
PRC - [2011/09/06 08:49:19 | 000,214,872 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Altiris\Altiris Agent\AeXAgentUIHost.exe
PRC - [2011/07/21 16:02:00 | 000,288,096 | ---- | M] (Lumension Security, Inc.) -- C:\Program Files (x86)\Lumension\Patch Agent\NotificationManager.exe
PRC - [2011/07/21 16:01:14 | 000,095,584 | ---- | M] (Lumension Security, Inc.) -- C:\Program Files (x86)\Lumension\Patch Agent\GravitixService.exe
PRC - [2011/04/28 23:46:34 | 003,411,968 | ---- | M] (IBM) -- C:\Notes\nsd.exe
PRC - [2011/01/06 11:57:26 | 000,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2011/01/06 11:56:06 | 001,104,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2010/07/25 14:33:30 | 002,184,264 | ---- | M] (Winmagic Inc.) -- C:\Program Files (x86)\WinMagic\SecureDoc-NT\SDPin.exe
PRC - [2010/07/25 14:33:30 | 000,693,320 | ---- | M] (WinMagic Inc.) -- C:\Program Files (x86)\WinMagic\SecureDoc-NT\SDService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/23 11:59:24 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
MOD - [2013/10/23 11:59:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/23 11:59:05 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
MOD - [2013/10/23 11:58:56 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/23 11:58:51 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/08/19 07:14:07 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/19 07:13:45 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/19 07:13:37 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/15 08:59:51 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/12 14:21:49 | 000,091,488 | ---- | M] () -- C:\Windows\assembly\GAC_32\Agent.ProtVista\7.0.0.551__dadec3a2d57dc0c0\Agent.ProtVista.dll
MOD - [2011/07/21 16:01:54 | 000,091,488 | ---- | M] () -- C:\Program Files (x86)\Lumension\Patch Agent\Content.Common.dll
MOD - [2010/12/07 15:14:36 | 000,297,520 | ---- | M] () -- C:\Program Files\Manufacturer\Endpoint Agent\prntm.dll
MOD - [2010/12/07 15:14:34 | 000,297,008 | ---- | M] () -- C:\Program Files\Manufacturer\Endpoint Agent\iexpm.dll
MOD - [2010/07/25 14:33:28 | 000,018,504 | ---- | M] () -- C:\Windows\SysWOW64\SDXML.dll
MOD - [2010/07/25 14:33:26 | 000,051,784 | ---- | M] () -- C:\Windows\SysWOW64\SDMigrate.dll
MOD - [2010/07/25 14:33:24 | 000,536,136 | ---- | M] () -- C:\Windows\SysWOW64\sdck.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/10/24 07:19:16 | 000,543,016 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\Windows\SysNative\ngvpnmgr.exe -- (NgVpnMgr)
SRV:64bit: - [2013/07/15 07:18:23 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/07/12 14:18:13 | 000,350,024 | ---- | M] (Lumension Security, Inc.) [Auto | Running] -- C:\Program Files\Lumension\LEMSSAgent\LMAgent.exe -- (LEMSS Agent)
SRV:64bit: - [2013/03/06 17:32:12 | 001,598,976 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\enstart64.exe -- (enstart64)
SRV:64bit: - [2012/04/05 19:48:54 | 000,158,208 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc2.exe -- (Samsung UPD Service2)
SRV:64bit: - [2010/12/07 15:14:00 | 000,302,128 | ---- | M] () [Auto | Running] -- C:\Program Files\Manufacturer\Endpoint Agent\wdp.exe -- (WDP)
SRV:64bit: - [2010/12/07 15:13:58 | 000,346,160 | ---- | M] () [Auto | Running] -- C:\Program Files\Manufacturer\Endpoint Agent\edpa.exe -- (EDPA)
SRV:64bit: - [2010/11/12 01:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/03/07 00:44:22 | 010,311,968 | ---- | M] (Tanium Inc.) [Auto | Running] -- C:\Program Files (x86)\Tanium\Tanium Client\TaniumClient.exe -- (Tanium Client)
SRV - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2013/04/10 08:13:51 | 000,013,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\900\g2aservice.exe -- (GoToAssist)
SRV - [2013/03/08 21:38:05 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/11/25 06:13:12 | 000,821,720 | ---- | M] (Mister Group) [On_Demand | Stopped] -- C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe -- (SystemExplorerHelpService)
SRV - [2011/09/12 13:16:02 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/09/12 13:16:02 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/09/12 13:15:50 | 000,428,960 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2011/09/12 13:15:48 | 003,250,416 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/09/12 13:15:44 | 001,839,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2011/09/06 09:08:01 | 000,620,376 | ---- | M] (Altiris, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe -- (AltirisAgentProvider)
SRV - [2011/09/06 08:49:57 | 001,375,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient)
SRV - [2011/07/21 16:01:14 | 000,095,584 | ---- | M] (Lumension Security, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Lumension\Patch Agent\GravitixService.exe -- (Patch Agent)
SRV - [2011/04/28 23:46:34 | 003,411,968 | ---- | M] (IBM) [Auto | Running] -- C:\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2011/04/08 11:00:16 | 000,236,392 | ---- | M] () [On_Demand | Stopped] -- c:\Program Files (x86)\Altiris\Altiris Agent\Agents\Deployment\Agent\ConfigService.exe -- (ConfigService)
SRV - [2011/01/20 00:55:06 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2011/01/06 11:56:06 | 001,104,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2010/07/25 14:33:30 | 000,693,320 | ---- | M] (WinMagic Inc.) [Auto | Running] -- C:\Program Files (x86)\WinMagic\SecureDoc-NT\SDService.exe -- (WinMagic SecureDoc Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/10/24 00:59:08 | 000,103,496 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ngvpn.sys -- (NgVpn)
DRV:64bit: - [2013/10/24 00:59:08 | 000,031,304 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nglog.sys -- (NgLog)
DRV:64bit: - [2013/10/24 00:59:08 | 000,028,744 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ngwfp.sys -- (NgWfp)
DRV:64bit: - [2013/10/24 00:59:08 | 000,026,184 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ngfilter.sys -- (NgFilter)
DRV:64bit: - [2013/09/10 16:40:10 | 000,173,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/07/12 14:17:53 | 000,084,080 | ---- | M] (Lumension Security, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eps.sys -- (EPS)
DRV:64bit: - [2013/03/20 14:15:21 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/03/06 23:29:00 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2013/03/06 17:32:12 | 000,075,392 | ---- | M] (Guidance Software Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\enstart64_.sys -- (enstart64_)
DRV:64bit: - [2011/09/12 13:16:10 | 000,054,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2011/09/12 13:16:04 | 000,482,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2011/09/12 13:16:04 | 000,453,240 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/09/12 13:16:04 | 000,032,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/09/12 13:15:52 | 000,064,152 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2010/12/20 16:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/20 08:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/12/18 16:57:34 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/12/18 16:57:32 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/12/16 00:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/15 19:56:06 | 001,402,416 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/14 19:12:00 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2010/12/07 15:14:28 | 000,027,184 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtam.sys -- (vrtam)
DRV:64bit: - [2010/12/07 15:14:26 | 000,058,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdifd11.sys -- (tdifd11)
DRV:64bit: - [2010/12/07 15:14:24 | 000,065,072 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\vfsmfd.sys -- (vfsmfd)
DRV:64bit: - [2010/12/07 15:14:24 | 000,055,344 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SFsCtrx.sys -- (SFsCtrx)
DRV:64bit: - [2010/12/03 13:56:26 | 000,167,680 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010/11/22 22:50:12 | 001,567,360 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/12 01:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010/11/05 06:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/18 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 07:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/20 18:36:28 | 000,114,688 | ---- | M] (WinMagic Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SDDToki.sys -- (SDDToki)
DRV:64bit: - [2010/01/20 13:19:22 | 000,139,776 | ---- | M] (WinMagic Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SDDisk2K.sys -- (SDDisk2K)
DRV:64bit: - [2009/09/28 13:54:00 | 000,021,504 | ---- | M] (WinMagic, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PinFile.sys -- (PinFile)
DRV:64bit: - [2009/09/25 17:59:14 | 000,070,656 | ---- | M] (WinMagic Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SDDVD.sys -- (SDDVD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/05 16:04:26 | 000,020,992 | ---- | M] (WinMagic Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SDUPC.sys -- (SDUPC)
DRV - [2013/11/21 08:06:18 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/11/21 08:06:18 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/29 07:44:15 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20140415.025\ex64.sys -- (NAVEX15)
DRV - [2013/08/29 07:44:14 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20140415.025\eng64.sys -- (NAVENG)
DRV - [2011/09/12 13:16:04 | 000,482,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2011/09/12 13:16:04 | 000,453,240 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2011/09/12 13:16:04 | 000,032,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2010/11/29 17:46:32 | 000,084,080 | ---- | M] (Lumension Security, Inc.) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\eps.sys -- (EPS)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = nyproxy:80
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = nyproxy:80
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet.newyorklife.com/
IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = njproxy:80
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\t5403cg\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
 
 
[2014/04/15 19:13:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
 
O1 HOSTS File: ([2014/04/16 12:46:31 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\Snagit 9\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3:64bit: - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AeXAgentLogon] C:\Program Files (x86)\Altiris\Altiris Agent\AeXAgentActivate.exe (Symantec Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IBM Lotus Notes Preloader] C:\Notes\nntspreld.exe (IBM Corp)
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [StartSecurDoc] C:\Program Files (x86)\WinMagic\SecureDoc-NT\SDPin.exe (Winmagic Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 2 = Scheduled Tasks
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 3 = Users and Passwords
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConnectHomeDirToRoot = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files (x86)\Altova\XMLSpy2013\spy.htm ()
O9:64bit: - Extra 'Tools' menuitem : Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files (x86)\Altova\XMLSpy2013\spy.htm ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program FilesPersonal\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program FilesPersonal\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program FilesPersonal\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files (x86)\Altova\XMLSpy2013\spy.htm ()
O9 - Extra 'Tools' menuitem : Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files (x86)\Altova\XMLSpy2013\spy.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {A6CA29DD-AD4A-4891-A8CC-C2B88741CF4A} http://onlinebudget..../CPMActiveX.CAB (CPMActiveX.CBWX)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://newyorklife....ng/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hq.nt.newyorklife.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CCA90B7-B2F9-414C-8CC0-1BFDB1BDA465}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D47835FD-A7B7-426A-9496-7159A0B45C08}: Domain = newyorklife.com
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (AMINIT64.DLL) - C:\Windows\SysNative\AMInit64.dll (Altiris, Inc.)
O20 - AppInit_DLLs: (aminit32.dll) - C:\Windows\SysWow64\Aminit32.dll (Altiris, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\900\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\900\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/17 05:46:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2014/04/16 13:27:49 | 000,000,000 | ---D | C] -- C:\Users\t5403cg\Documents\ProcAlyzer Dumps
[2014/04/16 12:56:59 | 000,000,000 | ---D | C] -- C:\Users\t5403cg\Desktop\RK_Quarantine
[2014/04/16 12:56:33 | 000,000,000 | ---D | C] -- C:\Users\t5403cg\AppData\Roaming\smkits
[2014/04/16 12:44:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/16 10:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemExplorer
[2014/04/16 10:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
[2014/04/16 10:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System Explorer
[2014/04/16 09:48:25 | 000,000,000 | ---D | C] -- C:\Users\t5403cg\AppData\Local\CrashDumps
[2014/04/15 15:22:14 | 000,000,000 | ---D | C] -- C:\Users\t5403cg\AppData\Local\NPE
[2014/04/15 15:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2014/04/15 12:19:37 | 000,000,000 | ---D | C] -- C:\Users\t5403cg\Desktop\rkill
[2014/04/15 07:51:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2014/04/15 06:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/04/15 06:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/04/14 11:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Grep
[2014/04/14 11:51:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Grep
[2014/04/14 11:20:36 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/04/14 10:14:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/04/14 10:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/04/14 10:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/04/14 09:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/04/14 09:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/04/14 07:13:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/13 10:59:18 | 000,000,000 | ---D | C] -- C:\Users\t5403cg\Desktop\Maleware
[2014/04/02 07:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
[2014/04/02 06:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/04/02 06:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/03/31 06:38:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[22 C:\Users\t5403cg\Documents\*.tmp files -> C:\Users\t5403cg\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/17 05:58:48 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/17 05:58:48 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/17 05:52:11 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/17 05:49:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/17 05:49:04 | 3129,397,248 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/17 05:45:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/16 15:44:07 | 000,639,391 | ---- | M] () -- C:\Users\t5403cg\Documents\Re_ Response Required_ Action Required - Oracle Java 7 Update 5 on SOLARIS Servers -Model Servers have been upgraded.pdf
[2014/04/16 13:30:11 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2014/04/16 12:46:31 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/04/16 12:44:34 | 006,131,177 | ---- | M] () -- C:\Users\t5403cg\Documents\documentation for vendor mgt (ALERTS conversion) .eml
[2014/04/16 12:44:33 | 001,091,415 | ---- | M] () -- C:\Users\t5403cg\Documents\Untitled.eml
[2014/04/16 10:26:35 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\System Explorer.lnk
[2014/04/15 15:26:35 | 000,006,591 | ---- | M] () -- C:\Users\t5403cg\Documents\test2.csv
[2014/04/15 15:24:12 | 000,000,075 | ---- | M] () -- C:\Windows\SysNative\dpmo.qnz
[2014/04/15 15:17:11 | 000,000,233 | ---- | M] () -- C:\Users\t5403cg\Documents\test.csv
[2014/04/14 10:22:18 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/04/14 10:22:18 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/12 12:14:34 | 000,001,484 | ---- | M] () -- C:\Users\t5403cg\Desktop\KL-Station.url
[2014/04/11 11:12:22 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/03 09:12:09 | 000,782,500 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/03 09:12:09 | 000,662,632 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/03 09:12:09 | 000,122,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/25 20:19:50 | 000,000,000 | ---- | M] () -- C:\t14s.2
[2014/03/25 20:19:50 | 000,000,000 | ---- | M] () -- C:\t14s.1
[2014/03/19 19:27:22 | 000,000,600 | ---- | M] () -- C:\Users\t5403cg\AppData\Roaming\winscp.rnd
[22 C:\Users\t5403cg\Documents\*.tmp files -> C:\Users\t5403cg\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/16 15:43:59 | 000,639,391 | ---- | C] () -- C:\Users\t5403cg\Documents\Re_ Response Required_ Action Required - Oracle Java 7 Update 5 on SOLARIS Servers -Model Servers have been upgraded.pdf
[2014/04/16 13:30:09 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014/04/16 10:26:35 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\System Explorer.lnk
[2014/04/15 15:26:35 | 000,006,591 | ---- | C] () -- C:\Users\t5403cg\Documents\test2.csv
[2014/04/15 15:17:11 | 000,000,233 | ---- | C] () -- C:\Users\t5403cg\Documents\test.csv
[2014/03/25 20:19:50 | 000,000,000 | ---- | C] () -- C:\t14s.2
[2014/03/25 20:19:50 | 000,000,000 | ---- | C] () -- C:\t14s.1
[2013/12/09 17:53:25 | 000,000,600 | ---- | C] () -- C:\Users\t5403cg\AppData\Roaming\winscp.rnd
[2013/11/25 19:50:26 | 000,000,298 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/10/24 07:22:54 | 000,234,792 | ---- | C] () -- C:\Windows\ngmsi.dll
[2013/10/24 07:21:24 | 000,020,776 | ---- | C] () -- C:\Windows\ngutil.exe
[2013/09/13 08:53:39 | 000,000,262 | ---- | C] () -- C:\Users\t5403cg\.serena.vm.applet.config
[2013/06/25 13:45:46 | 002,052,904 | R--- | C] () -- C:\Windows\SysWow64\XmlSpyLib.dll
[2013/05/13 07:42:49 | 000,000,600 | ---- | C] () -- C:\Users\t5403cg\AppData\Local\PUTTY.RND
[2013/04/10 08:13:46 | 000,103,832 | ---- | C] () -- C:\Users\t5403cg\GoToAssistDownloadHelper.exe
[2013/03/23 14:41:31 | 001,558,432 | ---- | C] () -- C:\Windows\TotalUninstaller.exe
[2013/03/20 14:13:25 | 000,051,328 | RHS- | C] () -- C:\Users\t5403cg\ntuser.pol
[2013/03/08 11:50:22 | 000,000,510 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/03/06 19:43:36 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2013/03/06 19:43:34 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2013/03/06 19:43:32 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2013/03/06 19:43:28 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2013/03/06 17:28:59 | 000,776,716 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/06 16:56:58 | 000,005,750 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/07 03:22:18 | 014,172,672 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/07 03:22:18 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/07 03:22:18 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 23:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 23:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/11/16 13:24:34 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2013/03/20 14:15:55 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/08/19 07:26:50 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/08/19 07:26:50 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2014/04/15 15:37:10 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 23:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 23:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2013/03/07 03:10:54 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 23:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010/11/20 23:23:54 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2013/03/07 03:11:29 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/11/20 23:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/11/16 13:24:34 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 23:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2014/04/15 15:37:10 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 23:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/11/16 13:24:34 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 23:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 23:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 23:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 23:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 23:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 23:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2010/11/20 23:24:01 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 23:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 23:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/07/15 07:18:23 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 23:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 23:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 23:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 23:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 23:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2010/11/20 23:24:25 | 002,420,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 23:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 23:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is B432-3C79
 Directory of C:\
07/14/2009  01:08 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/14/2009  01:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  01:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  01:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  01:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  01:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  01:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/14/2009  01:08 AM    <SYMLINKD>     All Users [C:\ProgramData]
07/14/2009  01:08 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/14/2009  01:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  01:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  01:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  01:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  01:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  01:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/14/2009  01:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009  01:08 AM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009  01:08 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/14/2009  01:08 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/14/2009  01:08 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009  01:08 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009  01:08 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009  01:08 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009  01:08 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009  01:08 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/14/2009  01:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/14/2009  01:08 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009  01:08 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/14/2009  01:08 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/14/2009  01:08 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/14/2009  01:08 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/14/2009  01:08 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/14/2009  01:08 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/14/2009  01:08 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\smeclnt
03/06/2013  04:57 PM    <JUNCTION>     Application Data [C:\Users\smeclnt\AppData\Roaming]
03/06/2013  04:57 PM    <JUNCTION>     Cookies [C:\Users\smeclnt\AppData\Roaming\Microsoft\Windows\Cookies]
03/06/2013  04:57 PM    <JUNCTION>     Local Settings [C:\Users\smeclnt\AppData\Local]
03/06/2013  04:57 PM    <JUNCTION>     My Documents [C:\Users\smeclnt\Documents]
03/06/2013  04:57 PM    <JUNCTION>     NetHood [C:\Users\smeclnt\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/06/2013  04:57 PM    <JUNCTION>     PrintHood [C:\Users\smeclnt\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/06/2013  04:57 PM    <JUNCTION>     Recent [C:\Users\smeclnt\AppData\Roaming\Microsoft\Windows\Recent]
03/06/2013  04:57 PM    <JUNCTION>     SendTo [C:\Users\smeclnt\AppData\Roaming\Microsoft\Windows\SendTo]
03/06/2013  04:57 PM    <JUNCTION>     Start Menu [C:\Users\smeclnt\AppData\Roaming\Microsoft\Windows\Start Menu]
03/06/2013  04:57 PM    <JUNCTION>     Templates [C:\Users\smeclnt\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\smeclnt\AppData\Local
03/06/2013  04:57 PM    <JUNCTION>     Application Data [C:\Users\smeclnt\AppData\Local]
03/06/2013  04:57 PM    <JUNCTION>     History [C:\Users\smeclnt\AppData\Local\Microsoft\Windows\History]
03/06/2013  04:57 PM    <JUNCTION>     Temporary Internet Files [C:\Users\smeclnt\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\smeclnt\Documents
03/06/2013  04:57 PM    <JUNCTION>     My Music [C:\Users\smeclnt\Music]
03/06/2013  04:57 PM    <JUNCTION>     My Pictures [C:\Users\smeclnt\Pictures]
03/06/2013  04:57 PM    <JUNCTION>     My Videos [C:\Users\smeclnt\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\t5403cg
03/20/2013  02:12 PM    <JUNCTION>     Application Data [C:\Users\t5403cg\AppData\Roaming]
03/20/2013  02:12 PM    <JUNCTION>     Cookies [C:\Users\t5403cg\AppData\Roaming\Microsoft\Windows\Cookies]
03/20/2013  02:12 PM    <JUNCTION>     Local Settings [C:\Users\t5403cg\AppData\Local]
03/20/2013  02:12 PM    <JUNCTION>     My Documents [C:\Users\t5403cg\Documents]
03/20/2013  02:12 PM    <JUNCTION>     NetHood [C:\Users\t5403cg\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/20/2013  02:12 PM    <JUNCTION>     PrintHood [C:\Users\t5403cg\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/20/2013  02:12 PM    <JUNCTION>     Recent [C:\Users\t5403cg\AppData\Roaming\Microsoft\Windows\Recent]
03/20/2013  02:12 PM    <JUNCTION>     SendTo [C:\Users\t5403cg\AppData\Roaming\Microsoft\Windows\SendTo]
03/20/2013  02:12 PM    <JUNCTION>     Start Menu [C:\Users\t5403cg\AppData\Roaming\Microsoft\Windows\Start Menu]
03/20/2013  02:12 PM    <JUNCTION>     Templates [C:\Users\t5403cg\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\t5403cg\AppData\Local
03/20/2013  02:12 PM    <JUNCTION>     Application Data [C:\Users\t5403cg\AppData\Local]
03/20/2013  02:12 PM    <JUNCTION>     History [C:\Users\t5403cg\AppData\Local\Microsoft\Windows\History]
03/20/2013  02:12 PM    <JUNCTION>     Temporary Internet Files [C:\Users\t5403cg\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\t5403cg\Documents
03/20/2013  02:12 PM    <JUNCTION>     My Music [C:\Users\t5403cg\Music]
03/20/2013  02:12 PM    <JUNCTION>     My Pictures [C:\Users\t5403cg\Pictures]
03/20/2013  02:12 PM    <JUNCTION>     My Videos [C:\Users\t5403cg\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\WINDIST
03/20/2013  03:35 PM    <JUNCTION>     Application Data [C:\Users\WINDIST\AppData\Roaming]
03/20/2013  03:35 PM    <JUNCTION>     Cookies [C:\Users\WINDIST\AppData\Roaming\Microsoft\Windows\Cookies]
03/20/2013  03:35 PM    <JUNCTION>     Local Settings [C:\Users\WINDIST\AppData\Local]
03/20/2013  03:35 PM    <JUNCTION>     My Documents [C:\Users\WINDIST\Documents]
03/20/2013  03:35 PM    <JUNCTION>     NetHood [C:\Users\WINDIST\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/20/2013  03:35 PM    <JUNCTION>     PrintHood [C:\Users\WINDIST\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/20/2013  03:35 PM    <JUNCTION>     Recent [C:\Users\WINDIST\AppData\Roaming\Microsoft\Windows\Recent]
03/20/2013  03:35 PM    <JUNCTION>     SendTo [C:\Users\WINDIST\AppData\Roaming\Microsoft\Windows\SendTo]
03/20/2013  03:35 PM    <JUNCTION>     Start Menu [C:\Users\WINDIST\AppData\Roaming\Microsoft\Windows\Start Menu]
03/20/2013  03:35 PM    <JUNCTION>     Templates [C:\Users\WINDIST\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\WINDIST\AppData\Local
03/20/2013  03:35 PM    <JUNCTION>     Application Data [C:\Users\WINDIST\AppData\Local]
03/20/2013  03:35 PM    <JUNCTION>     History [C:\Users\WINDIST\AppData\Local\Microsoft\Windows\History]
03/20/2013  03:35 PM    <JUNCTION>     Temporary Internet Files [C:\Users\WINDIST\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\WINDIST\Documents
03/20/2013  03:35 PM    <JUNCTION>     My Music [C:\Users\WINDIST\Music]
03/20/2013  03:35 PM    <JUNCTION>     My Pictures [C:\Users\WINDIST\Pictures]
03/20/2013  03:35 PM    <JUNCTION>     My Videos [C:\Users\WINDIST\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              82 Dir(s)  97,172,336,640 bytes free
 
< MD5 for: EXPLORER.EXE  >
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: SERVICES  >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2011/04/12 03:44:43 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 03:44:43 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.EXSD  >
[2013/03/06 17:10:03 | 000,005,504 | ---- | M] () MD5=29D4E14DEA85C98938AEB04E25FFDB15 -- C:\Notes\framework\shared\eclipse\plugins\com.ibm.collaboration.realtime.core_8.0.2.20100802-0849\schema\services.exsd
[2013/03/06 17:09:56 | 000,009,228 | ---- | M] () MD5=3E11E39EF022CF627D45877E2164168B -- C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.eclipse.source_6.2.2.20100710-0200\org.eclipse.ui_3.4.2.M20090204-0800\schema\services.exsd
 
< MD5 for: SERVICES.JS  >
[2013/03/06 17:10:04 | 000,002,937 | ---- | M] () MD5=372EB6C70976BA31E0CE3B6F9BE58320 -- C:\Notes\framework\shared\eclipse\plugins\com.ibm.collaboration.realtime.webapi_8.0.2.20100802-0849\services.js
[2013/03/06 17:11:29 | 000,002,937 | ---- | M] () MD5=372EB6C70976BA31E0CE3B6F9BE58320 -- C:\Notes\framework\shared\eclipse\plugins\com.ibm.collaboration.realtime.webapi_8.0.2.20110107-2231\services.js
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2011/04/12 03:44:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 03:44:44 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 03:44:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 03:44:44 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.ZIP  >
[2012/07/07 23:31:41 | 000,876,996 | ---- | M] () MD5=CAC0A919FE55CAAFFAC56BAEFC037444 -- C:\Users\Public\Desktop\CC Support\Tools\ServicesRepair\Temp\Services.zip
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 478 bytes -> C:\Users\t5403cg\Documents\Untitled.eml:OECustomProperty
@Alternate Data Stream - 1406 bytes -> C:\Users\t5403cg\Documents\documentation for vendor mgt (ALERTS conversion) .eml:OECustomProperty

< End of report >


  • 0

#21
t5403cg

t5403cg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

No Extras Log was created


  • 0

#22
t5403cg

t5403cg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

BTW....since yesterday.....all of the side affects of the virus have been removed from the system.....so far, so good....!


  • 0

#23
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

BTW....since yesterday.....all of the side affects of the virus have been removed from the system.....so far, so good....!


Awesome. Let's remove all the remnants now. :thumbsup:
  • Step 1

    If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.

      cF4ib.png

    • Copy and paste the following into the Custom Scans/Fixes box:
      :Commands
      [CREATERESTOREPOINT]
      
      :OTL
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = nyproxy:80
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = nyproxy:80
      IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = njproxy:80
      [2014/04/02 06:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
      @Alternate Data Stream - 478 bytes -> C:\Users\t5403cg\Documents\Untitled.eml:OECustomProperty
      @Alternate Data Stream - 1406 bytes -> C:\Users\t5403cg\Documents\documentation for vendor mgt (ALERTS conversion) .eml:OECustomProperty
      
      :Files
      C:\Windows\System32\sysprep\cryptbase.dll
      
      :Commands
      [emptytemp]
      
    • Click Run Fix.
    • OTL will reboot your system. Allow it by clicking OK.
    • After the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Download 'aswMBR by avast!' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Once prompted to download the database, click No.
    • Choose None for the AV Scan option.
    • Press Scan. Once done, click Save Log and choose your desktop.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Run a free 'ESET Online Scan by ESET' by firstly saving the file to your desktop.
    • Double-click esetsmartinstaller_enu.exe. Accept the Terms of Use then click on Start.
    • Ensure the following settings are followed before clicking Start (you may or may not see the software warning at the very bottom):

      9C5bx.png

    • The virus signature database will begin to download. Wait for the scan to end--it may take several hours.
    • Upon completion, use Notepad to open and save C:\Program Files\ESET\EsetOnlineScanner\log.txt to your desktop.
    • Select Uninstall application on close and click Finish.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 4

    Download 'SecurityCheck by screen317' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up after once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • MMDDYYYY_HHMMSS.log (OTL)
    • aswMBR.txt (aswMBR)
    • log.txt (ESET Online Scan)
    • checkup.txt (SecurityCheck)

  • 0

#24
t5403cg

t5403cg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

can't get to the security check software download...404 error


  • 0

#25
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Yikes. Try this link please. :)
  • 0

Advertisements


#26
t5403cg

t5403cg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

OTL Log:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKEY_USERS\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\ProgramData\HitmanPro folder moved successfully.
ADS C:\Users\t5403cg\Documents\Untitled.eml:OECustomProperty deleted successfully.
ADS C:\Users\t5403cg\Documents\documentation for vendor mgt (ALERTS conversion) .eml:OECustomProperty deleted successfully.
========== FILES ==========
File\Folder C:\Windows\System32\sysprep\cryptbase.dll not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: smeclnt
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: t5403cg
->Temp folder emptied: 7902871 bytes
->Temporary Internet Files folder emptied: 260443388 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3519 bytes
 
User: WINDIST
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2335 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 4009167 bytes
 
Total Files Cleaned = 260.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04172014_133324

Files\Folders moved on Reboot...
C:\Users\t5403cg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\etilqs_kv0RfHZtQH7jlEKhPJY5 not found!
File\Folder C:\Windows\temp\etilqs_kv0RfHZtQH7jlEKhPJY5-journal not found!
File\Folder C:\Windows\temp\nsd_tmp_2140.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


  • 0

#27
t5403cg

t5403cg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

BTW....

 

C:\Windows\System32\sysprep\cryptbase.dll not found ----- is NOT true...file still exists on the system


  • 0

#28
t5403cg

t5403cg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

ASW Log:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-17 13:48:12
-----------------------------
13:48:12.747    OS Version: Windows x64 6.1.7601 Service Pack 1
13:48:12.747    Number of processors: 4 586 0x2A07
13:48:12.762    ComputerName: CID-TDENZL403CG  UserName: t5403cg
13:48:13.931    Initialize success
13:48:26.581    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:48:26.581    Disk 0 Vendor: WDC_WD16 02.0 Size: 152627MB BusType: 3
13:48:26.612    Disk 0 MBR read successfully
13:48:26.612    Disk 0 MBR scan
13:48:26.612    Disk 0 Windows 7 default MBR code found via API
13:48:26.612    Disk 0 unknown MBR code
13:48:26.612    Disk 0 MBR hidden
13:48:26.628    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS            152625 MB offset 2048
13:48:26.628    Disk 0 MBR [possible unknown [email protected]]  **ROOTKIT**
13:48:26.628    Scan finished successfully
13:50:00.713    Disk 0 MBR has been saved successfully to "C:\Users\t5403cg\Desktop\Maleware\MBR.dat"
13:50:00.713    The log file has been saved successfully to "C:\Users\t5403cg\Desktop\Maleware\aswMBR.txt"
 


  • 0

#29
t5403cg

t5403cg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Log from ESet:

 

C:\AdwCleaner\Quarantine\C\ProgramData\Websteroids\Websteroids.exe.vir a variant of MSIL/Adware.PullUpdate.D application cleaned by deleting - quarantined
C:\Program Files (x86)\RegistryNuke 2014\RegistryNuke.exe probably a variant of Win32/RegistryNuke application cleaned by deleting - quarantined
C:\Users\t5403cg\AppData\Local\Google\Chrome\User Data\Default\Users\agipggolfbmkpbealnlhmehnhfbiimon\background.js Win32/TrojanDownloader.Tracur.AI trojan cleaned by deleting - quarantined
C:\Users\t5403cg\AppData\Local\Google\Chrome\User Data\Default\Users\agipggolfbmkpbealnlhmehnhfbiimon\cs.js Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\Users\t5403cg\Desktop\Maleware\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\t5403cg\Desktop\Maleware\RN_ErrorsFix_Setup.exe probably a variant of Win32/RegistryNuke application cleaned by deleting - quarantined
 


Edited by t5403cg, 17 April 2014 - 03:27 PM.

  • 0

#30
t5403cg

t5403cg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Security Check Log:

 

 Results of screen317's Security Check version 0.99.81 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Symantec Endpoint Protection  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 (NYL) Altova XMLSpy® 2013 rel. 2 sp2 Professional Edition
 Malwarebytes Anti-Malware version 1.75.0.1300 
 (NYL) Java™ 6 Update 24
 Java version out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Google Chrome 33.0.1750.154 
 Google Chrome 34.0.1847.116 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 t5403cg Desktop Maleware SecurityCheck.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP