Jump to content


Photo
- - - - -

SVCHOST.EXE infected with Trojan.Agent


  • This topic is locked This topic is locked
44 replies to this topic

#1 oxr52a

oxr52a

    New Member

  • Members
  • Pip
  • 24 posts

Posted 30 January 2012 - 09:54 PM

I have be unable to fix SVCHOST.EXE infected with Trojan.Agent using Malwarebytes. Can you please assist?

Thanks very much.

Here's the DDS and attach logs as per the instructions.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Nolan Scott at 21:47:54 on 2012-01-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.4802 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\CyberDefender\Registry Cleaner\CDregclean.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL
BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6461BF92-C357-4EE9-807F-6745DE002A8D} : NameServer = 66.1.32.132 66.1.32.133
TCP: Interfaces\{C553182D-B1D8-4C61-A369-24D891835C5A} : DhcpNameServer = 192.168.1.254
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
BHO-X64: Incredibar.com Helper Object - No File
BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb110?a=6OypJgPEHA&i=26
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb110/?loc=IB_DS&a=6OypJgPEHA&&i=26&search=
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OypJgPEHA&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 503328c6000000000000002682577d0f
FF - user.js: extensions.incredibar_i.hardId - 503328c6000000000000002682577d0f
FF - user.js: extensions.incredibar_i.instlDay - 15353
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2722:30:51
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OypJgPEHA
FF - user.js: extensions.incredibar_i.upn2n - 92260720934036790
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10556
FF - user.js: extensions.incredibar_i.ppd - 1000
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2012-1-23 1157240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120128.002\IDSviA64.sys [2012-1-30 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe [2012-1-28 138248]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-9 138360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-12 136176]
S3 bcm;WiMAX Network Adapter;C:\Windows\system32\DRIVERS\drxvi314_64.sys --> C:\Windows\system32\DRIVERS\drxvi314_64.sys [?]
S3 bcmbusctr;WiMAX Bus Driver;C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys --> C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-12 136176]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-31 01:29:31 -------- d-----w- C:\Users\Nolan Scott\AppData\Roaming\CyberDefender
2012-01-31 01:29:22 -------- d-----w- C:\Program Files (x86)\CyberDefender
2012-01-31 01:20:07 20480 ------w- C:\Windows\svchost.exe
2012-01-29 18:17:36 -------- d-----w- C:\Users\Nolan Scott\AppData\Roaming\AppClient
2012-01-29 18:17:06 -------- d-----w- C:\Users\Nolan Scott\AppData\Local\Deployment
2012-01-29 18:17:06 -------- d-----w- C:\Users\Nolan Scott\AppData\Local\Apps
2012-01-28 13:41:40 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\srtsp64.sys
2012-01-28 13:41:40 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1305000.091\symds64.sys
2012-01-28 13:41:40 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\symnets.sys
2012-01-28 13:41:40 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\srtspx64.sys
2012-01-28 13:41:40 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\ironx64.sys
2012-01-28 13:41:40 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\ccsetx64.sys
2012-01-28 13:41:40 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\symefa64.sys
2012-01-28 13:41:33 -------- d-----w- C:\Windows\System32\drivers\NISx64\1305000.091
2012-01-27 01:11:12 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4BB0.tmp
2012-01-27 01:11:12 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4BAF.tmp
2012-01-14 03:31:01 -------- d-----w- C:\Program Files (x86)\ADLSoft UnCompressor
2012-01-14 03:30:53 -------- d-----w- C:\Program Files (x86)\Incredibar.com
2012-01-12 00:44:22 -------- d-----w- C:\Windows\System32\ms-MY
2012-01-12 00:28:02 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-12 00:28:02 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-12 00:28:02 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-12 00:28:02 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-12 00:28:01 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-12 00:28:01 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-12 00:27:59 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-12 00:27:59 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-10 00:53:32 -------- d-----w- C:\Windows\System32\drivers\UMDF\ko-KR
2012-01-10 00:53:29 -------- d-----w- C:\Windows\System32\drivers\UMDF\ms-MY
2012-01-10 00:53:26 -------- d-----w- C:\Windows\System32\drivers\UMDF\id-ID
2012-01-10 00:53:21 -------- d-----w- C:\Windows\System32\drivers\UMDF\sv-SE
2012-01-10 00:53:18 -------- d-----w- C:\Windows\System32\drivers\UMDF\nb-NO
2012-01-10 00:53:15 -------- d-----w- C:\Windows\System32\drivers\UMDF\hu-HU
2012-01-10 00:53:11 -------- d-----w- C:\Windows\System32\drivers\UMDF\fi-FI
2012-01-10 00:53:09 -------- d-----w- C:\Windows\System32\drivers\UMDF\el-GR
2012-01-10 00:53:07 -------- d-----w- C:\Windows\System32\drivers\UMDF\da-DK
2012-01-10 00:53:06 -------- d-----w- C:\Windows\System32\drivers\UMDF\cs-CZ
2012-01-10 00:53:01 -------- d-----w- C:\Windows\System32\drivers\UMDF\zh-TW
2012-01-10 00:53:00 -------- d-----w- C:\Windows\System32\drivers\UMDF\ru-RU
2012-01-10 00:52:58 -------- d-----w- C:\Windows\System32\drivers\UMDF\pl-PL
2012-01-10 00:52:55 -------- d-----w- C:\Windows\System32\drivers\UMDF\zh-CN
2012-01-10 00:52:52 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP
2012-01-10 00:52:49 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-BR
2012-01-10 00:52:47 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-PT
2012-01-10 00:52:43 -------- d-----w- C:\Windows\System32\drivers\UMDF\nl-NL
2012-01-10 00:52:42 -------- d-----w- C:\Windows\System32\drivers\UMDF\it-IT
2012-01-10 00:52:39 -------- d-----w- C:\Windows\System32\drivers\UMDF\de-DE
2012-01-10 00:52:38 -------- d-----w- C:\Windows\System32\drivers\UMDF\fr-FR
2012-01-10 00:52:36 -------- d-----w- C:\Windows\System32\drivers\UMDF\es-ES
2012-01-05 23:34:27 -------- d-----w- C:\Users\Nolan Scott\AppData\Local\NPE
2012-01-05 01:37:41 -------- d-----w- C:\Users\Nolan Scott\AppData\Roaming\Tific
2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-01-03 11:21:06 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{992FA99F-1C48-4FAB-81EB-F8EDD821CD34}\mpengine.dll
.
==================== Find3M ====================
.
2012-01-28 13:41:49 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-10 14:48:59 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-15 19:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 21:48:17.87 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/10/2010 10:55:30 AM
System Uptime: 1/30/2012 8:18:46 PM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | VIOLET6
Processor: AMD Phenom™ II X4 820 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 921 GiB total, 751.928 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.571 GiB free.
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP253: 1/9/2012 7:48:32 PM - Windows Update
RP254: 1/11/2012 10:02:36 PM - Windows Update
RP255: 1/16/2012 6:24:37 AM - HPSF Restore Point
RP256: 1/26/2012 3:00:38 AM - Windows Update
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Apple Application Support
Apple Software Update
BitTorrent
BitTorrentBar Toolbar
Compatibility Pack for the 2007 Office system
Conduit Engine
CyberLink DVD Suite Deluxe
CyberLink PowerDirector
D3DX10
DirectX for Managed Code Update (Summer 2004)
DoubleMySpeed Registry Cleaner
Dropbox
Emulator Starter
Feedback Tool
Finale SongWriter 2005
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.1.0
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
Incredibar Toolbar on IE and Chrome
InstallVC90Support
Java Auto Updater
Java™ 6 Update 24
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft Live Search Toolbar
Microsoft Office Basic Edition 2003
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox (3.6.6)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
Norton Online Backup
PictureMover
Power2Go
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
SmartSound Quicktracks Plugin
System Shock2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Veetle TV 0.9.18
vShare Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zip Motion Block Video codec (Remove Only)
.
==== Event Viewer Messages From Past Week ========
.
1/30/2012 8:21:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
1/30/2012 8:17:02 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2012 8:17:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/30/2012 8:17:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/30/2012 8:17:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/30/2012 8:17:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/30/2012 8:17:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/30/2012 8:16:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/30/2012 8:16:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_NIS DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2012 6:34:22 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/30/2012 6:34:22 PM, Error: Service Control Manager [7038] - The Dhcp service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/30/2012 6:34:22 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service did not start due to a logon failure.
1/30/2012 6:34:22 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
1/30/2012 6:34:22 PM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not start due to a logon failure.
1/30/2012 6:34:15 PM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: A system shutdown is in progress.
1/30/2012 6:34:05 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
1/30/2012 6:04:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000040, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ca4e38). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 013012-43446-01.
1/30/2012 5:57:28 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/30/2012 5:57:20 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
1/26/2012 8:26:51 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/26/2012 8:19:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002cbcb5a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012612-46987-01.
.
==== End Of File ===========================

#2 oxr52a

oxr52a

    New Member

  • Members
  • Pip
  • 24 posts

Posted 31 January 2012 - 05:19 PM

Hey guys, missed your policy about peer 2 peer. Here are the test results again with the prohibited software uninstalled. Thanks again.

I noticed other people are having issues with the same Trojan Agent. Can I follow the instructions in another thread to solve my problem or is each solution unique?

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Nolan Scott at 17:15:57 on 2012-01-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.5330 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL
BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6461BF92-C357-4EE9-807F-6745DE002A8D} : NameServer = 66.1.32.132 66.1.32.133
TCP: Interfaces\{C553182D-B1D8-4C61-A369-24D891835C5A} : DhcpNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
BHO-X64: Incredibar.com Helper Object - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb110?a=6OypJgPEHA&i=26
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb110/?loc=IB_DS&a=6OypJgPEHA&&i=26&search=
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OypJgPEHA&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 503328c6000000000000002682577d0f
FF - user.js: extensions.incredibar_i.hardId - 503328c6000000000000002682577d0f
FF - user.js: extensions.incredibar_i.instlDay - 15353
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2722:30:51
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OypJgPEHA
FF - user.js: extensions.incredibar_i.upn2n - 92260720934036790
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10556
FF - user.js: extensions.incredibar_i.ppd - 1000
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2012-1-23 1157240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120128.002\IDSviA64.sys [2012-1-30 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe [2012-1-28 138248]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-9 138360]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-12 136176]
S3 bcm;WiMAX Network Adapter;C:\Windows\system32\DRIVERS\drxvi314_64.sys --> C:\Windows\system32\DRIVERS\drxvi314_64.sys [?]
S3 bcmbusctr;WiMAX Bus Driver;C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys --> C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-12 136176]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-31 10:53:28 20480 ----a-w- C:\Windows\svchost.exe
2012-01-29 18:17:36 -------- d-----w- C:\Users\Nolan Scott\AppData\Roaming\AppClient
2012-01-29 18:17:06 -------- d-----w- C:\Users\Nolan Scott\AppData\Local\Deployment
2012-01-29 18:17:06 -------- d-----w- C:\Users\Nolan Scott\AppData\Local\Apps
2012-01-28 13:41:40 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\srtsp64.sys
2012-01-28 13:41:40 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1305000.091\symds64.sys
2012-01-28 13:41:40 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\symnets.sys
2012-01-28 13:41:40 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\srtspx64.sys
2012-01-28 13:41:40 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\ironx64.sys
2012-01-28 13:41:40 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\ccsetx64.sys
2012-01-28 13:41:40 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\symefa64.sys
2012-01-28 13:41:33 -------- d-----w- C:\Windows\System32\drivers\NISx64\1305000.091
2012-01-27 01:11:12 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4BB0.tmp
2012-01-27 01:11:12 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4BAF.tmp
2012-01-14 03:31:01 -------- d-----w- C:\Program Files (x86)\ADLSoft UnCompressor
2012-01-14 03:30:53 -------- d-----w- C:\Program Files (x86)\Incredibar.com
2012-01-12 00:44:22 -------- d-----w- C:\Windows\System32\ms-MY
2012-01-12 00:28:02 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-12 00:28:02 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-12 00:28:02 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-12 00:28:02 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-12 00:28:01 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-12 00:28:01 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-12 00:27:59 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-12 00:27:59 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-10 00:53:32 -------- d-----w- C:\Windows\System32\drivers\UMDF\ko-KR
2012-01-10 00:53:29 -------- d-----w- C:\Windows\System32\drivers\UMDF\ms-MY
2012-01-10 00:53:26 -------- d-----w- C:\Windows\System32\drivers\UMDF\id-ID
2012-01-10 00:53:21 -------- d-----w- C:\Windows\System32\drivers\UMDF\sv-SE
2012-01-10 00:53:18 -------- d-----w- C:\Windows\System32\drivers\UMDF\nb-NO
2012-01-10 00:53:15 -------- d-----w- C:\Windows\System32\drivers\UMDF\hu-HU
2012-01-10 00:53:11 -------- d-----w- C:\Windows\System32\drivers\UMDF\fi-FI
2012-01-10 00:53:09 -------- d-----w- C:\Windows\System32\drivers\UMDF\el-GR
2012-01-10 00:53:07 -------- d-----w- C:\Windows\System32\drivers\UMDF\da-DK
2012-01-10 00:53:06 -------- d-----w- C:\Windows\System32\drivers\UMDF\cs-CZ
2012-01-10 00:53:01 -------- d-----w- C:\Windows\System32\drivers\UMDF\zh-TW
2012-01-10 00:53:00 -------- d-----w- C:\Windows\System32\drivers\UMDF\ru-RU
2012-01-10 00:52:58 -------- d-----w- C:\Windows\System32\drivers\UMDF\pl-PL
2012-01-10 00:52:55 -------- d-----w- C:\Windows\System32\drivers\UMDF\zh-CN
2012-01-10 00:52:52 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP
2012-01-10 00:52:49 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-BR
2012-01-10 00:52:47 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-PT
2012-01-10 00:52:43 -------- d-----w- C:\Windows\System32\drivers\UMDF\nl-NL
2012-01-10 00:52:42 -------- d-----w- C:\Windows\System32\drivers\UMDF\it-IT
2012-01-10 00:52:39 -------- d-----w- C:\Windows\System32\drivers\UMDF\de-DE
2012-01-10 00:52:38 -------- d-----w- C:\Windows\System32\drivers\UMDF\fr-FR
2012-01-10 00:52:36 -------- d-----w- C:\Windows\System32\drivers\UMDF\es-ES
2012-01-05 23:34:27 -------- d-----w- C:\Users\Nolan Scott\AppData\Local\NPE
2012-01-05 01:37:41 -------- d-----w- C:\Users\Nolan Scott\AppData\Roaming\Tific
2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-01-03 11:21:06 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{992FA99F-1C48-4FAB-81EB-F8EDD821CD34}\mpengine.dll
.
==================== Find3M ====================
.
2012-01-28 13:41:49 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-10 14:48:59 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-15 19:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 17:16:44.80 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/10/2010 10:55:30 AM
System Uptime: 1/31/2012 4:58:13 PM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | VIOLET6
Processor: AMD Phenom™ II X4 820 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 921 GiB total, 750.937 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.571 GiB free.
E: is CDROM (UDF)
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (NTFS) - 931 GiB total, 687.256 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP253: 1/9/2012 7:48:32 PM - Windows Update
RP254: 1/11/2012 10:02:36 PM - Windows Update
RP255: 1/16/2012 6:24:37 AM - HPSF Restore Point
RP256: 1/26/2012 3:00:38 AM - Windows Update
RP257: 1/30/2012 10:16:22 PM - Removed Apple Software Update
RP258: 1/30/2012 10:17:19 PM - Removed Apple Mobile Device Support
RP259: 1/30/2012 10:18:21 PM - Removed Apple Application Support
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Apple Software Update
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
CyberLink PowerDirector
D3DX10
DirectX for Managed Code Update (Summer 2004)
Feedback Tool
Finale SongWriter 2005
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.1.0
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
Incredibar Toolbar on IE and Chrome
InstallVC90Support
Java Auto Updater
Java™ 6 Update 24
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft Live Search Toolbar
Microsoft Office Basic Edition 2003
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox (3.6.6)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
Norton Online Backup
PictureMover
Power2Go
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
SmartSound Quicktracks Plugin
System Shock2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zip Motion Block Video codec (Remove Only)
.
==== Event Viewer Messages From Past Week ========
.
1/30/2012 8:21:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
1/30/2012 8:17:02 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2012 8:17:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/30/2012 8:17:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/30/2012 8:17:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/30/2012 8:17:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/30/2012 8:17:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/30/2012 8:16:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/30/2012 8:16:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_NIS DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2012 6:34:22 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/30/2012 6:34:22 PM, Error: Service Control Manager [7038] - The Dhcp service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/30/2012 6:34:22 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service did not start due to a logon failure.
1/30/2012 6:34:22 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
1/30/2012 6:34:22 PM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not start due to a logon failure.
1/30/2012 6:34:15 PM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: A system shutdown is in progress.
1/30/2012 6:34:05 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
1/30/2012 6:04:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000040, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ca4e38). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 013012-43446-01.
1/30/2012 5:57:28 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/30/2012 5:57:20 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
1/30/2012 10:17:51 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/26/2012 8:26:51 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/26/2012 8:19:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002cbcb5a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012612-46987-01.
.
==== End Of File ===========================

#3 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 905 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 01 February 2012 - 11:39 AM

:welcome:

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.


Yes, all steps are for unique for each user.




Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.


Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
    Vista/Windows 7 users: Right click to "Run as Administrator"

  • The tool may ask you

    This application can use AVAST! Free Antivirus to scanning
    Would you like to download latest AVAST! virus definitions ?

    Please click No

  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post the aswmbr.txt in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.



Please post in your next reply
TDSSKiller Log
aswMBR.txt

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#4 oxr52a

oxr52a

    New Member

  • Members
  • Pip
  • 24 posts

Posted 01 February 2012 - 07:26 PM

Awesome! Let's destroy this thing:

19:16:24.0683 2380 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
19:16:24.0697 2380 ============================================================
19:16:24.0698 2380 Current date / time: 2012/02/01 19:16:24.0697
19:16:24.0698 2380 SystemInfo:
19:16:24.0698 2380
19:16:24.0698 2380 OS Version: 6.1.7601 ServicePack: 1.0
19:16:24.0698 2380 Product type: Workstation
19:16:24.0698 2380 ComputerName: NES-PC
19:16:24.0698 2380 UserName: Nolan Scott
19:16:24.0698 2380 Windows directory: C:\Windows
19:16:24.0698 2380 System windows directory: C:\Windows
19:16:24.0698 2380 Running under WOW64
19:16:24.0698 2380 Processor architecture: Intel x64
19:16:24.0698 2380 Number of processors: 4
19:16:24.0698 2380 Page size: 0x1000
19:16:24.0698 2380 Boot type: Normal boot
19:16:24.0698 2380 ============================================================
19:16:27.0185 2380 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:16:27.0196 2380 Drive \Device\Harddisk5\DR5 - Size: 0xE8B6F00000 (930.86 Gb), SectorSize: 0x200, Cylinders: 0x1DAAB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:16:27.0198 2380 \Device\Harddisk0\DR0:
19:16:27.0198 2380 MBR used
19:16:27.0198 2380 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:16:27.0198 2380 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73147800
19:16:27.0198 2380 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7317A000, BlocksNum 0x158C000
19:16:27.0198 2380 \Device\Harddisk5\DR5:
19:16:27.0199 2380 MBR used
19:16:27.0199 2380 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x745B7000
19:16:27.0310 2380 Initialize success
19:16:27.0310 2380 ============================================================
19:16:32.0629 4432 ============================================================
19:16:32.0629 4432 Scan started
19:16:32.0629 4432 Mode: Manual;
19:16:32.0629 4432 ============================================================
19:16:38.0037 4432 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:16:38.0040 4432 1394ohci - ok
19:16:38.0073 4432 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:16:38.0077 4432 ACPI - ok
19:16:38.0103 4432 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:16:38.0104 4432 AcpiPmi - ok
19:16:38.0174 4432 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:16:38.0197 4432 adp94xx - ok
19:16:38.0242 4432 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:16:38.0247 4432 adpahci - ok
19:16:38.0281 4432 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:16:38.0304 4432 adpu320 - ok
19:16:38.0355 4432 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
19:16:38.0361 4432 AFD - ok
19:16:38.0381 4432 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:16:38.0383 4432 agp440 - ok
19:16:38.0406 4432 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:16:38.0408 4432 aliide - ok
19:16:38.0427 4432 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:16:38.0429 4432 amdide - ok
19:16:38.0457 4432 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:16:38.0459 4432 AmdK8 - ok
19:16:38.0493 4432 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:16:38.0494 4432 AmdPPM - ok
19:16:38.0533 4432 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:16:38.0536 4432 amdsata - ok
19:16:38.0568 4432 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:16:38.0574 4432 amdsbs - ok
19:16:38.0588 4432 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:16:38.0589 4432 amdxata - ok
19:16:38.0614 4432 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:16:38.0644 4432 AppID - ok
19:16:38.0669 4432 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:16:38.0671 4432 arc - ok
19:16:38.0679 4432 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:16:38.0701 4432 arcsas - ok
19:16:38.0739 4432 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:16:38.0751 4432 AsyncMac - ok
19:16:38.0785 4432 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:16:38.0787 4432 atapi - ok
19:16:38.0847 4432 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys
19:16:38.0861 4432 athr - ok
19:16:38.0908 4432 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:16:38.0914 4432 b06bdrv - ok
19:16:38.0941 4432 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:16:38.0945 4432 b57nd60a - ok
19:16:38.0994 4432 bcm (d1ba00d7cb6c1fbf29dc8935d8525d22) C:\Windows\system32\DRIVERS\drxvi314_64.sys
19:16:39.0014 4432 bcm - ok
19:16:39.0045 4432 bcmbusctr (5ccd19e7fa04db87adf171fa702a4169) C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys
19:16:39.0046 4432 bcmbusctr - ok
19:16:39.0068 4432 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:16:39.0081 4432 Beep - ok
19:16:39.0235 4432 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120121.002\BHDrvx64.sys
19:16:39.0243 4432 BHDrvx64 - ok
19:16:39.0283 4432 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:16:39.0284 4432 blbdrive - ok
19:16:39.0301 4432 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:16:39.0303 4432 bowser - ok
19:16:39.0322 4432 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:16:39.0324 4432 BrFiltLo - ok
19:16:39.0343 4432 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:16:39.0345 4432 BrFiltUp - ok
19:16:39.0363 4432 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:16:39.0366 4432 Brserid - ok
19:16:39.0390 4432 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:16:39.0392 4432 BrSerWdm - ok
19:16:39.0415 4432 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:16:39.0417 4432 BrUsbMdm - ok
19:16:39.0429 4432 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:16:39.0431 4432 BrUsbSer - ok
19:16:39.0459 4432 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:16:39.0461 4432 BTHMODEM - ok
19:16:39.0548 4432 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys
19:16:39.0550 4432 ccSet_NIS - ok
19:16:39.0573 4432 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:16:39.0575 4432 cdfs - ok
19:16:39.0619 4432 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:16:39.0621 4432 cdrom - ok
19:16:39.0668 4432 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:16:39.0669 4432 circlass - ok
19:16:39.0698 4432 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:16:39.0702 4432 CLFS - ok
19:16:39.0752 4432 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:16:39.0754 4432 CmBatt - ok
19:16:39.0786 4432 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:16:39.0788 4432 cmdide - ok
19:16:39.0819 4432 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:16:39.0824 4432 CNG - ok
19:16:39.0831 4432 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:16:39.0833 4432 Compbatt - ok
19:16:39.0847 4432 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:16:39.0865 4432 CompositeBus - ok
19:16:39.0896 4432 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:16:39.0911 4432 crcdisk - ok
19:16:39.0967 4432 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:16:39.0969 4432 DfsC - ok
19:16:39.0988 4432 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:16:39.0989 4432 discache - ok
19:16:40.0007 4432 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:16:40.0009 4432 Disk - ok
19:16:40.0056 4432 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:16:40.0058 4432 drmkaud - ok
19:16:40.0094 4432 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:16:40.0100 4432 DXGKrnl - ok
19:16:40.0182 4432 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:16:40.0250 4432 ebdrv - ok
19:16:40.0332 4432 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:16:40.0335 4432 eeCtrl - ok
19:16:40.0412 4432 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:16:40.0418 4432 elxstor - ok
19:16:40.0468 4432 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:16:40.0469 4432 EraserUtilRebootDrv - ok
19:16:40.0496 4432 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:16:40.0497 4432 ErrDev - ok
19:16:40.0545 4432 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:16:40.0548 4432 exfat - ok
19:16:40.0564 4432 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:16:40.0577 4432 fastfat - ok
19:16:40.0601 4432 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:16:40.0603 4432 fdc - ok
19:16:40.0628 4432 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:16:40.0630 4432 FileInfo - ok
19:16:40.0645 4432 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:16:40.0646 4432 Filetrace - ok
19:16:40.0674 4432 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:16:40.0675 4432 flpydisk - ok
19:16:40.0716 4432 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:16:40.0719 4432 FltMgr - ok
19:16:40.0742 4432 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:16:40.0744 4432 FsDepends - ok
19:16:40.0783 4432 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
19:16:40.0796 4432 fssfltr - ok
19:16:40.0824 4432 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:16:40.0825 4432 Fs_Rec - ok
19:16:40.0854 4432 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:16:40.0856 4432 fvevol - ok
19:16:40.0878 4432 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:16:40.0880 4432 gagp30kx - ok
19:16:40.0944 4432 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:16:40.0946 4432 hcw85cir - ok
19:16:40.0978 4432 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:16:40.0980 4432 HDAudBus - ok
19:16:40.0997 4432 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:16:40.0998 4432 HidBatt - ok
19:16:41.0021 4432 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:16:41.0023 4432 HidBth - ok
19:16:41.0048 4432 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:16:41.0050 4432 HidIr - ok
19:16:41.0072 4432 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:16:41.0074 4432 HidUsb - ok
19:16:41.0134 4432 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:16:41.0145 4432 HpSAMD - ok
19:16:41.0199 4432 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:16:41.0206 4432 HTTP - ok
19:16:41.0230 4432 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:16:41.0231 4432 hwpolicy - ok
19:16:41.0272 4432 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:16:41.0275 4432 i8042prt - ok
19:16:41.0309 4432 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:16:41.0328 4432 iaStorV - ok
19:16:41.0467 4432 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120128.002\IDSvia64.sys
19:16:41.0470 4432 IDSVia64 - ok
19:16:41.0507 4432 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:16:41.0508 4432 iirsp - ok
19:16:41.0582 4432 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys
19:16:41.0593 4432 IntcAzAudAddService - ok
19:16:41.0612 4432 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:16:41.0613 4432 intelide - ok
19:16:41.0653 4432 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:16:41.0655 4432 intelppm - ok
19:16:41.0702 4432 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:16:41.0704 4432 IpFilterDriver - ok
19:16:41.0732 4432 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:16:41.0754 4432 IPMIDRV - ok
19:16:41.0788 4432 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:16:41.0800 4432 IPNAT - ok
19:16:41.0824 4432 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:16:41.0825 4432 IRENUM - ok
19:16:41.0845 4432 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:16:41.0846 4432 isapnp - ok
19:16:41.0879 4432 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:16:41.0896 4432 iScsiPrt - ok
19:16:41.0938 4432 ivusb (2f9f76349bb8c578873a58c840ba0589) C:\Windows\system32\DRIVERS\ivusb.sys
19:16:41.0940 4432 ivusb - ok
19:16:41.0968 4432 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:16:41.0980 4432 kbdclass - ok
19:16:42.0013 4432 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:16:42.0029 4432 kbdhid - ok
19:16:42.0069 4432 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:16:42.0071 4432 KSecDD - ok
19:16:42.0091 4432 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:16:42.0094 4432 KSecPkg - ok
19:16:42.0104 4432 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:16:42.0105 4432 ksthunk - ok
19:16:42.0166 4432 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:16:42.0167 4432 lltdio - ok
19:16:42.0215 4432 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:16:42.0229 4432 LSI_FC - ok
19:16:42.0263 4432 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:16:42.0265 4432 LSI_SAS - ok
19:16:42.0279 4432 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:16:42.0281 4432 LSI_SAS2 - ok
19:16:42.0294 4432 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:16:42.0296 4432 LSI_SCSI - ok
19:16:42.0316 4432 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:16:42.0334 4432 luafv - ok
19:16:42.0396 4432 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:16:42.0414 4432 megasas - ok
19:16:42.0440 4432 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:16:42.0444 4432 MegaSR - ok
19:16:42.0468 4432 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:16:42.0469 4432 Modem - ok
19:16:42.0498 4432 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:16:42.0499 4432 monitor - ok
19:16:42.0532 4432 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:16:42.0544 4432 mouclass - ok
19:16:42.0587 4432 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:16:42.0588 4432 mouhid - ok
19:16:42.0620 4432 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:16:42.0621 4432 mountmgr - ok
19:16:42.0649 4432 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:16:42.0651 4432 mpio - ok
19:16:42.0672 4432 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:16:42.0674 4432 mpsdrv - ok
19:16:42.0710 4432 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:16:42.0713 4432 MRxDAV - ok
19:16:42.0748 4432 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:16:42.0750 4432 mrxsmb - ok
19:16:42.0776 4432 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:16:42.0780 4432 mrxsmb10 - ok
19:16:42.0802 4432 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:16:42.0822 4432 mrxsmb20 - ok
19:16:42.0848 4432 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:16:42.0849 4432 msahci - ok
19:16:42.0887 4432 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:16:42.0889 4432 msdsm - ok
19:16:42.0915 4432 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:16:42.0916 4432 Msfs - ok
19:16:42.0939 4432 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:16:43.0316 4432 mshidkmdf - ok
19:16:43.0411 4432 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:16:43.0412 4432 msisadrv - ok
19:16:43.0513 4432 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:16:43.0515 4432 MSKSSRV - ok
19:16:43.0552 4432 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:16:43.0553 4432 MSPCLOCK - ok
19:16:43.0567 4432 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:16:43.0568 4432 MSPQM - ok
19:16:43.0593 4432 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:16:43.0598 4432 MsRPC - ok
19:16:43.0619 4432 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:16:43.0619 4432 mssmbios - ok
19:16:43.0638 4432 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:16:43.0639 4432 MSTEE - ok
19:16:43.0674 4432 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:16:43.0676 4432 MTConfig - ok
19:16:43.0701 4432 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:16:43.0702 4432 Mup - ok
19:16:43.0727 4432 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:16:43.0731 4432 NativeWifiP - ok
19:16:43.0825 4432 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120131.017\ENG64.SYS
19:16:43.0827 4432 NAVENG - ok
19:16:43.0874 4432 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120131.017\EX64.SYS
19:16:43.0887 4432 NAVEX15 - ok
19:16:43.0947 4432 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:16:43.0956 4432 NDIS - ok
19:16:43.0975 4432 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:16:43.0988 4432 NdisCap - ok
19:16:44.0040 4432 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:16:44.0041 4432 NdisTapi - ok
19:16:44.0074 4432 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:16:44.0076 4432 Ndisuio - ok
19:16:44.0114 4432 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:16:44.0116 4432 NdisWan - ok
19:16:44.0127 4432 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:16:44.0129 4432 NDProxy - ok
19:16:44.0142 4432 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:16:44.0145 4432 NetBIOS - ok
19:16:44.0176 4432 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:16:44.0179 4432 NetBT - ok
19:16:44.0241 4432 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:16:44.0243 4432 nfrd960 - ok
19:16:44.0278 4432 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:16:44.0279 4432 Npfs - ok
19:16:44.0288 4432 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:16:44.0289 4432 nsiproxy - ok
19:16:44.0341 4432 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:16:44.0359 4432 Ntfs - ok
19:16:44.0377 4432 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:16:44.0379 4432 Null - ok
19:16:44.0578 4432 nvlddmkm (1cf597c9f0745735a6c5181ecb83706e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:16:44.0641 4432 nvlddmkm - ok
19:16:44.0687 4432 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
19:16:44.0689 4432 NVNET - ok
19:16:44.0724 4432 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:16:44.0738 4432 nvraid - ok
19:16:44.0760 4432 nvsmu (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS\nvsmu.sys
19:16:44.0761 4432 nvsmu - ok
19:16:44.0798 4432 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:16:44.0811 4432 nvstor - ok
19:16:44.0832 4432 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
19:16:44.0833 4432 nvstor64 - ok
19:16:44.0854 4432 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:16:44.0856 4432 nv_agp - ok
19:16:44.0906 4432 NWADI (f79633a8b7db75cb5fad53b02985a414) C:\Windows\system32\DRIVERS\NWADIenum.sys
19:16:44.0909 4432 NWADI - ok
19:16:44.0938 4432 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:16:44.0940 4432 ohci1394 - ok
19:16:45.0010 4432 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:16:45.0011 4432 Parport - ok
19:16:45.0046 4432 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:16:45.0048 4432 partmgr - ok
19:16:45.0063 4432 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:16:45.0066 4432 pci - ok
19:16:45.0081 4432 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:16:45.0083 4432 pciide - ok
19:16:45.0111 4432 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:16:45.0115 4432 pcmcia - ok
19:16:45.0121 4432 PCTINDIS5X64 - ok
19:16:45.0153 4432 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:16:45.0154 4432 pcw - ok
19:16:45.0175 4432 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:16:45.0183 4432 PEAUTH - ok
19:16:45.0275 4432 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:16:45.0278 4432 PptpMiniport - ok
19:16:45.0297 4432 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:16:45.0299 4432 Processor - ok
19:16:45.0332 4432 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:16:45.0333 4432 Psched - ok
19:16:45.0386 4432 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:16:45.0402 4432 ql2300 - ok
19:16:45.0430 4432 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:16:45.0432 4432 ql40xx - ok
19:16:45.0448 4432 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:16:45.0449 4432 QWAVEdrv - ok
19:16:45.0469 4432 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:16:45.0470 4432 RasAcd - ok
19:16:45.0502 4432 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:16:45.0517 4432 RasAgileVpn - ok
19:16:45.0561 4432 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:16:45.0563 4432 Rasl2tp - ok
19:16:45.0583 4432 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:16:45.0585 4432 RasPppoe - ok
19:16:45.0619 4432 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:16:45.0620 4432 RasSstp - ok
19:16:45.0645 4432 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:16:45.0649 4432 rdbss - ok
19:16:45.0669 4432 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:16:45.0670 4432 rdpbus - ok
19:16:45.0690 4432 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:16:45.0690 4432 RDPCDD - ok
19:16:45.0719 4432 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:16:45.0719 4432 RDPENCDD - ok
19:16:45.0732 4432 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:16:45.0732 4432 RDPREFMP - ok
19:16:45.0753 4432 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:16:45.0756 4432 RDPWD - ok
19:16:45.0779 4432 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:16:45.0796 4432 rdyboost - ok
19:16:45.0854 4432 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
19:16:45.0856 4432 RimUsb - ok
19:16:45.0875 4432 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:16:45.0903 4432 rspndr - ok
19:16:45.0942 4432 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:16:45.0944 4432 sbp2port - ok
19:16:45.0975 4432 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:16:45.0993 4432 scfilter - ok
19:16:46.0005 4432 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:16:46.0007 4432 secdrv - ok
19:16:46.0064 4432 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:16:46.0065 4432 Serenum - ok
19:16:46.0100 4432 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:16:46.0102 4432 Serial - ok
19:16:46.0136 4432 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:16:46.0138 4432 sermouse - ok
19:16:46.0172 4432 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:16:46.0174 4432 sffdisk - ok
19:16:46.0185 4432 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:16:46.0206 4432 sffp_mmc - ok
19:16:46.0225 4432 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:16:46.0227 4432 sffp_sd - ok
19:16:46.0252 4432 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:16:46.0253 4432 sfloppy - ok
19:16:46.0298 4432 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:16:46.0299 4432 SiSRaid2 - ok
19:16:46.0325 4432 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:16:46.0327 4432 SiSRaid4 - ok
19:16:46.0363 4432 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:16:46.0365 4432 Smb - ok
19:16:46.0397 4432 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:16:46.0398 4432 spldr - ok
19:16:46.0490 4432 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS
19:16:46.0494 4432 SRTSP - ok
19:16:46.0520 4432 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS
19:16:46.0521 4432 SRTSPX - ok
19:16:46.0551 4432 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:16:46.0556 4432 srv - ok
19:16:46.0594 4432 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:16:46.0600 4432 srv2 - ok
19:16:46.0635 4432 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:16:46.0638 4432 srvnet - ok
19:16:46.0688 4432 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:16:46.0689 4432 stexstor - ok
19:16:46.0745 4432 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:16:46.0746 4432 swenum - ok
19:16:46.0778 4432 swmx00 (a8e9e76cc2f342f205273702969c84c9) C:\Windows\system32\DRIVERS\swmx00.sys
19:16:46.0790 4432 swmx00 - ok
19:16:46.0826 4432 SWNC5E00 (b053610bb36d9bd1bff7102727427600) C:\Windows\system32\DRIVERS\SWNC5E00.sys
19:16:46.0830 4432 SWNC5E00 - ok
19:16:46.0861 4432 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS
19:16:46.0884 4432 SymDS - ok
19:16:46.0931 4432 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS
19:16:46.0942 4432 SymEFA - ok
19:16:46.0990 4432 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:16:47.0005 4432 SymEvent - ok
19:16:47.0050 4432 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS
19:16:47.0052 4432 SymIRON - ok
19:16:47.0084 4432 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS
19:16:47.0087 4432 SymNetS - ok
19:16:47.0147 4432 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:16:47.0217 4432 Tcpip - ok
19:16:47.0271 4432 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:16:47.0281 4432 TCPIP6 - ok
19:16:47.0326 4432 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:16:47.0347 4432 tcpipreg - ok
19:16:47.0376 4432 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:16:47.0378 4432 TDPIPE - ok
19:16:47.0390 4432 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:16:47.0392 4432 TDTCP - ok
19:16:47.0433 4432 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:16:47.0435 4432 tdx - ok
19:16:47.0461 4432 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:16:47.0482 4432 TermDD - ok
19:16:47.0528 4432 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:16:47.0530 4432 tssecsrv - ok
19:16:47.0543 4432 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:16:47.0546 4432 TsUsbFlt - ok
19:16:47.0588 4432 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:16:47.0591 4432 tunnel - ok
19:16:47.0619 4432 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:16:47.0621 4432 uagp35 - ok
19:16:47.0654 4432 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:16:47.0658 4432 udfs - ok
19:16:47.0694 4432 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:16:47.0696 4432 uliagpkx - ok
19:16:47.0741 4432 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:16:47.0743 4432 umbus - ok
19:16:47.0772 4432 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:16:47.0773 4432 UmPass - ok
19:16:47.0807 4432 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
19:16:47.0809 4432 USBAAPL64 - ok
19:16:47.0829 4432 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:16:47.0831 4432 usbccgp - ok
19:16:47.0858 4432 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:16:47.0860 4432 usbcir - ok
19:16:47.0884 4432 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:16:47.0899 4432 usbehci - ok
19:16:47.0930 4432 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:16:47.0935 4432 usbhub - ok
19:16:47.0968 4432 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:16:47.0970 4432 usbohci - ok
19:16:48.0010 4432 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:16:48.0011 4432 usbprint - ok
19:16:48.0022 4432 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:16:48.0024 4432 USBSTOR - ok
19:16:48.0045 4432 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:16:48.0061 4432 usbuhci - ok
19:16:48.0084 4432 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:16:48.0085 4432 vdrvroot - ok
19:16:48.0133 4432 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:16:48.0147 4432 vga - ok
19:16:48.0176 4432 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:16:48.0178 4432 VgaSave - ok
19:16:48.0209 4432 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:16:48.0228 4432 vhdmp - ok
19:16:48.0244 4432 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:16:48.0258 4432 viaide - ok
19:16:48.0282 4432 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:16:48.0284 4432 volmgr - ok
19:16:48.0314 4432 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:16:48.0318 4432 volmgrx - ok
19:16:48.0342 4432 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:16:48.0347 4432 volsnap - ok
19:16:48.0402 4432 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:16:48.0404 4432 vsmraid - ok
19:16:48.0436 4432 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:16:48.0454 4432 vwifibus - ok
19:16:48.0486 4432 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:16:48.0950 4432 vwififlt - ok
19:16:48.0994 4432 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:16:48.0996 4432 WacomPen - ok
19:16:49.0028 4432 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:16:49.0030 4432 WANARP - ok
19:16:49.0033 4432 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:16:49.0034 4432 Wanarpv6 - ok
19:16:49.0083 4432 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:16:49.0084 4432 Wd - ok
19:16:49.0117 4432 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
19:16:49.0118 4432 WDC_SAM - ok
19:16:49.0155 4432 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:16:49.0162 4432 Wdf01000 - ok
19:16:49.0188 4432 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:16:49.0189 4432 WfpLwf - ok
19:16:49.0215 4432 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:16:49.0217 4432 WIMMount - ok
19:16:49.0287 4432 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:16:49.0289 4432 WinUsb - ok
19:16:49.0317 4432 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:16:49.0317 4432 WmiAcpi - ok
19:16:49.0357 4432 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:16:49.0358 4432 ws2ifsl - ok
19:16:49.0393 4432 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:16:49.0396 4432 WudfPf - ok
19:16:49.0421 4432 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:16:49.0442 4432 WUDFRd - ok
19:16:49.0487 4432 MBR (0x1B8) (6c6fdff834aa5d876c307bee53974486) \Device\Harddisk0\DR0
19:16:49.0517 4432 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
19:16:49.0517 4432 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
19:16:49.0521 4432 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5
19:16:49.0526 4432 \Device\Harddisk5\DR5 - ok
19:16:49.0563 4432 Boot (0x1200) (4b93ad6997c122c2a34c53f68e8419fb) \Device\Harddisk0\DR0\Partition0
19:16:49.0563 4432 \Device\Harddisk0\DR0\Partition0 - ok
19:16:49.0577 4432 Boot (0x1200) (8939e572536e073941c7a88b1b6d8b54) \Device\Harddisk0\DR0\Partition1
19:16:49.0578 4432 \Device\Harddisk0\DR0\Partition1 - ok
19:16:49.0609 4432 Boot (0x1200) (cdd854cdc6a14df4eedd737d2154b3a5) \Device\Harddisk0\DR0\Partition2
19:16:49.0610 4432 \Device\Harddisk0\DR0\Partition2 - ok
19:16:49.0613 4432 Boot (0x1200) (1c2876fb371e8c673e9c32fc6670b016) \Device\Harddisk5\DR5\Partition0
19:16:49.0614 4432 \Device\Harddisk5\DR5\Partition0 - ok
19:16:49.0615 4432 ============================================================
19:16:49.0615 4432 Scan finished
19:16:49.0615 4432 ============================================================
19:16:49.0629 5112 Detected object count: 1
19:16:49.0629 5112 Actual detected object count: 1
19:17:15.0080 5112 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
19:17:15.0080 5112 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-01 19:21:26
-----------------------------
19:21:26.018 OS Version: Windows x64 6.1.7601 Service Pack 1
19:21:26.019 Number of processors: 4 586 0x402
19:21:26.019 ComputerName: NES-PC UserName:
19:21:37.227 Initialize success
19:21:58.207 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
19:21:58.212 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
19:21:58.217 Device \Driver\nvstor64 -> MajorFunction fffffa80092635c4
19:21:58.219 Disk 0 MBR read successfully
19:21:58.223 Disk 0 MBR scan
19:21:58.225 Disk 0 unknown MBR code
19:21:58.258 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:21:58.301 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942735 MB offset 206848
19:21:58.356 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11032 MB offset 1930928128
19:21:58.359 Service scanning
19:22:06.880 Modules scanning
19:22:06.883 Disk 0 trace - called modules:
19:22:06.886 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80092635c4]<<
19:22:06.889 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800739f060]
19:22:07.218 3 CLASSPNP.SYS[fffff88001bbd43f] -> nt!IofCallDriver -> [0xfffffa80067c2e40]
19:22:07.221 5 ACPI.sys[fffff88000efd7a1] -> nt!IofCallDriver -> \Device\00000064[0xfffffa80067ff240]
19:22:07.225 \Driver\nvstor64[0xfffffa800817be70] -> IRP_MJ_CREATE -> 0xfffffa80092635c4
19:22:07.230 Scan finished successfully
19:22:46.642 Disk 0 MBR has been saved successfully to "C:\Users\Nolan Scott\Desktop\MBR.dat"
19:22:46.647 The log file has been saved successfully to "C:\Users\Nolan Scott\Desktop\aswMBR.txt"

Attached Files



#5 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 905 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 02 February 2012 - 01:55 AM

Hy there,


Execute TDSSKiller.exe and press Start Scan.
  • Ensure Cure is selected ( it should be by default )
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed
  • Click Continue then click Reboot now.

Once complete, a log will be produced at the root drive which is typically C:\
For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please post the contents of that log in your next reply.



Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.



Please post in your next reply
TDSSKiller Log
Combofix.txt

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#6 oxr52a

oxr52a

    New Member

  • Members
  • Pip
  • 24 posts

Posted 02 February 2012 - 06:41 PM

18:09:06.0643 5480 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
18:09:08.0608 5480 ============================================================
18:09:08.0608 5480 Current date / time: 2012/02/02 18:09:08.0608
18:09:08.0608 5480 SystemInfo:
18:09:08.0608 5480
18:09:08.0608 5480 OS Version: 6.1.7601 ServicePack: 1.0
18:09:08.0608 5480 Product type: Workstation
18:09:08.0608 5480 ComputerName: NES-PC
18:09:08.0608 5480 UserName: Nolan Scott
18:09:08.0608 5480 Windows directory: C:\Windows
18:09:08.0608 5480 System windows directory: C:\Windows
18:09:08.0608 5480 Running under WOW64
18:09:08.0608 5480 Processor architecture: Intel x64
18:09:08.0608 5480 Number of processors: 4
18:09:08.0608 5480 Page size: 0x1000
18:09:08.0608 5480 Boot type: Normal boot
18:09:08.0608 5480 ============================================================
18:09:11.0292 5480 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:09:11.0307 5480 Drive \Device\Harddisk5\DR5 - Size: 0xE8B6F00000 (930.86 Gb), SectorSize: 0x200, Cylinders: 0x1DAAB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:09:11.0307 5480 \Device\Harddisk0\DR0:
18:09:11.0307 5480 MBR used
18:09:11.0307 5480 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:09:11.0307 5480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73147800
18:09:11.0307 5480 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7317A000, BlocksNum 0x158C000
18:09:11.0307 5480 \Device\Harddisk5\DR5:
18:09:11.0323 5480 MBR used
18:09:11.0323 5480 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x745B7000
18:09:11.0557 5480 Initialize success
18:09:11.0557 5480 ============================================================
18:09:14.0240 5892 ============================================================
18:09:14.0240 5892 Scan started
18:09:14.0240 5892 Mode: Manual;
18:09:14.0240 5892 ============================================================
18:09:17.0552 5892 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:09:17.0552 5892 1394ohci - ok
18:09:17.0602 5892 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:09:17.0602 5892 ACPI - ok
18:09:17.0632 5892 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:09:17.0632 5892 AcpiPmi - ok
18:09:17.0712 5892 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:09:17.0762 5892 adp94xx - ok
18:09:17.0812 5892 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:09:17.0822 5892 adpahci - ok
18:09:17.0852 5892 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:09:17.0852 5892 adpu320 - ok
18:09:17.0962 5892 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:09:17.0972 5892 AFD - ok
18:09:18.0002 5892 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:09:18.0012 5892 agp440 - ok
18:09:18.0052 5892 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:09:18.0072 5892 aliide - ok
18:09:18.0092 5892 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:09:18.0092 5892 amdide - ok
18:09:18.0122 5892 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:09:18.0132 5892 AmdK8 - ok
18:09:18.0162 5892 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:09:18.0162 5892 AmdPPM - ok
18:09:18.0182 5892 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:09:18.0192 5892 amdsata - ok
18:09:18.0222 5892 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:09:18.0252 5892 amdsbs - ok
18:09:18.0272 5892 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:09:18.0282 5892 amdxata - ok
18:09:18.0302 5892 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:09:18.0322 5892 AppID - ok
18:09:18.0382 5892 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:09:18.0382 5892 arc - ok
18:09:18.0402 5892 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:09:18.0412 5892 arcsas - ok
18:09:18.0472 5892 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:09:18.0492 5892 AsyncMac - ok
18:09:18.0528 5892 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:09:18.0543 5892 atapi - ok
18:09:18.0715 5892 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys
18:09:18.0746 5892 athr - ok
18:09:18.0824 5892 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:09:18.0824 5892 b06bdrv - ok
18:09:18.0855 5892 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:09:18.0855 5892 b57nd60a - ok
18:09:18.0933 5892 bcm (d1ba00d7cb6c1fbf29dc8935d8525d22) C:\Windows\system32\DRIVERS\drxvi314_64.sys
18:09:18.0964 5892 bcm - ok
18:09:18.0996 5892 bcmbusctr (5ccd19e7fa04db87adf171fa702a4169) C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys
18:09:19.0011 5892 bcmbusctr - ok
18:09:19.0042 5892 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:09:19.0058 5892 Beep - ok
18:09:19.0386 5892 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120121.002\BHDrvx64.sys
18:09:19.0401 5892 BHDrvx64 - ok
18:09:19.0635 5892 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:09:19.0651 5892 blbdrive - ok
18:09:19.0682 5892 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:09:19.0698 5892 bowser - ok
18:09:19.0744 5892 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:09:19.0744 5892 BrFiltLo - ok
18:09:19.0760 5892 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:09:19.0760 5892 BrFiltUp - ok
18:09:19.0791 5892 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:09:19.0791 5892 Brserid - ok
18:09:19.0822 5892 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:09:19.0822 5892 BrSerWdm - ok
18:09:19.0838 5892 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:09:19.0838 5892 BrUsbMdm - ok
18:09:19.0854 5892 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:09:19.0854 5892 BrUsbSer - ok
18:09:19.0885 5892 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:09:19.0885 5892 BTHMODEM - ok
18:09:20.0056 5892 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys
18:09:20.0056 5892 ccSet_NIS - ok
18:09:20.0103 5892 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:09:20.0103 5892 cdfs - ok
18:09:20.0150 5892 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:09:20.0166 5892 cdrom - ok
18:09:20.0212 5892 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:09:20.0228 5892 circlass - ok
18:09:20.0275 5892 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:09:20.0290 5892 CLFS - ok
18:09:20.0353 5892 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:09:20.0353 5892 CmBatt - ok
18:09:20.0384 5892 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:09:20.0400 5892 cmdide - ok
18:09:20.0446 5892 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:09:20.0446 5892 CNG - ok
18:09:20.0462 5892 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:09:20.0462 5892 Compbatt - ok
18:09:20.0509 5892 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:09:20.0524 5892 CompositeBus - ok
18:09:20.0571 5892 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:09:20.0587 5892 crcdisk - ok
18:09:20.0649 5892 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:09:20.0649 5892 DfsC - ok
18:09:20.0680 5892 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:09:20.0680 5892 discache - ok
18:09:20.0712 5892 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:09:20.0712 5892 Disk - ok
18:09:20.0758 5892 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:09:20.0758 5892 drmkaud - ok
18:09:20.0852 5892 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:09:20.0868 5892 DXGKrnl - ok
18:09:21.0507 5892 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:09:21.0570 5892 ebdrv - ok
18:09:21.0648 5892 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:09:21.0679 5892 eeCtrl - ok
18:09:21.0788 5892 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:09:21.0788 5892 elxstor - ok
18:09:21.0850 5892 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:09:21.0850 5892 EraserUtilRebootDrv - ok
18:09:21.0882 5892 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:09:21.0897 5892 ErrDev - ok
18:09:21.0991 5892 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:09:21.0991 5892 exfat - ok
18:09:22.0022 5892 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:09:22.0038 5892 fastfat - ok
18:09:22.0100 5892 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:09:22.0100 5892 fdc - ok
18:09:22.0131 5892 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:09:22.0131 5892 FileInfo - ok
18:09:22.0147 5892 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:09:22.0147 5892 Filetrace - ok
18:09:22.0178 5892 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:09:22.0178 5892 flpydisk - ok
18:09:22.0240 5892 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:09:22.0256 5892 FltMgr - ok
18:09:22.0287 5892 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:09:22.0287 5892 FsDepends - ok
18:09:22.0318 5892 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
18:09:22.0334 5892 fssfltr - ok
18:09:22.0365 5892 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:09:22.0365 5892 Fs_Rec - ok
18:09:22.0412 5892 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:09:22.0412 5892 fvevol - ok
18:09:22.0428 5892 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:09:22.0428 5892 gagp30kx - ok
18:09:22.0506 5892 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:09:22.0506 5892 hcw85cir - ok
18:09:22.0568 5892 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:09:22.0568 5892 HDAudBus - ok
18:09:22.0599 5892 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:09:22.0599 5892 HidBatt - ok
18:09:22.0646 5892 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:09:22.0646 5892 HidBth - ok
18:09:22.0662 5892 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:09:22.0677 5892 HidIr - ok
18:09:22.0693 5892 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:09:22.0708 5892 HidUsb - ok
18:09:22.0802 5892 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:09:22.0818 5892 HpSAMD - ok
18:09:22.0864 5892 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:09:22.0880 5892 HTTP - ok
18:09:22.0911 5892 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:09:22.0911 5892 hwpolicy - ok
18:09:22.0942 5892 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:09:22.0974 5892 i8042prt - ok
18:09:23.0005 5892 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:09:23.0036 5892 iaStorV - ok
18:09:23.0239 5892 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120131.002\IDSvia64.sys
18:09:23.0254 5892 IDSVia64 - ok
18:09:23.0286 5892 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:09:23.0301 5892 iirsp - ok
18:09:23.0395 5892 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys
18:09:23.0426 5892 IntcAzAudAddService - ok
18:09:23.0535 5892 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:09:23.0551 5892 intelide - ok
18:09:23.0582 5892 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:09:23.0598 5892 intelppm - ok
18:09:23.0629 5892 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:09:23.0629 5892 IpFilterDriver - ok
18:09:23.0707 5892 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:09:23.0722 5892 IPMIDRV - ok
18:09:23.0785 5892 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:09:23.0816 5892 IPNAT - ok
18:09:23.0863 5892 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:09:23.0863 5892 IRENUM - ok
18:09:23.0894 5892 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:09:23.0910 5892 isapnp - ok
18:09:24.0034 5892 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:09:24.0066 5892 iScsiPrt - ok
18:09:24.0128 5892 ivusb (2f9f76349bb8c578873a58c840ba0589) C:\Windows\system32\DRIVERS\ivusb.sys
18:09:24.0128 5892 ivusb - ok
18:09:24.0190 5892 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:09:24.0206 5892 kbdclass - ok
18:09:24.0237 5892 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:09:24.0284 5892 kbdhid - ok
18:09:24.0315 5892 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:09:24.0331 5892 KSecDD - ok
18:09:24.0362 5892 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:09:24.0378 5892 KSecPkg - ok
18:09:24.0393 5892 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:09:24.0393 5892 ksthunk - ok
18:09:24.0456 5892 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:09:24.0471 5892 lltdio - ok
18:09:24.0518 5892 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:09:24.0518 5892 LSI_FC - ok
18:09:24.0565 5892 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:09:24.0565 5892 LSI_SAS - ok
18:09:24.0627 5892 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:09:24.0627 5892 LSI_SAS2 - ok
18:09:24.0658 5892 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:09:24.0658 5892 LSI_SCSI - ok
18:09:24.0690 5892 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:09:24.0705 5892 luafv - ok
18:09:24.0783 5892 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:09:24.0799 5892 megasas - ok
18:09:24.0830 5892 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:09:24.0830 5892 MegaSR - ok
18:09:24.0861 5892 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:09:24.0861 5892 Modem - ok
18:09:24.0892 5892 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:09:24.0892 5892 monitor - ok
18:09:24.0908 5892 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:09:24.0924 5892 mouclass - ok
18:09:24.0955 5892 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:09:24.0955 5892 mouhid - ok
18:09:25.0002 5892 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:09:25.0033 5892 mountmgr - ok
18:09:25.0064 5892 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:09:25.0095 5892 mpio - ok
18:09:25.0111 5892 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:09:25.0111 5892 mpsdrv - ok
18:09:25.0158 5892 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:09:25.0158 5892 MRxDAV - ok
18:09:25.0204 5892 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:09:25.0236 5892 mrxsmb - ok
18:09:25.0282 5892 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:09:25.0282 5892 mrxsmb10 - ok
18:09:25.0345 5892 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:09:25.0360 5892 mrxsmb20 - ok
18:09:25.0392 5892 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:09:25.0392 5892 msahci - ok
18:09:25.0423 5892 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:09:25.0454 5892 msdsm - ok
18:09:25.0485 5892 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:09:25.0485 5892 Msfs - ok
18:09:25.0532 5892 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:09:25.0579 5892 mshidkmdf - ok
18:09:25.0594 5892 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:09:25.0594 5892 msisadrv - ok
18:09:25.0657 5892 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:09:25.0657 5892 MSKSSRV - ok
18:09:25.0688 5892 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:09:25.0688 5892 MSPCLOCK - ok
18:09:25.0704 5892 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:09:25.0704 5892 MSPQM - ok
18:09:25.0766 5892 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:09:25.0766 5892 MsRPC - ok
18:09:25.0797 5892 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:09:25.0797 5892 mssmbios - ok
18:09:25.0813 5892 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:09:25.0813 5892 MSTEE - ok
18:09:25.0844 5892 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:09:25.0844 5892 MTConfig - ok
18:09:25.0875 5892 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:09:25.0875 5892 Mup - ok
18:09:26.0016 5892 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:09:26.0016 5892 NativeWifiP - ok
18:09:26.0468 5892 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120201.003\ENG64.SYS
18:09:26.0468 5892 NAVENG - ok
18:09:26.0796 5892 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120201.003\EX64.SYS
18:09:26.0842 5892 NAVEX15 - ok
18:09:27.0123 5892 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:09:27.0139 5892 NDIS - ok
18:09:27.0170 5892 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:09:27.0186 5892 NdisCap - ok
18:09:27.0217 5892 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:09:27.0217 5892 NdisTapi - ok
18:09:27.0248 5892 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:09:27.0248 5892 Ndisuio - ok
18:09:27.0279 5892 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:09:27.0279 5892 NdisWan - ok
18:09:27.0295 5892 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:09:27.0295 5892 NDProxy - ok
18:09:27.0310 5892 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:09:27.0310 5892 NetBIOS - ok
18:09:27.0342 5892 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:09:27.0342 5892 NetBT - ok
18:09:27.0388 5892 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:09:27.0388 5892 nfrd960 - ok
18:09:27.0435 5892 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:09:27.0435 5892 Npfs - ok
18:09:27.0435 5892 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:09:27.0435 5892 nsiproxy - ok
18:09:27.0498 5892 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:09:27.0513 5892 Ntfs - ok
18:09:27.0529 5892 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:09:27.0529 5892 Null - ok
18:09:27.0825 5892 nvlddmkm (1cf597c9f0745735a6c5181ecb83706e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:09:27.0888 5892 nvlddmkm - ok
18:09:27.0934 5892 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
18:09:27.0950 5892 NVNET - ok
18:09:27.0997 5892 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:09:28.0012 5892 nvraid - ok
18:09:28.0075 5892 nvsmu (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS\nvsmu.sys
18:09:28.0075 5892 nvsmu - ok
18:09:28.0090 5892 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:09:28.0122 5892 nvstor - ok
18:09:28.0168 5892 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
18:09:28.0168 5892 nvstor64 - ok
18:09:28.0200 5892 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:09:28.0215 5892 nv_agp - ok
18:09:28.0278 5892 NWADI (f79633a8b7db75cb5fad53b02985a414) C:\Windows\system32\DRIVERS\NWADIenum.sys
18:09:28.0293 5892 NWADI - ok
18:09:28.0309 5892 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:09:28.0324 5892 ohci1394 - ok
18:09:28.0418 5892 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:09:28.0418 5892 Parport - ok
18:09:28.0465 5892 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:09:28.0465 5892 partmgr - ok
18:09:28.0496 5892 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:09:28.0496 5892 pci - ok
18:09:28.0512 5892 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:09:28.0512 5892 pciide - ok
18:09:28.0527 5892 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:09:28.0527 5892 pcmcia - ok
18:09:28.0558 5892 PCTINDIS5X64 - ok
18:09:28.0590 5892 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:09:28.0590 5892 pcw - ok
18:09:28.0933 5892 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:09:28.0948 5892 PEAUTH - ok
18:09:29.0042 5892 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:09:29.0042 5892 PptpMiniport - ok
18:09:29.0058 5892 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:09:29.0058 5892 Processor - ok
18:09:29.0104 5892 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:09:29.0104 5892 Psched - ok
18:09:29.0307 5892 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:09:29.0354 5892 ql2300 - ok
18:09:29.0385 5892 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:09:29.0385 5892 ql40xx - ok
18:09:29.0463 5892 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:09:29.0463 5892 QWAVEdrv - ok
18:09:29.0479 5892 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:09:29.0479 5892 RasAcd - ok
18:09:29.0510 5892 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:09:29.0526 5892 RasAgileVpn - ok
18:09:29.0588 5892 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:09:29.0588 5892 Rasl2tp - ok
18:09:29.0619 5892 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:09:29.0635 5892 RasPppoe - ok
18:09:29.0666 5892 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:09:29.0666 5892 RasSstp - ok
18:09:29.0682 5892 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:09:29.0697 5892 rdbss - ok
18:09:29.0728 5892 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:09:29.0728 5892 rdpbus - ok
18:09:29.0760 5892 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:09:29.0760 5892 RDPCDD - ok
18:09:29.0775 5892 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:09:29.0775 5892 RDPENCDD - ok
18:09:29.0806 5892 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:09:29.0806 5892 RDPREFMP - ok
18:09:30.0072 5892 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:09:30.0072 5892 RDPWD - ok
18:09:30.0181 5892 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:09:30.0212 5892 rdyboost - ok
18:09:30.0274 5892 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
18:09:30.0290 5892 RimUsb - ok
18:09:30.0337 5892 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:09:30.0352 5892 rspndr - ok
18:09:30.0399 5892 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:09:30.0415 5892 sbp2port - ok
18:09:30.0462 5892 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:09:30.0493 5892 scfilter - ok
18:09:30.0524 5892 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:09:30.0540 5892 secdrv - ok
18:09:30.0586 5892 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:09:30.0586 5892 Serenum - ok
18:09:30.0618 5892 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:09:30.0618 5892 Serial - ok
18:09:30.0649 5892 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:09:30.0664 5892 sermouse - ok
18:09:30.0696 5892 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:09:30.0711 5892 sffdisk - ok
18:09:30.0742 5892 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:09:30.0758 5892 sffp_mmc - ok
18:09:30.0789 5892 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:09:30.0820 5892 sffp_sd - ok
18:09:30.0836 5892 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:09:30.0836 5892 sfloppy - ok
18:09:30.0898 5892 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:09:30.0898 5892 SiSRaid2 - ok
18:09:30.0930 5892 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:09:30.0930 5892 SiSRaid4 - ok
18:09:30.0976 5892 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:09:30.0976 5892 Smb - ok
18:09:31.0023 5892 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:09:31.0023 5892 spldr - ok
18:09:31.0444 5892 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS
18:09:31.0460 5892 SRTSP - ok
18:09:31.0741 5892 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS
18:09:31.0741 5892 SRTSPX - ok
18:09:31.0788 5892 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:09:31.0788 5892 srv - ok
18:09:31.0850 5892 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:09:31.0866 5892 srv2 - ok
18:09:31.0897 5892 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:09:31.0912 5892 srvnet - ok
18:09:31.0975 5892 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:09:31.0975 5892 stexstor - ok
18:09:32.0022 5892 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:09:32.0037 5892 swenum - ok
18:09:32.0084 5892 swmx00 (a8e9e76cc2f342f205273702969c84c9) C:\Windows\system32\DRIVERS\swmx00.sys
18:09:32.0115 5892 swmx00 - ok
18:09:32.0162 5892 SWNC5E00 (b053610bb36d9bd1bff7102727427600) C:\Windows\system32\DRIVERS\SWNC5E00.sys
18:09:32.0162 5892 SWNC5E00 - ok
18:09:32.0412 5892 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS
18:09:32.0443 5892 SymDS - ok
18:09:32.0521 5892 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS
18:09:32.0552 5892 SymEFA - ok
18:09:32.0599 5892 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
18:09:32.0614 5892 SymEvent - ok
18:09:32.0630 5892 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS
18:09:32.0630 5892 SymIRON - ok
18:09:32.0677 5892 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS
18:09:32.0677 5892 SymNetS - ok
18:09:32.0786 5892 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:09:32.0880 5892 Tcpip - ok
18:09:32.0911 5892 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:09:32.0926 5892 TCPIP6 - ok
18:09:32.0973 5892 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:09:33.0004 5892 tcpipreg - ok
18:09:33.0036 5892 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:09:33.0036 5892 TDPIPE - ok
18:09:33.0051 5892 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:09:33.0051 5892 TDTCP - ok
18:09:33.0098 5892 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:09:33.0098 5892 tdx - ok
18:09:33.0160 5892 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:09:33.0176 5892 TermDD - ok
18:09:33.0270 5892 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:09:33.0270 5892 tssecsrv - ok
18:09:33.0316 5892 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:09:33.0316 5892 TsUsbFlt - ok
18:09:33.0363 5892 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:09:33.0363 5892 tunnel - ok
18:09:33.0410 5892 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:09:33.0426 5892 uagp35 - ok
18:09:33.0472 5892 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:09:33.0488 5892 udfs - ok
18:09:33.0519 5892 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:09:33.0535 5892 uliagpkx - ok
18:09:33.0597 5892 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:09:33.0613 5892 umbus - ok
18:09:33.0660 5892 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:09:33.0660 5892 UmPass - ok
18:09:33.0706 5892 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
18:09:33.0706 5892 USBAAPL64 - ok
18:09:33.0738 5892 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:09:33.0753 5892 usbccgp - ok
18:09:33.0800 5892 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:09:33.0800 5892 usbcir - ok
18:09:33.0816 5892 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:09:33.0816 5892 usbehci - ok
18:09:33.0831 5892 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:09:33.0862 5892 usbhub - ok
18:09:33.0878 5892 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:09:33.0878 5892 usbohci - ok
18:09:33.0925 5892 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:09:33.0925 5892 usbprint - ok
18:09:33.0940 5892 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:09:33.0940 5892 USBSTOR - ok
18:09:33.0956 5892 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:09:33.0987 5892 usbuhci - ok
18:09:34.0003 5892 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:09:34.0018 5892 vdrvroot - ok
18:09:34.0050 5892 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:09:34.0065 5892 vga - ok
18:09:34.0096 5892 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:09:34.0096 5892 VgaSave - ok
18:09:34.0112 5892 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:09:34.0143 5892 vhdmp - ok
18:09:34.0159 5892 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:09:34.0174 5892 viaide - ok
18:09:34.0206 5892 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:09:34.0206 5892 volmgr - ok
18:09:34.0237 5892 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:09:34.0252 5892 volmgrx - ok
18:09:34.0377 5892 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:09:34.0377 5892 volsnap - ok
18:09:34.0440 5892 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:09:34.0471 5892 vsmraid - ok
18:09:34.0502 5892 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:09:34.0502 5892 vwifibus - ok
18:09:34.0533 5892 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:09:34.0533 5892 vwififlt - ok
18:09:34.0564 5892 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:09:34.0564 5892 WacomPen - ok
18:09:34.0611 5892 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:09:34.0611 5892 WANARP - ok
18:09:34.0642 5892 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:09:34.0642 5892 Wanarpv6 - ok
18:09:34.0705 5892 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:09:34.0705 5892 Wd - ok
18:09:34.0752 5892 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
18:09:34.0767 5892 WDC_SAM - ok
18:09:34.0939 5892 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:09:34.0954 5892 Wdf01000 - ok
18:09:35.0032 5892 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:09:35.0032 5892 WfpLwf - ok
18:09:35.0064 5892 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:09:35.0064 5892 WIMMount - ok
18:09:35.0142 5892 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:09:35.0157 5892 WinUsb - ok
18:09:35.0204 5892 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:09:35.0204 5892 WmiAcpi - ok
18:09:35.0266 5892 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:09:35.0266 5892 ws2ifsl - ok
18:09:35.0298 5892 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:09:35.0298 5892 WudfPf - ok
18:09:35.0376 5892 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:09:35.0391 5892 WUDFRd - ok
18:09:35.0500 5892 MBR (0x1B8) (6c6fdff834aa5d876c307bee53974486) \Device\Harddisk0\DR0
18:09:35.0547 5892 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:09:35.0547 5892 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:09:35.0563 5892 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5
18:09:35.0563 5892 \Device\Harddisk5\DR5 - ok
18:09:35.0610 5892 Boot (0x1200) (4b93ad6997c122c2a34c53f68e8419fb) \Device\Harddisk0\DR0\Partition0
18:09:35.0656 5892 \Device\Harddisk0\DR0\Partition0 - ok
18:09:35.0703 5892 Boot (0x1200) (8939e572536e073941c7a88b1b6d8b54) \Device\Harddisk0\DR0\Partition1
18:09:35.0703 5892 \Device\Harddisk0\DR0\Partition1 - ok
18:09:35.0766 5892 Boot (0x1200) (cdd854cdc6a14df4eedd737d2154b3a5) \Device\Harddisk0\DR0\Partition2
18:09:35.0766 5892 \Device\Harddisk0\DR0\Partition2 - ok
18:09:35.0766 5892 Boot (0x1200) (1c2876fb371e8c673e9c32fc6670b016) \Device\Harddisk5\DR5\Partition0
18:09:35.0766 5892 \Device\Harddisk5\DR5\Partition0 - ok
18:09:35.0781 5892 ============================================================
18:09:35.0781 5892 Scan finished
18:09:35.0781 5892 ============================================================
18:09:35.0797 5864 Detected object count: 1
18:09:35.0797 5864 Actual detected object count: 1
18:09:47.0292 5864 \Device\Harddisk0\DR0\# - copied to quarantine
18:09:47.0292 5864 \Device\Harddisk0\DR0 - copied to quarantine
18:09:47.0697 5864 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:09:47.0713 5864 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
18:09:47.0728 5864 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:09:47.0744 5864 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
18:09:47.0791 5864 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:09:47.0791 5864 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:09:47.0838 5864 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:09:47.0838 5864 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:09:47.0853 5864 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
18:09:47.0869 5864 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:09:47.0978 5864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
18:09:47.0978 5864 \Device\Harddisk0\DR0 - ok
18:09:47.0978 5864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
18:10:01.0722 3848 Deinitialize success



ComboFix 12-02-02.02 - Nolan Scott 02/02/2012 18:22:45.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.6450 [GMT -5:00]
Running from: c:\users\Nolan Scott\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibar.crx
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\uninstall.exe
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))
.
.
2012-02-02 23:27 . 2012-02-02 23:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-02 23:09 . 2012-02-02 23:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-01 00:22 . 2012-02-01 00:22 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-01-29 18:17 . 2012-01-29 18:17 -------- d-----w- c:\users\Nolan Scott\AppData\Roaming\AppClient
2012-01-29 18:17 . 2012-01-31 03:12 -------- d-----w- c:\users\Nolan Scott\AppData\Local\Deployment
2012-01-29 18:17 . 2012-01-29 18:17 -------- d-----w- c:\users\Nolan Scott\AppData\Local\Apps
2012-01-28 20:06 . 2012-01-28 20:06 -------- d-----w- c:\windows\Sun
2012-01-28 13:41 . 2012-01-28 19:49 -------- d-----w- c:\windows\system32\drivers\NISx64\1305000.091
2012-01-27 01:11 . 2012-01-27 01:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\4BB0.tmp
2012-01-27 01:11 . 2012-01-27 01:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\4BAF.tmp
2012-01-14 03:31 . 2012-01-14 03:31 -------- d-----w- c:\program files (x86)\ADLSoft UnCompressor
2012-01-14 03:30 . 2012-01-14 03:30 451 ----a-w- C:\user.js
2012-01-12 00:44 . 2012-01-12 00:44 -------- d-----w- c:\windows\system32\ms-MY
2012-01-12 00:28 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-12 00:28 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 00:28 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-12 00:28 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-12 00:28 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 00:28 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-12 00:27 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-12 00:27 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\ko-KR
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\ms-MY
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\id-ID
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\sv-SE
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\nb-NO
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\hu-HU
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\fi-FI
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\el-GR
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\da-DK
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\cs-CZ
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\zh-TW
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\ru-RU
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\pl-PL
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\zh-CN
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-BR
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES
2012-01-05 23:34 . 2012-01-05 23:51 -------- d-----w- c:\users\Nolan Scott\AppData\Local\NPE
2012-01-05 01:37 . 2012-01-05 01:37 -------- d-----w- c:\users\Nolan Scott\AppData\Roaming\Tific
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-28 13:41 . 2010-03-10 16:07 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-12-10 20:24 . 2010-03-10 16:23 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 14:48 . 2011-05-27 00:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-19 00:22 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2012-01-03 11:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{992FA99F-1C48-4FAB-81EB-F8EDD821CD34}\mpengine.dll
2011-11-15 19:29 . 2010-07-24 15:24 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-05 05:32 . 2011-12-19 00:22 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-19 00:22 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-13 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2111296]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [x]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2011-12-01 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120131.002\IDSvia64.sys [2011-12-15 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-30 138248]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 00:22]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 00:22]
.
2012-02-02 c:\windows\Tasks\HPCeeScheduleForNolan Scott.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2011-09-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6461BF92-C357-4EE9-807F-6745DE002A8D}: NameServer = 66.1.32.132 66.1.32.133
FF - ProfilePath - c:\users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb110?a=6OypJgPEHA&i=26
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb110/?loc=IB_DS&a=6OypJgPEHA&&i=26&search=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OypJgPEHA&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 503328c6000000000000002682577d0f
FF - user.js: extensions.incredibar_i.hardId - 503328c6000000000000002682577d0f
FF - user.js: extensions.incredibar_i.instlDay - 15353
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2722:30
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OypJgPEHA
FF - user.js: extensions.incredibar_i.upn2n - 92260720934036790
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10556
FF - user.js: extensions.incredibar_i.ppd - 1000
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\uninstall.exe
AddRemove-My HP Game Console - c:\program files (x86)\HP Games\HP Game Console\Uninstall.exe
AddRemove-SShockDeinstallKey - c:\sshock2\SShocku.log
AddRemove-WildTangent hp Master Uninstall - c:\program files (x86)\HP Games\Uninstall.exe
AddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe
AddRemove-WildTangentGameProvider-hp-main - c:\program files (x86)\HP Games\Game Explorer Categories - main\Uninstall.exe
AddRemove-WT065221 - c:\program files (x86)\HP Games\Family Feud 3\Uninstall.exe
AddRemove-WT065223 - c:\program files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe
AddRemove-WT065225 - c:\program files (x86)\HP Games\Blasterball 2 Revolution\Uninstall.exe
AddRemove-WT065227 - c:\program files (x86)\HP Games\Bob the Builder Can-Do-Zoo\Uninstall.exe
AddRemove-WT065277 - c:\program files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe
AddRemove-WT065290 - c:\program files (x86)\HP Games\Mah Jong Medley\Uninstall.exe
AddRemove-WT065293 - c:\program files (x86)\HP Games\Mystery P.I. - The New York Fortune\Uninstall.exe
AddRemove-WT065294 - c:\program files (x86)\HP Games\Penguins!\Uninstall.exe
AddRemove-WT065295 - c:\program files (x86)\HP Games\Polar Bowler\Uninstall.exe
AddRemove-WT065296 - c:\program files (x86)\HP Games\Polar Golfer\Uninstall.exe
AddRemove-WT065299 - c:\program files (x86)\HP Games\Totem Tribe\Uninstall.exe
AddRemove-WT065301 - c:\program files (x86)\HP Games\Scrabble\Uninstall.exe
AddRemove-WT065305 - c:\program files (x86)\HP Games\Virtual Villagers - The Secret City\Uninstall.exe
AddRemove-WT065306 - c:\program files (x86)\HP Games\Wheel of Fortune 2\Uninstall.exe
AddRemove-WT065308 - c:\program files (x86)\HP Games\Dora's Carnival Adventure\Uninstall.exe
AddRemove-WT065414 - c:\program files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe
AddRemove-WT065426 - c:\program files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe
AddRemove-WT065459 - c:\program files (x86)\HP Games\Zuma Deluxe\Uninstall.exe
AddRemove-WT074389 - c:\program files (x86)\HP Games\Diner Dash\Uninstall.exe
AddRemove-WT074421 - c:\program files (x86)\HP Games\FATE\Uninstall.exe
AddRemove-WT074427 - c:\program files (x86)\HP Games\Monopoly\Uninstall.exe
AddRemove-WT074428 - c:\program files (x86)\HP Games\Peggle Nights\Uninstall.exe
AddRemove-WT074433 - c:\program files (x86)\HP Games\Plants vs. Zombies\Uninstall.exe
AddRemove-WT074434 - c:\program files (x86)\HP Games\Poker Superstars III\Uninstall.exe
AddRemove-WT074441 - c:\program files (x86)\HP Games\THE GAME OF LIFE\Uninstall.exe
AddRemove-WT074442 - c:\program files (x86)\HP Games\Virtual Families\Uninstall.exe
AddRemove-WT074585 - c:\program files (x86)\HP Games\Yahtzee\Uninstall.exe
AddRemove-Yahoo! Toolbar - c:\progra~2\Yahoo!\Common\UNYT_W~1.EXE
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2012-02-02 18:34:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-02 23:34
.
Pre-Run: 804,295,196,672 bytes free
Post-Run: 804,125,655,040 bytes free
.
- - End Of File - - C90B344505DB8F78D654FA3CB80FB54C

#7 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 905 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 03 February 2012 - 01:33 AM

Open notepad and copy/paste the text in the Code-box below into it:

FireFox::
FF - ProfilePath - c:\users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb110/?loc=IB_DS&a=6OypJgPEHA&&i=26&search=
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OypJgPEHA&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 503328c6000000000000002682577d0f
FF - user.js: extensions.incredibar_i.hardId - 503328c6000000000000002682577d0f
FF - user.js: extensions.incredibar_i.instlDay - 15353
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2722:30
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OypJgPEHA
FF - user.js: extensions.incredibar_i.upn2n - 92260720934036790
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10556
FF - user.js: extensions.incredibar_i.ppd - 1000


ClearJavaCache::


  • Save this as CFScript.txt, in the same location as ComboFix.exe.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.

  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.



Please post in your next reply
Combofix.txt
MBAM Log
Let me know how your system behaves now :)

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#8 oxr52a

oxr52a

    New Member

  • Members
  • Pip
  • 24 posts

Posted 03 February 2012 - 06:00 PM

The computer is functioning normally. Malwarebytes returned no threats.

ComboFix 12-02-02.02 - Nolan Scott 02/03/2012 17:22:31.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.6470 [GMT -5:00]
Running from: c:\users\Nolan Scott\Desktop\ComboFix.exe
Command switches used :: c:\users\Nolan Scott\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))
.
.
2012-02-03 22:27 . 2012-02-03 22:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-02 23:09 . 2012-02-02 23:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-01 00:22 . 2012-02-01 00:22 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-01-29 18:17 . 2012-01-29 18:17 -------- d-----w- c:\users\Nolan Scott\AppData\Roaming\AppClient
2012-01-29 18:17 . 2012-01-31 03:12 -------- d-----w- c:\users\Nolan Scott\AppData\Local\Deployment
2012-01-29 18:17 . 2012-01-29 18:17 -------- d-----w- c:\users\Nolan Scott\AppData\Local\Apps
2012-01-28 20:06 . 2012-01-28 20:06 -------- d-----w- c:\windows\Sun
2012-01-28 13:41 . 2012-01-28 19:49 -------- d-----w- c:\windows\system32\drivers\NISx64\1305000.091
2012-01-27 01:11 . 2012-01-27 01:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\4BB0.tmp
2012-01-27 01:11 . 2012-01-27 01:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\4BAF.tmp
2012-01-14 03:31 . 2012-01-14 03:31 -------- d-----w- c:\program files (x86)\ADLSoft UnCompressor
2012-01-14 03:30 . 2012-01-14 03:30 451 ----a-w- C:\user.js
2012-01-12 00:44 . 2012-01-12 00:44 -------- d-----w- c:\windows\system32\ms-MY
2012-01-12 00:28 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-12 00:28 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 00:28 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-12 00:28 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-12 00:28 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 00:28 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-12 00:27 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-12 00:27 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\ko-KR
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\ms-MY
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\id-ID
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\sv-SE
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\nb-NO
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\hu-HU
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\fi-FI
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\el-GR
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\da-DK
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\cs-CZ
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\zh-TW
2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\ru-RU
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\pl-PL
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\zh-CN
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-BR
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES
2012-01-05 23:34 . 2012-01-05 23:51 -------- d-----w- c:\users\Nolan Scott\AppData\Local\NPE
2012-01-05 01:37 . 2012-01-05 01:37 -------- d-----w- c:\users\Nolan Scott\AppData\Roaming\Tific
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-28 13:41 . 2010-03-10 16:07 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-12-10 20:24 . 2010-03-10 16:23 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 14:48 . 2011-05-27 00:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-19 00:22 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2012-01-03 11:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{992FA99F-1C48-4FAB-81EB-F8EDD821CD34}\mpengine.dll
2011-11-15 19:29 . 2010-07-24 15:24 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-02_23.29.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-02 03:13 . 2012-02-03 22:14 61524 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-03 22:14 31990 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-10 15:57 . 2012-02-03 22:14 21564 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-691728720-1317653375-3200975859-1001_UserData.bin
+ 2010-03-10 15:50 . 2012-02-02 23:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-10 15:50 . 2012-01-31 02:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-10 15:50 . 2012-01-31 02:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-10 15:50 . 2012-02-02 23:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-02 23:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-31 02:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-02 23:28 . 2012-02-02 23:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-03 22:27 . 2012-02-03 22:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-02 23:28 . 2012-02-02 23:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-03 22:27 . 2012-02-03 22:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-02-03 01:38 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-02 23:01 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-11 07:06 . 2012-02-03 11:24 320458 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 05:01 . 2012-02-02 23:27 321104 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-03 22:27 321104 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-02-02 23:01 6176768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-03 01:38 6176768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-10 18:42 . 2012-02-03 22:27 9831655 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-691728720-1317653375-3200975859-1001-8192.dat
- 2010-03-10 18:42 . 2012-02-02 23:27 9831655 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-691728720-1317653375-3200975859-1001-8192.dat
- 2009-07-14 04:54 . 2012-02-02 23:01 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-03 01:38 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-05 13:53 . 2012-02-03 22:27 62744064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-691728720-1317653375-3200975859-1001-4096.dat
- 2010-11-05 13:53 . 2012-02-02 23:28 62744064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-691728720-1317653375-3200975859-1001-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}]
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{F9639E4A-801B-4843-AEE3-03D9DA199E77}"= "c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{f9639e4a-801b-4843-aee3-03d9da199e77}]
[HKEY_CLASSES_ROOT\Incredibar.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Incredibar.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-13 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2111296]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [x]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2011-12-01 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120202.002\IDSvia64.sys [2011-12-15 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-30 138248]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 00:22]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 00:22]
.
2012-02-02 c:\windows\Tasks\HPCeeScheduleForNolan Scott.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2011-09-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6461BF92-C357-4EE9-807F-6745DE002A8D}: NameServer = 66.1.32.132 66.1.32.133
FF - ProfilePath - c:\users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb110?a=6OypJgPEHA&i=26
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb110/?loc=IB_DS&a=6OypJgPEHA&&i=26&search=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OypJgPEHA&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 503328c6000000000000002682577d0f
FF - user.js: extensions.incredibar_i.hardId - 503328c6000000000000002682577d0f
FF - user.js: extensions.incredibar_i.instlDay - 15353
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2722:30
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OypJgPEHA
FF - user.js: extensions.incredibar_i.upn2n - 92260720934036790
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10556
FF - user.js: extensions.incredibar_i.ppd - 1000
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\cltLMH.exe
.
**************************************************************************
.
Completion time: 2012-02-03 17:33:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-03 22:33
ComboFix2.txt 2012-02-02 23:34
.
Pre-Run: 804,805,869,568 bytes free
Post-Run: 804,727,578,624 bytes free
.
- - End Of File - - CCEB125C9444138C6CEE452C4916D3C1



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.03.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nolan Scott :: NES-PC [administrator]
2/3/2012 5:45:46 PM
mbam-log-2012-02-03 (17-45-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 182969
Time elapsed: 4 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

#9 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 905 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 03 February 2012 - 11:18 PM

Hy there,
Glad to hear your system is better now. Something add the removed Incredibar Toolbar back. So let me look a little bit closer over this.


Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):
Incredibar Toolbar on IE and Chrome



Download OTL to your Desktop.
  • Double click on the icon to run it.
  • Under the Posted Image box paste this in
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.manifest /3
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both logfiles in your next reply.



Please post in your next reply
OTL.txt
Extras.txt

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#10 oxr52a

oxr52a

    New Member

  • Members
  • Pip
  • 24 posts

Posted 04 February 2012 - 09:04 AM

Incredibar Toolbar on IE and Chrome is in Add/Remove programs. When I try uninstall it, I get this message:

"An error occurred while trying to uninstall Incredibar Toolbar on IE and Chrome. It may have already been uninstalled.

Would you like to remove Incredibar Toolbar on IE and Chrome from the Programs and Features list?"

Here are the text files:

OTL logfile created on: 2/4/2012 8:44:29 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nolan Scott\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.76 Gb Available Physical Memory | 74.34% Memory free
15.50 Gb Paging File | 13.61 Gb Available in Paging File | 87.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.64 Gb Total Space | 751.37 Gb Free Space | 81.61% Space Free | Partition Type: NTFS
Drive D: | 10.77 Gb Total Space | 1.57 Gb Free Space | 14.58% Space Free | Partition Type: NTFS
Drive E: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 930.86 Gb Total Space | 684.31 Gb Free Space | 73.51% Space Free | Partition Type: NTFS

Computer Name: NES-PC | User Name: Nolan Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/04 08:34:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/03 01:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/08/01 10:12:52 | 001,338,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV:64bit: - [2011/08/01 10:12:50 | 001,978,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV:64bit: - [2011/08/01 10:12:46 | 000,317,328 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/28 08:41:49 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/11/23 21:23:47 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/11/23 20:50:27 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/11/23 20:50:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/11/16 22:37:59 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/11/16 22:17:49 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/11/04 18:59:30 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/07/25 21:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/05/16 20:09:42 | 000,285,696 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV:64bit: - [2010/05/16 20:09:42 | 000,211,328 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV:64bit: - [2010/05/16 20:09:26 | 000,255,488 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2010/03/26 19:08:34 | 000,359,040 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2010/03/26 19:04:34 | 000,062,976 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2010/03/10 15:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/07/30 12:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 10:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/02/04 08:30:55 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120203.036\ex64.sys -- (NAVEX15)
DRV - [2012/02/04 08:30:55 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120203.036\eng64.sys -- (NAVENG)
DRV - [2012/02/03 22:02:31 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/03 22:02:31 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/15 18:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120203.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "http://mystart.incre...6OypJgPEHA&i=26"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.6.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/01/28 08:20:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/02/04 08:10:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/12 12:28:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/17 06:16:16 | 000,000,000 | ---D | M]

[2010/07/12 18:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Extensions
[2012/02/04 08:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions
[2010/11/26 13:08:53 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010/11/26 13:08:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\engine@conduit.com
[2012/01/13 22:30:42 | 000,002,203 | ---- | M] () -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\searchplugins\MyStart Search.xml
[2012/02/03 19:41:06 | 000,002,470 | ---- | M] () -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\searchplugins\safesearch.xml
[2011/03/03 18:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/03 18:42:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/02/04 08:10:01 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\COFFPLGN
[2012/01/28 08:20:31 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPLGN
[2011/03/03 18:41:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Norton Identity Protection = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\
CHR - Extension: Gmail = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/03 17:28:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll File not found
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6461BF92-C357-4EE9-807F-6745DE002A8D}: NameServer = 66.1.32.132 66.1.32.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C553182D-B1D8-4C61-A369-24D891835C5A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 16:12:18 | 000,000,088 | ---- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2012/02/04 08:34:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exe
[2012/02/03 18:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2012/02/03 18:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
[2012/02/03 17:35:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/03 17:33:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/02 18:21:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/02 18:21:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/02 18:21:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/02 18:21:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/02 18:20:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/02 18:09:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/01 19:19:53 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Nolan Scott\Desktop\aswMBR.exe
[2012/02/01 19:15:32 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nolan Scott\Desktop\tdsskiller.exe
[2012/01/31 19:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/01/31 19:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/01/29 13:17:36 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Roaming\AppClient
[2012/01/29 13:17:06 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Local\Deployment
[2012/01/29 13:17:06 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Local\Apps
[2012/01/28 15:06:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/13 22:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdlSoft Uncompressor
[2012/01/13 22:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ADLSoft UnCompressor
[2012/01/11 19:44:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ms-MY
[2012/01/09 19:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2012/01/05 18:34:27 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Local\NPE

========== Files - Modified Within 30 Days ==========

[2012/02/04 08:34:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exe
[2012/02/04 08:23:42 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 08:23:42 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 08:17:30 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/04 08:09:48 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/02/04 08:09:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/04 08:09:37 | 1945,554,943 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/03 22:10:00 | 001,990,379 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Cat.DB
[2012/02/03 22:04:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/03 18:53:09 | 000,001,161 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
[2012/02/03 17:28:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/01 19:23:41 | 000,000,022 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\MBR (zipped).zip
[2012/02/01 19:22:46 | 000,000,512 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\MBR.dat
[2012/02/01 19:20:20 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Nolan Scott\Desktop\aswMBR.exe
[2012/02/01 19:15:33 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nolan Scott\Desktop\tdsskiller.exe
[2012/02/01 19:01:01 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNolan Scott.job
[2012/01/31 19:24:07 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/01/30 20:15:18 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/28 14:50:34 | 000,002,514 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/01/28 14:49:53 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\VT20111023.024
[2012/01/28 08:41:49 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/01/28 08:41:49 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/01/28 08:41:49 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/01/26 23:26:45 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\isolate.ini
[2012/01/26 03:01:40 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/25 21:52:44 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/22 19:02:28 | 000,002,456 | ---- | M] () -- C:\{0DC75D24-118E-4230-B2EB-FA4EC553AA28}
[2012/01/13 22:30:55 | 000,000,451 | ---- | M] () -- C:\user.js
[2012/01/11 22:07:23 | 000,739,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/11 22:07:23 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/11 22:07:23 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/09 19:51:15 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2012/01/05 22:02:01 | 000,002,017 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\CyberLink PowerDirector.lnk
[2012/01/05 18:49:10 | 000,001,286 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\Norton Installation Files.lnk

========== Files Created - No Company Name ==========

[2012/02/03 18:53:08 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
[2012/02/02 18:21:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/02 18:21:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/02 18:21:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/02 18:21:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/02 18:21:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/01 19:23:41 | 000,000,022 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\MBR (zipped).zip
[2012/02/01 19:22:46 | 000,000,512 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\MBR.dat
[2012/01/31 19:24:04 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/01/22 19:02:27 | 000,002,456 | ---- | C] () -- C:\{0DC75D24-118E-4230-B2EB-FA4EC553AA28}
[2012/01/13 22:30:54 | 000,000,451 | ---- | C] () -- C:\user.js
[2012/01/09 19:51:14 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2012/01/04 20:12:31 | 000,010,854 | -HS- | C] () -- C:\Users\Nolan Scott\AppData\Local\cxd8o8j8hsar
[2012/01/04 20:12:31 | 000,010,854 | -HS- | C] () -- C:\ProgramData\cxd8o8j8hsar
[2011/10/09 20:56:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/11/20 15:29:58 | 000,000,285 | ---- | C] () -- C:\Windows\EReg072.dat
[2010/11/20 15:29:46 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2010/11/09 16:03:03 | 000,033,134 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Roaming\UserTile.png
[2010/09/12 19:04:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/04/09 14:08:26 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\zmbv.dll
[2010/03/21 21:03:57 | 001,354,833 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Local\tmpP3160007.JPG
[2010/03/21 16:39:12 | 001,196,978 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Local\tmpP3160011.JPG
[2010/03/10 11:39:21 | 000,000,011 | ---- | C] () -- C:\Windows\OSA.INI
[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2012/01/29 13:17:43 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\AppClient
[2012/01/30 22:14:43 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\BitTorrent
[2012/01/31 05:52:18 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Dropbox
[2010/03/10 13:42:10 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\GetRightToGo
[2010/03/10 11:01:20 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\PictureMover
[2010/03/29 11:00:03 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Publish Providers
[2011/10/09 20:56:20 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Sierra Wireless
[2010/03/23 21:22:04 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Sony
[2012/01/04 20:37:41 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Tific
[2010/03/10 11:52:29 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Western Digital
[2010/03/11 19:01:06 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\WinBatch
[2010/10/28 19:17:10 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Windows Live Writer
[2011/09/30 09:33:47 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/01/05 19:37:05 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86
< End of report >

OTL Extras logfile created on: 2/4/2012 8:35:09 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nolan Scott\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.87 Gb Available Physical Memory | 75.78% Memory free
15.50 Gb Paging File | 13.69 Gb Available in Paging File | 88.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.64 Gb Total Space | 751.37 Gb Free Space | 81.61% Space Free | Partition Type: NTFS
Drive D: | 10.77 Gb Total Space | 1.57 Gb Free Space | 14.58% Space Free | Partition Type: NTFS
Drive E: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 930.86 Gb Total Space | 684.31 Gb Free Space | 73.51% Space Free | Partition Type: NTFS

Computer Name: NES-PC | User Name: Nolan Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23B47A34-0517-48DA-8B76-015DA8546893}" = WD SmartWare
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F31E3C75-A273-419A-8BEB-58835F28BD47}" = Initio USB Default Controller Driver 64-bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7FC8C210-A319-4835-A87D-B935EFB4C148}" = Microsoft Live Search Toolbar
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Finale SongWriter 2005" = Finale SongWriter 2005
"Google Chrome" = Google Chrome
"HP Remote Solution" = HP Remote Solution
"incredibar" = Incredibar Toolbar on IE and Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NIS" = Norton Internet Security
"SShockDeinstallKey" = System Shock2
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"ZMBV" = Zip Motion Block Video codec (Remove Only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/7/2011 8:46:54 PM | Computer Name = NES-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: ccIPC.dll, version: 10.1.0.37, time
stamp: 0x4cec764e Exception code: 0xc0000005 Fault offset: 0x000014e6 Faulting process
id: 0xa2c Faulting application start time: 0x01cc0d138ef6abe0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccIPC.dll Report
Id: ab0a612c-790c-11e0-8b02-e0cb4e9bde34

Error - 5/8/2011 10:58:49 PM | Computer Name = NES-PC | Source = Windows Backup | ID = 4103
Description =

Error - 5/10/2011 6:13:35 AM | Computer Name = NES-PC | Source = WPDMTPDriver | ID = 80836
Description =

Error - 5/11/2011 7:10:40 PM | Computer Name = NES-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: cb4 Start
Time: 01cc1030492e3770 Termination Time: 78 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 5/13/2011 6:19:11 AM | Computer Name = NES-PC | Source = WPDMTPDriver | ID = 80836
Description =

Error - 5/15/2011 7:00:01 PM | Computer Name = NES-PC | Source = Windows Backup | ID = 4103
Description =

Error - 5/17/2011 6:21:51 AM | Computer Name = NES-PC | Source = WPDMTPDriver | ID = 80836
Description =

Error - 5/17/2011 10:02:43 PM | Computer Name = NES-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: Flash10p.ocx, version: 10.2.159.1, time
stamp: 0x4da39a4c Exception code: 0xc0000005 Fault offset: 0x001930b4 Faulting process
id: 0x1374 Faulting application start time: 0x01cc14f4891a1174 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\Macromed\Flash\Flash10p.ocx Report Id: ea56f244-80f2-11e0-ab1e-e0cb4e9bde34

Error - 5/20/2011 6:18:48 AM | Computer Name = NES-PC | Source = WPDMTPDriver | ID = 80836
Description =

Error - 5/22/2011 7:00:08 PM | Computer Name = NES-PC | Source = Windows Backup | ID = 4103
Description =

[ Hewlett-Packard Events ]
Error - 1/3/2011 8:30:16 PM | Computer Name = NES-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011103073012.xml
File not created by asset agent

Error - 2/21/2011 8:05:48 PM | Computer Name = NES-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021121070516.xml
File not created by asset agent

Error - 2/21/2011 8:06:20 PM | Computer Name = NES-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021121070548.xml
File not created by asset agent

Error - 5/30/2011 11:23:11 PM | Computer Name = NES-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051130112309.xml
File not created by asset agent

Error - 5/30/2011 11:23:14 PM | Computer Name = NES-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051130112311.xml
File not created by asset agent

Error - 10/24/2011 4:38:36 PM | Computer Name = NES-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/c9636717_e749_4bdf_b344_e2a7e230c6d0/ttrcl2xdqm0u2mxgqazkq2m6_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 7935 Ram Utilization: 20 TargetSite: Void UpdateDetail(System.String)

[ System Events ]
Error - 2/3/2012 6:24:49 PM | Computer Name = NES-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/3/2012 6:27:05 PM | Computer Name = NES-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/3/2012 6:30:35 PM | Computer Name = NES-PC | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%31

Error - 2/3/2012 8:24:11 PM | Computer Name = NES-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 2/3/2012 8:24:11 PM | Computer Name = NES-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 2/3/2012 8:24:15 PM | Computer Name = NES-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NIS service.

Error - 2/3/2012 8:29:41 PM | Computer Name = NES-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 2/3/2012 11:19:36 PM | Computer Name = NES-PC | Source = DCOM | ID = 10010
Description =

Error - 2/3/2012 11:20:18 PM | Computer Name = NES-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Font Cache Service service hung on starting.

Error - 2/4/2012 9:16:59 AM | Computer Name = NES-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.


< End of report >

#11 oxr52a

oxr52a

    New Member

  • Members
  • Pip
  • 24 posts

Posted 04 February 2012 - 09:21 AM

This also may be relevant for you. In Add/Remove programs, it says that Incredibar Toolbar on IE and Chrome was installed on 1/13/2012.

#12 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 905 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 04 February 2012 - 09:23 AM

It looks like the OTL.txt is not complete. Please open OTL.txt, highlight all -> copy and paste it here

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#13 oxr52a

oxr52a

    New Member

  • Members
  • Pip
  • 24 posts

Posted 04 February 2012 - 09:22 PM

Here it is again. I have made sure all the text is highlighted.

OTL logfile created on: 2/4/2012 8:44:29 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nolan Scott\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.76 Gb Available Physical Memory | 74.34% Memory free
15.50 Gb Paging File | 13.61 Gb Available in Paging File | 87.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.64 Gb Total Space | 751.37 Gb Free Space | 81.61% Space Free | Partition Type: NTFS
Drive D: | 10.77 Gb Total Space | 1.57 Gb Free Space | 14.58% Space Free | Partition Type: NTFS
Drive E: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 930.86 Gb Total Space | 684.31 Gb Free Space | 73.51% Space Free | Partition Type: NTFS

Computer Name: NES-PC | User Name: Nolan Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/04 08:34:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/03 01:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/08/01 10:12:52 | 001,338,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV:64bit: - [2011/08/01 10:12:50 | 001,978,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV:64bit: - [2011/08/01 10:12:46 | 000,317,328 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/28 08:41:49 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/11/23 21:23:47 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/11/23 20:50:27 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/11/23 20:50:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/11/16 22:37:59 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/11/16 22:17:49 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/11/04 18:59:30 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/07/25 21:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/05/16 20:09:42 | 000,285,696 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV:64bit: - [2010/05/16 20:09:42 | 000,211,328 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV:64bit: - [2010/05/16 20:09:26 | 000,255,488 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2010/03/26 19:08:34 | 000,359,040 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2010/03/26 19:04:34 | 000,062,976 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2010/03/10 15:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/07/30 12:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 10:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/02/04 08:30:55 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120203.036\ex64.sys -- (NAVEX15)
DRV - [2012/02/04 08:30:55 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120203.036\eng64.sys -- (NAVENG)
DRV - [2012/02/03 22:02:31 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/03 22:02:31 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/15 18:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120203.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "http://mystart.incre...6OypJgPEHA&i=26"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.6.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/01/28 08:20:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/02/04 08:10:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/12 12:28:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/17 06:16:16 | 000,000,000 | ---D | M]

[2010/07/12 18:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Extensions
[2012/02/04 08:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions
[2010/11/26 13:08:53 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010/11/26 13:08:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\engine@conduit.com
[2012/01/13 22:30:42 | 000,002,203 | ---- | M] () -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\searchplugins\MyStart Search.xml
[2012/02/03 19:41:06 | 000,002,470 | ---- | M] () -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\searchplugins\safesearch.xml
[2011/03/03 18:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/03 18:42:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/02/04 08:10:01 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\COFFPLGN
[2012/01/28 08:20:31 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPLGN
[2011/03/03 18:41:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Norton Identity Protection = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\
CHR - Extension: Gmail = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/03 17:28:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll File not found
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6461BF92-C357-4EE9-807F-6745DE002A8D}: NameServer = 66.1.32.132 66.1.32.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C553182D-B1D8-4C61-A369-24D891835C5A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 16:12:18 | 000,000,088 | ---- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2012/02/04 08:34:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exe
[2012/02/03 18:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2012/02/03 18:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
[2012/02/03 17:35:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/03 17:33:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/02 18:21:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/02 18:21:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/02 18:21:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/02 18:21:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/02 18:20:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/02 18:09:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/01 19:19:53 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Nolan Scott\Desktop\aswMBR.exe
[2012/02/01 19:15:32 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nolan Scott\Desktop\tdsskiller.exe
[2012/01/31 19:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/01/31 19:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/01/29 13:17:36 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Roaming\AppClient
[2012/01/29 13:17:06 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Local\Deployment
[2012/01/29 13:17:06 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Local\Apps
[2012/01/28 15:06:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/13 22:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdlSoft Uncompressor
[2012/01/13 22:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ADLSoft UnCompressor
[2012/01/11 19:44:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ms-MY
[2012/01/09 19:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2012/01/05 18:34:27 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Local\NPE

========== Files - Modified Within 30 Days ==========

[2012/02/04 08:34:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exe
[2012/02/04 08:23:42 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 08:23:42 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 08:17:30 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/04 08:09:48 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/02/04 08:09:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/04 08:09:37 | 1945,554,943 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/03 22:10:00 | 001,990,379 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Cat.DB
[2012/02/03 22:04:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/03 18:53:09 | 000,001,161 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
[2012/02/03 17:28:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/01 19:23:41 | 000,000,022 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\MBR (zipped).zip
[2012/02/01 19:22:46 | 000,000,512 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\MBR.dat
[2012/02/01 19:20:20 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Nolan Scott\Desktop\aswMBR.exe
[2012/02/01 19:15:33 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nolan Scott\Desktop\tdsskiller.exe
[2012/02/01 19:01:01 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNolan Scott.job
[2012/01/31 19:24:07 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/01/30 20:15:18 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/28 14:50:34 | 000,002,514 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/01/28 14:49:53 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\VT20111023.024
[2012/01/28 08:41:49 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/01/28 08:41:49 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/01/28 08:41:49 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/01/26 23:26:45 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\isolate.ini
[2012/01/26 03:01:40 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/25 21:52:44 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/22 19:02:28 | 000,002,456 | ---- | M] () -- C:\{0DC75D24-118E-4230-B2EB-FA4EC553AA28}
[2012/01/13 22:30:55 | 000,000,451 | ---- | M] () -- C:\user.js
[2012/01/11 22:07:23 | 000,739,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/11 22:07:23 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/11 22:07:23 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/09 19:51:15 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2012/01/05 22:02:01 | 000,002,017 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\CyberLink PowerDirector.lnk
[2012/01/05 18:49:10 | 000,001,286 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\Norton Installation Files.lnk

========== Files Created - No Company Name ==========

[2012/02/03 18:53:08 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
[2012/02/02 18:21:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/02 18:21:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/02 18:21:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/02 18:21:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/02 18:21:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/01 19:23:41 | 000,000,022 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\MBR (zipped).zip
[2012/02/01 19:22:46 | 000,000,512 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\MBR.dat
[2012/01/31 19:24:04 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/01/22 19:02:27 | 000,002,456 | ---- | C] () -- C:\{0DC75D24-118E-4230-B2EB-FA4EC553AA28}
[2012/01/13 22:30:54 | 000,000,451 | ---- | C] () -- C:\user.js
[2012/01/09 19:51:14 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2012/01/04 20:12:31 | 000,010,854 | -HS- | C] () -- C:\Users\Nolan Scott\AppData\Local\cxd8o8j8hsar
[2012/01/04 20:12:31 | 000,010,854 | -HS- | C] () -- C:\ProgramData\cxd8o8j8hsar
[2011/10/09 20:56:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/11/20 15:29:58 | 000,000,285 | ---- | C] () -- C:\Windows\EReg072.dat
[2010/11/20 15:29:46 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2010/11/09 16:03:03 | 000,033,134 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Roaming\UserTile.png
[2010/09/12 19:04:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/04/09 14:08:26 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\zmbv.dll
[2010/03/21 21:03:57 | 001,354,833 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Local\tmpP3160007.JPG
[2010/03/21 16:39:12 | 001,196,978 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Local\tmpP3160011.JPG
[2010/03/10 11:39:21 | 000,000,011 | ---- | C] () -- C:\Windows\OSA.INI
[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2012/01/29 13:17:43 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\AppClient
[2012/01/30 22:14:43 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\BitTorrent
[2012/01/31 05:52:18 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Dropbox
[2010/03/10 13:42:10 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\GetRightToGo
[2010/03/10 11:01:20 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\PictureMover
[2010/03/29 11:00:03 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Publish Providers
[2011/10/09 20:56:20 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Sierra Wireless
[2010/03/23 21:22:04 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Sony
[2012/01/04 20:37:41 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Tific
[2010/03/10 11:52:29 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Western Digital
[2010/03/11 19:01:06 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\WinBatch
[2010/10/28 19:17:10 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Windows Live Writer
[2011/09/30 09:33:47 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/01/05 19:37:05 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86
< End of report >

#14 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 905 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 05 February 2012 - 03:25 AM

Hy there,

I miss the whole Custom Scan part. Sorry to annoy you with it, but I need those informations also.

  • Double click on the OTL icon to run it.
  • Under the Posted Image box paste this in
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.manifest /3
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a OTL.Txt . It is saved in the same location as OTL.
Please post this logfile in your next reply.

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#15 oxr52a

oxr52a

    New Member

  • Members
  • Pip
  • 24 posts

Posted 06 February 2012 - 08:10 PM

No problem. Whatever it takes to get it fixed. Here it is:

OTL logfile created on: 2/6/2012 7:59:57 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nolan Scott\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.85 Gb Available Physical Memory | 75.49% Memory free
15.50 Gb Paging File | 13.57 Gb Available in Paging File | 87.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.64 Gb Total Space | 748.02 Gb Free Space | 81.25% Space Free | Partition Type: NTFS
Drive D: | 10.77 Gb Total Space | 1.57 Gb Free Space | 14.58% Space Free | Partition Type: NTFS
Drive E: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 930.86 Gb Total Space | 684.31 Gb Free Space | 73.51% Space Free | Partition Type: NTFS

Computer Name: NES-PC | User Name: Nolan Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/04 08:34:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exe
PRC - [2012/01/10 05:58:57 | 000,307,312 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/10 09:48:59 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/20 07:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/09/03 01:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
PRC - [2009/10/07 07:22:28 | 000,091,704 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 02:26:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 02:26:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 02:26:54 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 02:26:42 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/08/01 10:12:52 | 001,338,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV:64bit: - [2011/08/01 10:12:50 | 001,978,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV:64bit: - [2011/08/01 10:12:46 | 000,317,328 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/28 08:41:49 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/11/23 21:23:47 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/11/23 20:50:27 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/11/23 20:50:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/11/16 22:37:59 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/11/16 22:17:49 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/11/04 18:59:30 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/07/25 21:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/05/16 20:09:42 | 000,285,696 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV:64bit: - [2010/05/16 20:09:42 | 000,211,328 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV:64bit: - [2010/05/16 20:09:26 | 000,255,488 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2010/03/26 19:08:34 | 000,359,040 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2010/03/26 19:04:34 | 000,062,976 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2010/03/10 15:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/07/30 12:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 10:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/02/05 05:49:51 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120204.023\ex64.sys -- (NAVEX15)
DRV - [2012/02/05 05:49:51 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/05 05:49:51 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120204.023\eng64.sys -- (NAVENG)
DRV - [2012/02/03 22:02:31 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/15 18:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120203.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "http://mystart.incre...6OypJgPEHA&i=26"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.6.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/01/28 08:20:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/02/06 19:48:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/12 12:28:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/17 06:16:16 | 000,000,000 | ---D | M]

[2010/07/12 18:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Extensions
[2012/02/05 05:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions
[2010/11/26 13:08:53 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010/11/26 13:08:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\engine@conduit.com
[2012/01/13 22:30:42 | 000,002,203 | ---- | M] () -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\searchplugins\MyStart Search.xml
[2012/02/03 19:41:06 | 000,002,470 | ---- | M] () -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\searchplugins\safesearch.xml
[2011/03/03 18:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/03 18:42:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/02/06 19:48:23 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\COFFPLGN
[2012/01/28 08:20:31 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPLGN
[2011/03/03 18:41:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Norton Identity Protection = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\
CHR - Extension: Gmail = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/03 17:28:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll File not found
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6461BF92-C357-4EE9-807F-6745DE002A8D}: NameServer = 66.1.32.132 66.1.32.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C553182D-B1D8-4C61-A369-24D891835C5A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 16:12:18 | 000,000,088 | ---- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2012/02/04 08:34:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exe
[2012/02/03 18:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2012/02/03 18:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
[2012/02/03 17:35:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/03 17:33:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/02 18:21:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/02 18:21:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/02 18:21:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/02 18:21:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/02 18:20:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/02 18:09:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/01 19:19:53 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Nolan Scott\Desktop\aswMBR.exe
[2012/02/01 19:15:32 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nolan Scott\Desktop\tdsskiller.exe
[2012/01/31 19:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/01/31 19:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/01/29 13:17:36 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Roaming\AppClient
[2012/01/29 13:17:06 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Local\Deployment
[2012/01/29 13:17:06 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Local\Apps
[2012/01/28 15:06:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/13 22:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdlSoft Uncompressor
[2012/01/13 22:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ADLSoft UnCompressor
[2012/01/11 19:44:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ms-MY
[2012/01/09 19:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune

========== Files - Modified Within 30 Days ==========

[2012/02/06 20:04:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/06 20:04:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/06 20:00:05 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNolan Scott.job
[2012/02/06 19:57:41 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 19:57:41 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 19:48:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/06 19:48:15 | 1945,554,943 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/05 14:47:20 | 000,237,407 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\berm.jpg
[2012/02/05 14:42:42 | 000,092,092 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\jump.jpg
[2012/02/04 21:14:00 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/02/04 08:34:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exe
[2012/02/03 22:10:00 | 001,990,379 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Cat.DB
[2012/02/03 18:53:09 | 000,001,161 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
[2012/02/03 17:28:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/01 19:23:41 | 000,000,022 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\MBR (zipped).zip
[2012/02/01 19:22:46 | 000,000,512 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\MBR.dat
[2012/02/01 19:20:20 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Nolan Scott\Desktop\aswMBR.exe
[2012/02/01 19:15:33 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nolan Scott\Desktop\tdsskiller.exe
[2012/01/31 19:24:07 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/01/30 20:15:18 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/28 14:50:34 | 000,002,514 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/01/28 14:49:53 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\VT20111023.024
[2012/01/28 08:41:49 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/01/28 08:41:49 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/01/28 08:41:49 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/01/26 23:26:45 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\isolate.ini
[2012/01/26 03:01:40 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/25 21:52:44 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/22 19:02:28 | 000,002,456 | ---- | M] () -- C:\{0DC75D24-118E-4230-B2EB-FA4EC553AA28}
[2012/01/13 22:30:55 | 000,000,451 | ---- | M] () -- C:\user.js
[2012/01/11 22:07:23 | 000,739,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/11 22:07:23 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/11 22:07:23 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/09 19:51:15 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk

========== Files Created - No Company Name ==========

[2012/02/06 20:00:05 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForNolan Scott.job
[2012/02/05 14:52:25 | 000,092,092 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\jump.jpg
[2012/02/05 14:50:34 | 000,237,407 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\berm.jpg
[2012/02/03 18:53:08 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
[2012/02/02 18:21:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/02 18:21:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/02 18:21:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/02 18:21:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/02 18:21:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/01 19:23:41 | 000,000,022 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\MBR (zipped).zip
[2012/02/01 19:22:46 | 000,000,512 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\MBR.dat
[2012/01/31 19:24:04 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/01/22 19:02:27 | 000,002,456 | ---- | C] () -- C:\{0DC75D24-118E-4230-B2EB-FA4EC553AA28}
[2012/01/13 22:30:54 | 000,000,451 | ---- | C] () -- C:\user.js
[2012/01/09 19:51:14 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2012/01/04 20:12:31 | 000,010,854 | -HS- | C] () -- C:\Users\Nolan Scott\AppData\Local\cxd8o8j8hsar
[2012/01/04 20:12:31 | 000,010,854 | -HS- | C] () -- C:\ProgramData\cxd8o8j8hsar
[2011/10/09 20:56:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/11/20 15:29:58 | 000,000,285 | ---- | C] () -- C:\Windows\EReg072.dat
[2010/11/20 15:29:46 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2010/11/09 16:03:03 | 000,033,134 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Roaming\UserTile.png
[2010/09/12 19:04:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/04/09 14:08:26 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\zmbv.dll
[2010/03/21 21:03:57 | 001,354,833 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Local\tmpP3160007.JPG
[2010/03/21 16:39:12 | 001,196,978 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Local\tmpP3160011.JPG
[2010/03/10 11:39:21 | 000,000,011 | ---- | C] () -- C:\Windows\OSA.INI
[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2012/01/29 13:17:43 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\AppClient
[2012/01/30 22:14:43 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\BitTorrent
[2012/01/31 05:52:18 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Dropbox
[2010/03/10 13:42:10 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\GetRightToGo
[2010/03/10 11:01:20 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\PictureMover
[2010/03/29 11:00:03 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Publish Providers
[2011/10/09 20:56:20 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Sierra Wireless
[2010/03/23 21:22:04 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Sony
[2012/01/04 20:37:41 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Tific
[2010/03/10 11:52:29 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Western Digital
[2010/03/11 19:01:06 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\WinBatch
[2010/10/28 19:17:10 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Windows Live Writer
[2011/09/30 09:33:47 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/01/05 19:37:05 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86
< End of report >

#16 oxr52a

oxr52a

    New Member

  • Members
  • Pip
  • 24 posts

Posted 06 February 2012 - 09:35 PM

Shortly after making that last post, the computer crashed. After I was able to get the computer booted back up, I ran a quick scan with Malwarebytes. I think trojan.agent has also returned. I did not perform any fixes after checking with the quick scan. This bug is being very difficult.

#17 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 905 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 07 February 2012 - 01:22 AM

Please do me a favor and read my instructions carefully otherwise it makes it much more work for you and me.
The Custom Scan part is still missing.

Also from my first answer

Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.


regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#18 oxr52a

oxr52a

    New Member

  • Members
  • Pip
  • 24 posts

Posted 07 February 2012 - 08:23 PM

Okay, thanks for your patience. Here it is again. I think that it worked this time.


OTL logfile created on: 2/7/2012 8:12:29 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nolan Scott\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.28 Gb Available Physical Memory | 68.13% Memory free
15.50 Gb Paging File | 13.11 Gb Available in Paging File | 84.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.64 Gb Total Space | 748.21 Gb Free Space | 81.27% Space Free | Partition Type: NTFS
Drive D: | 10.77 Gb Total Space | 1.57 Gb Free Space | 14.58% Space Free | Partition Type: NTFS
Drive E: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 930.86 Gb Total Space | 684.31 Gb Free Space | 73.51% Space Free | Partition Type: NTFS

Computer Name: NES-PC | User Name: Nolan Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/04 08:34:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/03 18:41:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe
PRC - [2011/03/03 18:41:26 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe
PRC - [2010/09/03 01:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/08/01 10:12:52 | 001,338,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV:64bit: - [2011/08/01 10:12:50 | 001,978,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV:64bit: - [2011/08/01 10:12:46 | 000,317,328 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/28 08:41:49 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/11/23 21:23:47 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/11/23 20:50:27 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/11/23 20:50:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/11/16 22:37:59 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/11/16 22:17:49 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/11/04 18:59:30 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/07/25 21:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/05/16 20:09:42 | 000,285,696 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV:64bit: - [2010/05/16 20:09:42 | 000,211,328 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV:64bit: - [2010/05/16 20:09:26 | 000,255,488 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2010/03/26 19:08:34 | 000,359,040 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2010/03/26 19:04:34 | 000,062,976 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2010/03/10 15:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/07/30 12:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 10:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/02/07 19:56:59 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120207.005\ex64.sys -- (NAVEX15)
DRV - [2012/02/07 19:56:59 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120207.005\eng64.sys -- (NAVENG)
DRV - [2012/02/05 05:49:51 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/03 22:02:31 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/15 18:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120207.005\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "http://mystart.incre...6OypJgPEHA&i=26"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.6.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/01/28 08:20:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/02/07 19:36:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/12 12:28:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/17 06:16:16 | 000,000,000 | ---D | M]

[2010/07/12 18:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Extensions
[2012/02/05 05:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions
[2010/11/26 13:08:53 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010/11/26 13:08:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\engine@conduit.com
[2012/01/13 22:30:42 | 000,002,203 | ---- | M] () -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\searchplugins\MyStart Search.xml
[2012/02/03 19:41:06 | 000,002,470 | ---- | M] () -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\searchplugins\safesearch.xml
[2011/03/03 18:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/03 18:42:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/02/07 19:36:25 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\COFFPLGN
[2012/01/28 08:20:31 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPLGN
[2011/03/03 18:41:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Norton Identity Protection = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\
CHR - Extension: Gmail = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/03 17:28:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll File not found
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6461BF92-C357-4EE9-807F-6745DE002A8D}: NameServer = 66.1.32.132 66.1.32.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C553182D-B1D8-4C61-A369-24D891835C5A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 16:12:18 | 000,000,088 | ---- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP


MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe - (Hewlett-Packard Company)
MsConfig:64bit - StartUpFolder: C:^Users^Nolan Scott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: HP Remote Solution - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HPADVISOR - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/04 08:34:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exe
[2012/02/03 18:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2012/02/03 18:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
[2012/02/03 17:35:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/03 17:33:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/02 18:21:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/02 18:21:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/02 18:21:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/02 18:21:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/02 18:20:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/02 18:09:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/01 19:19:53 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Nolan Scott\Desktop\aswMBR.exe
[2012/02/01 19:15:32 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nolan Scott\Desktop\tdsskiller.exe
[2012/01/31 19:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/01/31 19:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/01/29 13:17:36 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Roaming\AppClient
[2012/01/29 13:17:06 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Local\Deployment
[2012/01/29 13:17:06 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Local\Apps
[2012/01/28 15:06:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/13 22:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdlSoft Uncompressor
[2012/01/13 22:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ADLSoft UnCompressor
[2012/01/11 19:44:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ms-MY
[2012/01/09 19:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune

========== Files - Modified Within 30 Days ==========

[2012/02/07 20:04:16 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/07 20:04:14 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/07 19:52:36 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/07 19:52:36 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/07 19:35:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/07 19:35:09 | 1945,554,943 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/06 21:12:52 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNolan Scott.job
[2012/02/05 14:47:20 | 000,237,407 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\berm.jpg
[2012/02/05 14:42:42 | 000,092,092 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\jump.jpg
[2012/02/04 21:14:00 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/02/04 08:34:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exe
[2012/02/03 22:10:00 | 001,990,379 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Cat.DB
[2012/02/03 18:53:09 | 000,001,161 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
[2012/02/03 17:28:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/01 19:23:41 | 000,000,022 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\MBR (zipped).zip
[2012/02/01 19:22:46 | 000,000,512 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\MBR.dat
[2012/02/01 19:20:20 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Nolan Scott\Desktop\aswMBR.exe
[2012/02/01 19:15:33 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nolan Scott\Desktop\tdsskiller.exe
[2012/01/31 19:24:07 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/01/30 20:15:18 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/28 14:50:34 | 000,002,514 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/01/28 14:49:53 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\VT20111023.024
[2012/01/28 08:41:49 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/01/28 08:41:49 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/01/28 08:41:49 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/01/26 23:26:45 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\isolate.ini
[2012/01/26 03:01:40 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/25 21:52:44 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/22 19:02:28 | 000,002,456 | ---- | M] () -- C:\{0DC75D24-118E-4230-B2EB-FA4EC553AA28}
[2012/01/13 22:30:55 | 000,000,451 | ---- | M] () -- C:\user.js
[2012/01/11 22:07:23 | 000,739,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/11 22:07:23 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/11 22:07:23 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/09 19:51:15 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk

========== Files Created - No Company Name ==========

[2012/02/06 20:00:05 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForNolan Scott.job
[2012/02/05 14:52:25 | 000,092,092 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\jump.jpg
[2012/02/05 14:50:34 | 000,237,407 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\berm.jpg
[2012/02/03 18:53:08 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
[2012/02/02 18:21:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/02 18:21:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/02 18:21:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/02 18:21:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/02 18:21:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/01 19:23:41 | 000,000,022 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\MBR (zipped).zip
[2012/02/01 19:22:46 | 000,000,512 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\MBR.dat
[2012/01/31 19:24:04 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/01/22 19:02:27 | 000,002,456 | ---- | C] () -- C:\{0DC75D24-118E-4230-B2EB-FA4EC553AA28}
[2012/01/13 22:30:54 | 000,000,451 | ---- | C] () -- C:\user.js
[2012/01/09 19:51:14 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2012/01/04 20:12:31 | 000,010,854 | -HS- | C] () -- C:\Users\Nolan Scott\AppData\Local\cxd8o8j8hsar
[2012/01/04 20:12:31 | 000,010,854 | -HS- | C] () -- C:\ProgramData\cxd8o8j8hsar
[2011/10/09 20:56:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/11/20 15:29:58 | 000,000,285 | ---- | C] () -- C:\Windows\EReg072.dat
[2010/11/20 15:29:46 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2010/11/09 16:03:03 | 000,033,134 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Roaming\UserTile.png
[2010/09/12 19:04:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/04/09 14:08:26 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\zmbv.dll
[2010/03/21 21:03:57 | 001,354,833 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Local\tmpP3160007.JPG
[2010/03/21 16:39:12 | 001,196,978 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Local\tmpP3160011.JPG
[2010/03/10 11:39:21 | 000,000,011 | ---- | C] () -- C:\Windows\OSA.INI
[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2012/01/29 13:17:43 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\AppClient
[2012/01/30 22:14:43 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\BitTorrent
[2012/01/31 05:52:18 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Dropbox
[2010/03/10 13:42:10 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\GetRightToGo
[2010/03/10 11:01:20 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\PictureMover
[2010/03/29 11:00:03 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Publish Providers
[2011/10/09 20:56:20 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Sierra Wireless
[2010/03/23 21:22:04 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Sony
[2012/01/04 20:37:41 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Tific
[2010/03/10 11:52:29 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Western Digital
[2010/03/11 19:01:06 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\WinBatch
[2010/10/28 19:17:10 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Windows Live Writer
[2011/09/30 09:33:47 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/01/05 19:37:05 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2012/02/03 17:35:01 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/03/26 11:02:17 | 000,000,000 | ---D | M] -- C:\381573f1073b58ba2f
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/05/08 14:13:27 | 000,000,000 | ---D | M] -- C:\hp
[2010/09/12 19:01:11 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/02/03 18:52:59 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/02/02 18:27:21 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/02/04 21:14:00 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010/12/15 22:11:31 | 000,000,000 | ---D | M] -- C:\Psfonts
[2012/02/03 17:33:10 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010/12/20 21:52:31 | 000,000,000 | ---D | M] -- C:\swsetup
[2012/02/07 20:14:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/12/20 21:52:47 | 000,000,000 | ---D | M] -- C:\SYSTEM.SAV
[2012/02/02 18:09:40 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine
[2010/03/10 10:55:35 | 000,000,000 | R--D | M] -- C:\Users
[2012/02/06 21:13:50 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >


< MD5 for: EXPLORER.EXE >
[2009/10/06 01:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/06 01:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/06 01:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/06 00:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009/07/13 20:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\ERDNT\cache86\regedit.exe
[2009/07/13 20:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/13 20:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/13 20:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/13 20:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WININIT.EXE >
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86
< End of report >

#19 oxr52a

oxr52a

    New Member

  • Members
  • Pip
  • 24 posts

Posted 09 February 2012 - 08:44 PM

Hi. Still there? Did it produce what you needed this time? Thanks,

#20 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 905 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 10 February 2012 - 02:29 AM

Sorry for the delay, Was a little bit busy with my final exams.


Double click on the OTL icon to run it.
Copy/paste the entire contents of the codebox below into the Posted Image Box:

:otl
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll File not found
[2010/11/26 13:08:53 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010/11/26 13:08:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\engine@conduit.com
[2012/01/13 22:30:42 | 000,002,203 | ---- | M] () -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\searchplugins\MyStart Search.xml
[2012/02/03 19:41:06 | 000,002,470 | ---- | M] () -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\searchplugins\safesearch.xml
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "http://mystart.incre...6OypJgPEHA&i=26"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3
[2012/01/04 20:12:31 | 000,010,854 | -HS- | C] () -- C:\Users\Nolan Scott\AppData\Local\cxd8o8j8hsar
[2012/01/04 20:12:31 | 000,010,854 | -HS- | C] () -- C:\ProgramData\cxd8o8j8hsar

:commands
[emptytemp]
  • Please close all other programs now.
  • Then click the Run Fix button at the top.
  • OTL may ask to reboot the machine. Please do so if asked.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Please post the log in your next reply.





Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.

Disable your AntiVirus and AntiSpyware applications.

Double click on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.




Please post in your next reply
OTL Fix log
Combofix.txt

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users