Jump to content

mjs99

Honorary Members
 View Profile  See their activity

  • Posts

    28

  • Joined

  • Last visited

Reputation

0 Neutral
  1. mjs99
    Yes, the commonly used standard user gets no redirects now. Thanks!
  2. mjs99
    So I rebooted the (formerly?) infected machine and logged in as the commonly used standard user. I tested IE some more. Got no redirects. Then I turned on some of the stuff I had turned off while fighting this problem. In the Internet Options, I: moved the Internet zone back to Medium High security, restored the contents of the local Intranet zone, added Google as a Search Provider, and enabled the Flash Player and the Java plug-in. Then I tested IE some more. Still got no redirects!
  3. mjs99
    So I logged out as administrator, and logged in as the commonly used standard user (to test). I got the usual complaint about izcusmu.dll and two new complaints. One is of the same form as the izcusmu.dll complaint, but instead complaining about C:\Users\Chris\AppData\Local\Diagnostics\CrashDumps\vygmf.dll The other one was a slide-in at the lower right corner of the screen, from Norton Internet Security telling me that Auto-Protect was working on Trojan.Tracur!gen3. The slide-in disappeared while I logged into another machine to start typing this post. Back on the infected machine, I looked in Norton's history and saw that it claims to have taken two actions about that trojan; only one is mentioned, which is removal. Back on the infected machine, logged in as the standard user, I tested. I tested IE and FireFox. I searched at Google, Bing, and Ask. In all six cases, I got no redirect!
  4. mjs99
    Also, do not forget post #2 of this thread (http://forums.malwarebytes.org/index.php?showtopic=115687&view=findpost&p=596133). it may be a useful clue. That complaint only happens when I log in as the commonly used standard user; it does not happen when I log in as the rarely used standard user nor the administrator.
  5. mjs99
    That was done while logged in as the administrator. Seeing some complaints, I fixed them. Now here is what SecurityCheck has to say: Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 Adobe Flash Player 11.4.402.278 Adobe Reader X (10.1.4) Mozilla Firefox (15.0.1) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  6. mjs99
    Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 Java 6 Update 29 Java version out of Date! Adobe Flash Player 11.2.202.235 Flash Player out of Date! Adobe Reader X (10.1.4) Mozilla Firefox (15.0.1) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  7. mjs99
    Then I rebooted and logged in as the administrator, and did two things. I created a second standard user, and I downloaded and installed FireFox. Then I logged out and logged in as the new standard user. I launched IE, and accepted all the configuration suggestions. I tested, and was NOT redirected. Then I rebooted and logged in as the old standard user. I launched FireFox, and did some testing. There were NO redirects. But IE is still suffering redirects.
  8. mjs99
    So I tried the suggested Reset of IE, while logged in as the standard user. That did not fix the problem, still getting redirected. Then I closed IE and opened Internet Options and stipped it down again: disabled all the toolbars and extensions, removed all the Accelerators, removed all the Search Providers except Bing, disabled Bing suggestions and "search in the address bar". On the Security tab, set the Internet zone to High and configured the local intranet zone to be empty; verified that there are no Trusted sites. Checked that no proxy is configured in the LAN settings. Approved out of Internet Options. Launched IE, went to dcwg.org and verified that DNS Changer is not present. Tested again, with search at Google. Still getting redirected. In a Command window, used `nslookup` to investigate the DNS names involved in the test (www.google.com and the first site that appeared in my search results). Compared results of `nslookup` on infected machine with results of `nslookup` on other machines at home and at work (in two states). Both domains involved in the test seem to be using big CDNs, so it is a bit tough to be sure, but it looks like I am getting legitimate IP addresses from lookups of the legitimate domain names involved.
  9. mjs99
    If you followed my out-of-order postings correctly, you know that, when I last posted, I was logged in as the administrtor. After reading your latest suggestion (which I read on a different machine, with IE closed on the machine with the problem), I went to the problem machine and logged out, then logged in as the standard user. Before doing anything else, I opened the control panel and looked at my IE Search Provider settings. There is only one Search Provider, and it is Google. The "search in the address bar" checkbox is cleared. (Earlier I had deleted the other providers and cleared that checkbox, on my own initiative.) Just to be sure, I tested again --- watching the address bar carefully. I launched IE (home page is blank). Typed "www.google.com" in the address bar, it autocompleted with a final slash, I hit return, and it went to Google (according to address bar and appearance). I typed in a search in the Google web form (not address bar), hit return. Got decent looking results, with URL in address bar at the www.google.com domain. Clicked on a legitimate-looking result. Got reirected elsewhere. :-(
  10. mjs99
    BTW, after the redirect and while still logged in as the standard user, I looked again for the email attachments that were deleted by ESET; they were still gone.
  11. mjs99
    While still logged in as administrator, I copied the reports from ESET and AVPTool to the public documents folder. Then I logged out as administrator, logged in as the standard user. I looked and found that the email attachements removed by ESET were still gone. The one (not in an archive) mentioned by AVPTool was in C:\Documents And Settings\... --- which does not exist, I assume it is some sort of magic alias for the places I looked. While still logged in as the standard user, I launched IE9 (home page is blank). Typed www.google.com in the address bar, went to that page. Entered a search. Clicked on a link in the results. Got redirected to itunes.apple.com. Closed the browswer. Re-opened it, looked at history for today. Found "Computer" and "Google", so far so good. Also found a couple of entries at buisinessfinder.com, it looks like my search was done there (too? instead?). Also found itunes.apple.com. I then logged out the standard user and logged in the administrator and added this post.
  12. mjs99
    Continuing while logged in as administrator... Since you did not say again to check "Scan all users", I did not do so. When copying your custom fix text, I found that all the linebreaks disappeared --- it all ran together in one long line. Even when I pasted into Notepad. So I manually inserted the linebreaks again in the copy in Notepad. So that you can see I did not goof that up, here is the copy I saved from Notepad: :OTL IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKU\S-1-5-21-2738969363-3528563524-3556320021-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKU\S-1-5-21-2738969363-3528563524-3556320021-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=19 :files ipconfig /flushdns /c :Commands [emptytemp] [clearallrestorepoints] Harrrumpfh. Pasting into this forum lost the blank lines. They are there in Notepad and went into OTL OK. So I pasted into the custom fix box, with all the right linebreaks. Then I clicked on "Run fix". After it was well under way, I realized I forgot to close IE first. So I belatedly closed IE. I think it was during the last step, while OTL was clearing restore points. BTW, I did not remove all. Maybe it did not remove any. My previous problems included disappearing restore points. When OTL finished and told me to reboot, I did. After reboot and re-login as administrator, I looked at the available restore points. I found three; the latest is the one just created by OTL, and there are two older ones (including one made by ComboFix). I am not sure whether I had any others before I ran OTL. Following is the log from the latest run of OTL. Oddly, it, too, is missing a couple of blank lines --- but only near the end. All processes killed ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found. Registry key HKEY_USERS\S-1-5-21-2738969363-3528563524-3556320021-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found. Registry key HKEY_USERS\S-1-5-21-2738969363-3528563524-3556320021-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Addmin\Desktop\cmd.bat deleted successfully. C:\Users\Addmin\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Addmin ->Temp folder emptied: 228083 bytes ->Temporary Internet Files folder emptied: 46218385 bytes ->Java cache emptied: 2023 bytes ->Flash cache emptied: 700 bytes User: All Users User: Chris ->Temp folder emptied: 8319 bytes ->Temporary Internet Files folder emptied: 581943196 bytes ->Java cache emptied: 3065840 bytes ->Flash cache emptied: 4373 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 602.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.61.5 log created on 09162012_170146 Files\Folders moved on Reboot... C:\Users\Addmin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\Addmin\AppData\Local\Temp\~DF07B4F0AC81B3A1FD.TMP not found! File\Folder C:\Users\Addmin\AppData\Local\Temp\~DF0FE64DDB7F19BA11.TMP not found! File\Folder C:\Users\Addmin\AppData\Local\Temp\~DF11A0970A9742CB85.TMP not found! File\Folder C:\Users\Addmin\AppData\Local\Temp\~DF33BDEF1D9350A31B.TMP not found! File\Folder C:\Users\Addmin\AppData\Local\Temp\~DF75C0D9C8A64A7D68.TMP not found! File\Folder C:\Users\Addmin\AppData\Local\Temp\~DF8691E5045E9B6224.TMP not found! File\Folder C:\Users\Addmin\AppData\Local\Temp\~DF98272D05AC9631A0.TMP not found! File\Folder C:\Users\Addmin\AppData\Local\Temp\~DFA266B36625C952AF.TMP not found! File\Folder C:\Users\Addmin\AppData\Local\Temp\~DFCCA66A8A98597820.TMP not found! File\Folder C:\Users\Addmin\AppData\Local\Temp\~DFD016792464DCC79B.TMP not found! File\Folder C:\Users\Addmin\AppData\Local\Temp\~DFD16792B44193BB85.TMP not found! File\Folder C:\Users\Addmin\AppData\Local\Temp\~DFDBDFC60042775AF7.TMP not found! C:\Users\Addmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully. C:\Users\Addmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM1XRVIC\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully. C:\Users\Addmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM1XRVIC\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. File\Folder C:\Users\Addmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R916KD1W\fastbutton[1].htm not found! C:\Users\Addmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R916KD1W\index[1].htm moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  13. mjs99
    Just in case I goofed something up, I tried it again. I set "Scan all users". Again it produced only OTL.txt, not also Extras.txt. BTW, since you told me to, I had downloaded OTL.exe again. The second download is of different length and contents than the first. Norton tells me that this version of OTL.exe was released less than 1 week ago and that fewer than 5 users in the Norton Commuity have used it.
  14. mjs99
    That's where we started, but I did it again. This while still logged in as the administrator, having just run AVPTool. Oddly, this time OTL produced only OTL.txt not also Extras.txt. Following are the contents of OTL.txt. OTL logfile created on: 9/15/2012 5:47:43 PM - Run 2 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Addmin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.95 Gb Total Physical Memory | 4.57 Gb Available Physical Memory | 57.54% Memory free 15.90 Gb Paging File | 12.49 Gb Available in Paging File | 78.56% Paging File free Paging file location(s): c:\pagefile.sys 8139 12400 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 683.81 Gb Total Space | 553.45 Gb Free Space | 80.94% Space Free | Partition Type: NTFS Drive D: | 14.53 Gb Total Space | 1.61 Gb Free Space | 11.11% Space Free | Partition Type: NTFS Drive F: | 98.87 Mb Total Space | 84.60 Mb Free Space | 85.56% Space Free | Partition Type: FAT32 Computer Name: SAGE | User Name: Addmin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012/09/15 17:45:30 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Addmin\Desktop\OTL.exe PRC - [2012/07/30 15:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/06/25 01:19:22 | 003,459,024 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2012/04/27 19:10:38 | 001,171,304 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2012/04/27 19:07:12 | 005,914,912 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe PRC - [2012/04/27 19:04:16 | 000,403,112 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2012/04/27 19:03:28 | 005,955,000 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2012/04/03 10:32:31 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2011/12/06 13:57:37 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2011/08/10 16:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe PRC - [2011/07/11 15:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011/05/20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2011/03/30 14:01:10 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2011/03/22 11:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011/02/18 01:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe PRC - [2011/02/18 01:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe PRC - [2011/02/18 01:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe PRC - [2011/02/15 18:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2011/01/17 16:37:42 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011/01/17 16:37:42 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010/12/22 16:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/12/22 16:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/11/27 01:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2010/11/27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010/04/23 15:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 15:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 15:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 15:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/06/24 23:55:36 | 000,294,912 | R--- | M] () -- C:\Program Files (x86)\eGalaxTouch\xTouchMon.exe PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2008/12/09 09:32:06 | 000,055,120 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe PRC - [2008/01/03 19:28:08 | 001,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files (x86)\Palm\Hotsync.exe ========== Modules (No Company Name) ========== MOD - [2012/06/20 10:02:51 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll MOD - [2012/06/19 21:13:14 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012/06/19 21:12:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/19 21:12:15 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/05/18 11:03:36 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll MOD - [2012/05/18 01:09:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/05/18 00:25:38 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/18 00:25:25 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/18 00:25:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/18 00:25:15 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/18 00:25:01 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011/10/19 01:11:46 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2009/07/07 22:48:46 | 005,255,168 | R--- | M] () -- C:\Program Files (x86)\eGalaxTouch\xtkutility.dll MOD - [2009/06/24 23:55:36 | 000,294,912 | R--- | M] () -- C:\Program Files (x86)\eGalaxTouch\xTouchMon.exe MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/07/30 17:13:04 | 008,515,544 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService) SRV:64bit: - [2012/06/09 19:21:59 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/08/31 19:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011/07/27 22:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2011/07/27 21:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011/07/27 21:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2011/06/03 13:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2011/06/02 05:11:26 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2011/02/17 01:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto) SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/07/29 22:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2012/09/08 13:55:20 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/06/25 01:19:22 | 003,459,024 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2012/04/27 19:07:12 | 005,914,912 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2012/04/27 19:06:30 | 001,132,824 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011/08/10 16:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS) SRV - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011/02/24 21:34:42 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56) SRV - [2011/02/18 01:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService) SRV - [2011/02/15 18:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2010/12/22 16:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/12/22 16:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/11/27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service) SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/09/15 05:13:46 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\99514965.sys -- (99514965) DRV:64bit: - [2012/06/25 01:19:24 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2012/06/25 01:19:14 | 001,294,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman) DRV:64bit: - [2012/06/25 01:19:09 | 000,994,912 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2012/06/25 01:19:04 | 000,211,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr) DRV:64bit: - [2012/06/25 01:19:03 | 000,146,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt67.sys -- (vidsflt67) DRV:64bit: - [2012/06/25 01:19:01 | 000,320,096 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2012/06/25 01:19:00 | 000,137,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv) DRV:64bit: - [2012/06/09 19:22:09 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2012/06/09 19:21:59 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/06/09 19:21:59 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/06 14:01:33 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011/12/06 13:57:37 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011/12/06 13:57:37 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011/10/25 22:40:48 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/09/26 20:38:11 | 001,084,024 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys -- (SymEFA) DRV:64bit: - [2011/08/08 19:38:05 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011/08/03 18:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011/08/02 22:22:10 | 000,729,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys -- (SRTSP) DRV:64bit: - [2011/08/02 22:22:10 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2011/07/25 22:18:39 | 000,401,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys -- (SymNetS) DRV:64bit: - [2011/07/25 22:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys -- (SymDS) DRV:64bit: - [2011/07/25 22:15:52 | 000,189,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys -- (SymIRON) DRV:64bit: - [2011/06/02 05:11:26 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011/05/20 10:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/16 21:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/02/16 20:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/07/20 17:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010/07/20 17:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010/07/20 17:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010/07/14 10:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010/03/02 18:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/08 05:17:12 | 000,161,280 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EGXFilter.sys -- (EGXFilter) DRV:64bit: - [2009/06/30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot) DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012/09/15 02:28:58 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120914.024\ex64.sys -- (NAVEX15) DRV - [2012/09/15 02:28:58 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120914.024\eng64.sys -- (NAVENG) DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120914.001\IDSviA64.sys -- (IDSVia64) DRV - [2012/08/31 18:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120905.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2012/08/25 20:49:47 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/08/08 22:58:22 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2738969363-3528563524-3556320021-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2738969363-3528563524-3556320021-1000\..\SearchScopes,DefaultScope = {8E2BE0C3-400F-4BBB-9BBD-2468C43FC3E1} IE - HKU\S-1-5-21-2738969363-3528563524-3556320021-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-2738969363-3528563524-3556320021-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKU\S-1-5-21-2738969363-3528563524-3556320021-1000\..\SearchScopes\{8E2BE0C3-400F-4BBB-9BBD-2468C43FC3E1}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-2738969363-3528563524-3556320021-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=19 IE - HKU\S-1-5-21-2738969363-3528563524-3556320021-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\S-1-5-21-2738969363-3528563524-3556320021-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-2738969363-3528563524-3556320021-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} IE - HKU\S-1-5-21-2738969363-3528563524-3556320021-1000\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-2738969363-3528563524-3556320021-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~2\Palm\PACKAG~1\NPInstal.dll () FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/09/14 22:53:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/09/14 22:52:34 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012/09/13 02:49:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-2738969363-3528563524-3556320021-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2738969363-3528563524-3556320021-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [ClearTKHandle] C:\Program Files (x86)\eGalaxTouch\ClearTKHandle.exe () O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\S-1-5-21-2738969363-3528563524-3556320021-1000..\Run: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe (NewSoft Technology Corporation) O4 - HKU\S-1-5-21-2738969363-3528563524-3556320021-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation) O4 - Startup: C:\Users\Addmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2738969363-3528563524-3556320021-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2738969363-3528563524-3556320021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{350AEAC7-22F5-461C-BC8E-587FA61C8E80}: DhcpNameServer = 167.206.251.129 167.206.251.130 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D69BCECA-C3D0-4264-99FC-801750946091}: DhcpNameServer = 192.168.168.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/09/15 17:45:29 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Addmin\Desktop\OTL.exe [2012/09/15 17:44:21 | 000,000,000 | ---D | C] -- C:\Users\Addmin\Desktop\OTL-firstime [2012/09/14 23:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012/09/14 23:01:41 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\99514965.sys [2012/09/13 21:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/09/13 06:59:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/09/13 02:54:37 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/09/13 02:33:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/09/13 02:33:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/09/13 02:33:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/09/13 02:31:22 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/09/13 02:30:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/09/13 02:29:05 | 004,749,988 | R--- | C] (Swearware) -- C:\Users\Addmin\Desktop\ComboFix.exe [2012/09/02 14:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\DisplayLink Graphics [2012/09/02 14:08:07 | 000,000,000 | ---D | C] -- C:\Users\Addmin\Desktop\minidumps [2012/09/02 13:41:52 | 000,000,000 | ---D | C] -- C:\symbols [2012/09/02 13:41:50 | 000,000,000 | ---D | C] -- C:\ProgramData\dbg [2012/09/02 13:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits [2012/09/02 13:25:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Kits [2012/09/02 13:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2012/09/02 13:07:16 | 000,000,000 | ---D | C] -- C:\Users\Addmin\Desktop\dump120902 [2012/08/26 23:46:23 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys [2012/08/26 23:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security [2012/08/26 23:24:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/08/26 20:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012/08/26 20:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/08/26 19:38:17 | 000,000,000 | ---D | C] -- C:\Users\Addmin\AppData\Roaming\Malwarebytes [2012/08/26 19:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/08/26 19:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/08/26 19:38:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/08/26 19:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/08/26 16:02:46 | 000,000,000 | ---D | C] -- C:\Users\Addmin\AppData\Roaming\Origin ========== Files - Modified Within 30 Days ========== [2012/09/15 17:45:30 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Addmin\Desktop\OTL.exe [2012/09/15 17:42:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/15 05:13:46 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\99514965.sys [2012/09/14 23:00:39 | 135,691,504 | ---- | M] () -- C:\Users\Addmin\Desktop\setup_11.0.0.1245.x01_2012_09_15_05_13.exe [2012/09/14 22:59:53 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/14 22:59:53 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/14 22:51:00 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys [2012/09/13 02:49:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/09/13 02:31:26 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/09/13 02:31:26 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/09/13 02:31:26 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/09/13 02:29:07 | 004,749,988 | R--- | M] (Swearware) -- C:\Users\Addmin\Desktop\ComboFix.exe [2012/09/12 12:45:48 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAddmin.job [2012/09/11 21:05:13 | 000,002,616 | ---- | M] () -- C:\{2BE39E23-94A2-4BB2-8418-85D8BE84F153} [2012/09/10 21:33:17 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChris.job [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/09/02 14:29:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumdfb9.dll [2012/09/02 14:29:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumdfb11.dll [2012/09/02 14:29:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumdfb10.dll [2012/09/02 14:29:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd9.dll [2012/09/02 14:29:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd11.dll [2012/09/02 14:29:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd10.dll [2012/09/02 12:31:53 | 876,330,712 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/08/26 16:53:24 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012/08/26 16:27:53 | 000,461,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/08/26 16:00:03 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSAGE$.job ========== Files Created - No Company Name ========== [2012/09/14 22:59:12 | 135,691,504 | ---- | C] () -- C:\Users\Addmin\Desktop\setup_11.0.0.1245.x01_2012_09_15_05_13.exe [2012/09/13 02:33:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/09/13 02:33:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/09/13 02:33:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/09/13 02:33:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/09/13 02:33:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/09/11 21:05:11 | 000,002,616 | ---- | C] () -- C:\{2BE39E23-94A2-4BB2-8418-85D8BE84F153} [2012/09/02 14:29:32 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumdfb9.dll [2012/09/02 14:29:32 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumdfb11.dll [2012/09/02 14:29:32 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumdfb10.dll [2012/09/02 14:29:32 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd9.dll [2012/09/02 14:29:32 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd11.dll [2012/09/02 14:29:32 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd10.dll [2012/06/09 19:22:45 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012/06/09 19:22:45 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012/06/09 19:22:45 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/06/09 19:22:45 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012/01/29 02:11:50 | 000,007,628 | ---- | C] () -- C:\Users\Addmin\AppData\Local\Resmon.ResmonCfg [2011/12/27 23:21:20 | 000,001,380 | R--- | C] () -- C:\Windows\SysWow64\eGalaxTouch_reg.ini [2011/12/24 17:39:38 | 000,000,331 | ---- | C] () -- C:\Windows\SIERRA.INI [2011/12/14 02:13:13 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/10/25 00:13:00 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011/10/25 00:13:00 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011/10/25 00:13:00 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011/10/25 00:13:00 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011/10/25 00:13:00 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011/10/25 00:13:00 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011/10/25 00:13:00 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011/10/25 00:13:00 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011/10/25 00:13:00 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011/10/25 00:13:00 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011/10/25 00:13:00 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011/10/25 00:13:00 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011/10/25 00:13:00 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011/10/25 00:13:00 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011/10/25 00:13:00 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011/10/25 00:13:00 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2011/10/25 00:12:06 | 000,000,089 | ---- | C] () -- C:\Windows\EPWF610.ini [2011/10/19 01:13:51 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2011/10/11 11:15:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/10/11 11:04:55 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011/10/11 11:03:41 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/10/11 10:59:27 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/06/21 15:43:27 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011/03/25 22:16:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/02/22 19:40:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL ========== LOP Check ========== [2012/01/22 22:46:31 | 000,000,000 | ---D | M] -- C:\Users\Addmin\AppData\Roaming\.emacs.d [2012/09/14 22:53:36 | 000,000,000 | ---D | M] -- C:\Users\Addmin\AppData\Roaming\.oit [2011/12/16 01:52:03 | 000,000,000 | ---D | M] -- C:\Users\Addmin\AppData\Roaming\Acronis [2011/10/17 19:54:51 | 000,000,000 | ---D | M] -- C:\Users\Addmin\AppData\Roaming\Blio [2012/06/25 01:19:24 | 000,000,000 | ---D | M] -- C:\Users\Addmin\AppData\Roaming\CB2AAABE-858C-41A2-B674-8B4E8666B18D [2011/10/25 22:07:14 | 000,000,000 | ---D | M] -- C:\Users\Addmin\AppData\Roaming\Epson [2011/12/14 01:49:23 | 000,000,000 | ---D | M] -- C:\Users\Addmin\AppData\Roaming\HotSync [2011/10/25 00:27:35 | 000,000,000 | ---D | M] -- C:\Users\Addmin\AppData\Roaming\Leadertech [2011/10/19 01:12:20 | 000,000,000 | ---D | M] -- C:\Users\Addmin\AppData\Roaming\OpenOffice.org [2012/08/26 16:02:46 | 000,000,000 | ---D | M] -- C:\Users\Addmin\AppData\Roaming\Origin [2011/10/19 01:48:31 | 000,000,000 | ---D | M] -- C:\Users\Addmin\AppData\Roaming\Qualcomm [2011/10/17 18:41:10 | 000,000,000 | ---D | M] -- C:\Users\Addmin\AppData\Roaming\Synaptics [2012/09/03 15:41:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\.emacs.d [2012/02/28 11:13:30 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Blio [2011/10/25 00:47:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Epson [2011/12/14 02:18:17 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\HotSync [2011/10/19 01:52:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org [2012/07/25 15:19:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Origin [2011/12/12 01:03:59 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Qualcomm [2011/10/18 19:53:32 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Synaptics [2012/08/27 15:42:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Windows Live Writer [2012/06/18 08:02:30 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\_MDLogs [2012/05/25 18:01:30 | 000,032,528 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
  15. mjs99
    Following is the detected threats report from AVPTool. The first two look like one of the threats found and removed by ESET. The others are copies of old email found in archives I used to transport them from an older computer to the one on which we are now working; this move happened about a year ago. Status: Quarantined (events: 1) 9/14/2012 11:40:43 PM Quarantined Trojan program HEUR:Trojan-Downloader.Script.Generic C:\Documents and Settings\Chris\AppData\Roaming\Qualcomm\Eudora\attach\account online.html High Status: Detected (events: 9) 9/14/2012 11:31:19 PM Detected Trojan program HEUR:Trojan-Downloader.Script.Generic C:\Documents and Settings\Chris\Application Data\Qualcomm\Eudora\attach\account online.html High 9/14/2012 11:43:04 PM Detected Trojan program HEUR:Trojan-Downloader.Script.Generic C:\Documents and Settings\Chris\Documents\eudora-migration-from-quinoa\Eudora.7z//Eudora/attach/account online.html High 9/14/2012 11:45:47 PM Detected Trojan program Trojan-PSW.HTML.InfoBank.a C:\Documents and Settings\Chris\Documents\eudora-migration-from-quinoa\Eudora.7z//Eudora/attach/account.html High 9/14/2012 11:56:16 PM Detected Trojan program HEUR:Trojan-Downloader.Script.Generic C:\Documents and Settings\Chris\My Documents\eudora-migration-from-quinoa\Eudora.7z//Eudora/attach/account online.html High 9/14/2012 11:56:26 PM Detected Trojan program Trojan-PSW.HTML.InfoBank.a C:\Documents and Settings\Chris\My Documents\eudora-migration-from-quinoa\Eudora.7z//Eudora/attach/account.html High 9/15/2012 1:02:33 AM Detected Trojan program HEUR:Trojan-Downloader.Script.Generic C:\Users\Chris\Documents\eudora-migration-from-quinoa\Eudora.7z//Eudora/attach/account online.html High 9/15/2012 1:07:34 AM Detected Trojan program Trojan-PSW.HTML.InfoBank.a C:\Users\Chris\Documents\eudora-migration-from-quinoa\Eudora.7z//Eudora/attach/account.html High 9/15/2012 1:14:29 AM Detected Trojan program HEUR:Trojan-Downloader.Script.Generic C:\Users\Chris\My Documents\eudora-migration-from-quinoa\Eudora.7z//Eudora/attach/account online.html High 9/15/2012 1:14:41 AM Detected Trojan program Trojan-PSW.HTML.InfoBank.a C:\Users\Chris\My Documents\eudora-migration-from-quinoa\Eudora.7z//Eudora/attach/account.html High
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.