Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Goodle keeps redirecting; Firewall disabled; ZeroAccess.B


  • This topic is locked This topic is locked
44 replies to this topic

#1 Pieter Pos

Pieter Pos

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 04 January 2012 - 08:14 PM

To remove the problems, the following tools were tried

NAV; NAV Eraser, ESET, MBAM. Windows Firewall is disabled, NAV shows error 5013.3 which directs to disable Windows Firewall which is not running. Followed instructions 6-9 of the preparation guide for Malware and Virus Removal. Could not follow instruction # 8 as I am running a windows 64-bit system.

DDSLog

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Dad at 18:38:29 on 2012-01-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.6133 [GMT -6:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Secunia\PSI\PSI_TRAY.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Users\Dad\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
uURLSearchHooks: H - No File
mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI5C88~1\Datamngr\ToolBar\searchqudtx.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - C:\PROGRA~2\WI5C88~1\Datamngr\IEBHO.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI5C88~1\Datamngr\ToolBar\searchqudtx.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [VoipStunt] "C:\Program Files (x86)\VoipStunt.com\VoipStunt\voipstunt.exe" -nosplash -minimized
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe -update plugin
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [MimBoot] C:\PROGRA~2\MUSICM~1\MUSICM~1\mimboot.exe
mRun: [MMTray] C:\PROGRA~2\MUSICM~1\MUSICM~1\mm_tray.exe
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DATAMNGR] C:\PROGRA~2\WI5C88~1\Datamngr\DATAMN~1.EXE
mRun: [NPSStartup]
mRun: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRun: [DelayShred] c:\progra~2\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\dad\appdata\local\temp\VBE.SH!
StartupFolder: C:\Users\Dad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save video on Savevid.com - C:\Program Files (x86)\Savevid\redirect.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
Trusted Zone: musicmatch.com\online
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{273AC440-8F19-46E1-AE6F-C36E21CB39BF} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{B150ED82-9B8D-412B-8F6D-C209486A0A30} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{B150ED82-9B8D-412B-8F6D-C209486A0A30}\34963736F62393438353 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B150ED82-9B8D-412B-8F6D-C209486A0A30}\34F60707562737861627B613 : DhcpNameServer = 68.87.72.134 68.87.77.134
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
AppInit_DLLs: C:\PROGRA~2\WI5C88~1\Datamngr\datamngr.dll C:\PROGRA~2\WI5C88~1\Datamngr\IEBHO.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI5C88~1\Datamngr\ToolBar\searchqudtx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: UrlHelper Class: {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI5C88~1\Datamngr\IEBHO.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
BHO-X64: FreeOnlineRadioPlayerRecorder - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI5C88~1\Datamngr\ToolBar\searchqudtx.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [MimBoot] C:\PROGRA~2\MUSICM~1\MUSICM~1\mimboot.exe
mRun-x64: [MMTray] C:\PROGRA~2\MUSICM~1\MUSICM~1\mm_tray.exe
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DATAMNGR] C:\PROGRA~2\WI5C88~1\Datamngr\DATAMN~1.EXE
mRun-x64: [NPSStartup]
mRun-x64: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [GrpConv] grpconv -o
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
AppInit_DLLs-X64: C:\PROGRA~2\WI5C88~1\Datamngr\datamngr.dll C:\PROGRA~2\WI5C88~1\Datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\79g60s1i.default\
FF - prefs.js: browser.search.defaulturl - Bing
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=siqEToIq&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\npmusicn.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\NPSibelius.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: browser.search.selectedEngine - Search
FF - user.js: keyword.URL - hxxp://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=siqEToIq&q=
FF - user.js: extentions.y2layers.installId - aa6afd09-2c79-4268-9a14-f93b73962254
FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,PageRageTeases,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SMR210;Symantec SMR Utility Service 2.1.0;C:\Windows\system32\drivers\SMR210.SYS --> C:\Windows\system32\drivers\SMR210.SYS [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-21 1156216]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111228.001\IDSviA64.sys [2011-12-28 488568]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-2-5 92160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-31 135664]
S2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [2011-5-31 130008]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-8 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-2-5 1692480]
S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-8-24 92008]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe --> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-9 138360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-31 135664]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-12-13 25072]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 ssecbus;Samsung Mobile Modem Device driver (WDM);C:\Windows\system32\DRIVERS\ssecbus.sys --> C:\Windows\system32\DRIVERS\ssecbus.sys [?]
S3 ssecmdfl;Samsung Mobile Modem Device 2 Filter;C:\Windows\system32\DRIVERS\ssecmdfl.sys --> C:\Windows\system32\DRIVERS\ssecmdfl.sys [?]
S3 ssecmdm;Samsung Mobile Modem Device 2 Driver;C:\Windows\system32\DRIVERS\ssecmdm.sys --> C:\Windows\system32\DRIVERS\ssecmdm.sys [?]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2011-11-21 16448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-01-03 23:02:49 -------- d-----w- C:\Program Files (x86)\ESET
2012-01-03 01:05:43 -------- d-----w- C:\Users\Dad\AppData\Local\Secunia PSI
2012-01-03 01:05:38 -------- d-----w- C:\Program Files (x86)\Secunia
2012-01-02 19:01:12 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-01-02 18:49:01 96376 ----a-w- C:\Windows\System32\drivers\SMR210.SYS
2012-01-02 03:56:02 -------- d-----w- C:\Users\Dad\AppData\Local\Conduit
2012-01-01 18:05:43 -------- d-----w- C:\Users\Dad\AppData\Local\NPE
2012-01-01 08:03:14 -------- d-----we C:\Windows\system64
2011-12-31 17:12:26 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-12-31 17:12:26 121816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-12-31 17:12:25 97240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-12-31 17:12:25 814040 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-12-31 17:12:25 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-31 17:12:25 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-31 17:12:25 486360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-12-31 17:12:25 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-31 17:12:25 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2011-12-31 17:12:25 2124760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-12-31 17:12:25 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-12-31 17:12:25 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-12-28 21:46:14 -------- d-----w- C:\Users\Dad\AppData\Roaming\Tific
2011-12-28 21:46:13 -------- d-----w- C:\Users\Dad\AppData\Local\Symantec
2011-12-27 14:43:31 -------- d-----w- C:\Users\Dad\AppData\Local\Apps
2011-12-26 04:51:28 -------- d-----w- C:\Program Files (x86)\Mplayer
2011-12-26 04:51:24 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com
2011-12-25 18:45:14 -------- d-----w- C:\Program Files\iPod
2011-12-25 18:45:13 -------- d-----w- C:\Program Files\iTunes
2011-12-25 18:45:13 -------- d-----w- C:\Program Files (x86)\iTunes
2011-12-25 18:43:27 -------- d-----w- C:\Program Files\Bonjour
2011-12-25 18:43:27 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-12-23 17:09:18 -------- d-----w- C:\Users\Dad\AppData\Local\SanctionedMedia
2011-12-19 01:44:33 -------- d-----w- C:\Users\Dad\AppData\Roaming\HpUpdate
2011-12-19 01:44:28 -------- d-----w- C:\Windows\Hewlett-Packard
2011-12-18 21:04:53 -------- d-----w- C:\Users\Dad\AppData\Roaming\ProgSense
2011-12-18 21:04:27 -------- d-----w- C:\Users\Dad\AppData\Roaming\GrabPro
2011-12-18 21:04:27 -------- d-----w- C:\downloads
2011-12-15 02:34:34 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-15 02:34:30 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 02:34:28 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 02:34:28 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 02:34:18 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 02:34:18 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M ====================
.
2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-24 20:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 18:38:57.91 ===============

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:47 AM

Posted 05 January 2012 - 02:12 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


Please let me know how the above scans go.

Kindest Regards,
ST

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Pieter Pos

Pieter Pos
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 05 January 2012 - 09:01 AM

Good morning ST, Thanks in advance for your help. I followed the instructions and below are the logs in order

TDSS came up clean



07:53:01.0303 2192 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
07:53:01.0585 2192 ============================================================
07:53:01.0585 2192 Current date / time: 2012/01/05 07:53:01.0585
07:53:01.0585 2192 SystemInfo:
07:53:01.0585 2192
07:53:01.0585 2192 OS Version: 6.1.7601 ServicePack: 1.0
07:53:01.0585 2192 Product type: Workstation
07:53:01.0585 2192 ComputerName: DAD-PC
07:53:01.0585 2192 UserName: Dad
07:53:01.0585 2192 Windows directory: C:\Windows
07:53:01.0585 2192 System windows directory: C:\Windows
07:53:01.0585 2192 Running under WOW64
07:53:01.0585 2192 Processor architecture: Intel x64
07:53:01.0585 2192 Number of processors: 4
07:53:01.0585 2192 Page size: 0x1000
07:53:01.0585 2192 Boot type: Safe boot with network
07:53:01.0585 2192 ============================================================
07:53:12.0740 2192 Initialize success
07:53:41.0009 3568 ============================================================
07:53:41.0009 3568 Scan started
07:53:41.0009 3568 Mode: Manual; SigCheck; TDLFS;
07:53:41.0009 3568 ============================================================
07:53:42.0086 3568 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:53:42.0153 3568 1394ohci - ok
07:53:42.0196 3568 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:53:42.0209 3568 ACPI - ok
07:53:42.0242 3568 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:53:42.0287 3568 AcpiPmi - ok
07:53:42.0361 3568 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:53:42.0375 3568 adp94xx - ok
07:53:42.0420 3568 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:53:42.0431 3568 adpahci - ok
07:53:42.0450 3568 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:53:42.0458 3568 adpu320 - ok
07:53:42.0514 3568 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
07:53:42.0532 3568 AFD - ok
07:53:42.0573 3568 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:53:42.0579 3568 agp440 - ok
07:53:42.0592 3568 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:53:42.0598 3568 aliide - ok
07:53:42.0606 3568 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:53:42.0612 3568 amdide - ok
07:53:42.0629 3568 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:53:42.0670 3568 AmdK8 - ok
07:53:42.0685 3568 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:53:42.0710 3568 AmdPPM - ok
07:53:42.0735 3568 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
07:53:42.0742 3568 amdsata - ok
07:53:42.0756 3568 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:53:42.0768 3568 amdsbs - ok
07:53:42.0783 3568 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
07:53:42.0789 3568 amdxata - ok
07:53:42.0825 3568 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:53:42.0941 3568 AppID - ok
07:53:42.0990 3568 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:53:42.0997 3568 arc - ok
07:53:43.0014 3568 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:53:43.0021 3568 arcsas - ok
07:53:43.0037 3568 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:53:43.0145 3568 AsyncMac - ok
07:53:43.0174 3568 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:53:43.0180 3568 atapi - ok
07:53:43.0247 3568 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys
07:53:43.0301 3568 athr - ok
07:53:43.0328 3568 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:53:43.0370 3568 b06bdrv - ok
07:53:43.0388 3568 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:53:43.0417 3568 b57nd60a - ok
07:53:43.0464 3568 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:53:43.0512 3568 Beep - ok
07:53:43.0773 3568 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx64.sys
07:53:43.0830 3568 BHDrvx64 - ok
07:53:43.0844 3568 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:53:43.0862 3568 blbdrive - ok
07:53:43.0915 3568 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:53:43.0929 3568 bowser - ok
07:53:43.0945 3568 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:53:43.0970 3568 BrFiltLo - ok
07:53:43.0980 3568 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:53:44.0002 3568 BrFiltUp - ok
07:53:44.0025 3568 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:53:44.0065 3568 Brserid - ok
07:53:44.0080 3568 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:53:44.0104 3568 BrSerWdm - ok
07:53:44.0120 3568 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:53:44.0144 3568 BrUsbMdm - ok
07:53:44.0169 3568 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:53:44.0176 3568 BrUsbSer - ok
07:53:44.0186 3568 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:53:44.0206 3568 BTHMODEM - ok
07:53:44.0244 3568 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:53:44.0284 3568 cdfs - ok
07:53:44.0322 3568 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
07:53:44.0343 3568 cdrom - ok
07:53:44.0361 3568 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:53:44.0372 3568 circlass - ok
07:53:44.0405 3568 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:53:44.0418 3568 CLFS - ok
07:53:44.0477 3568 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:53:44.0495 3568 CmBatt - ok
07:53:44.0517 3568 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:53:44.0523 3568 cmdide - ok
07:53:44.0572 3568 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
07:53:44.0590 3568 CNG - ok
07:53:44.0603 3568 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:53:44.0609 3568 Compbatt - ok
07:53:44.0655 3568 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
07:53:44.0676 3568 CompositeBus - ok
07:53:44.0701 3568 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:53:44.0707 3568 crcdisk - ok
07:53:44.0751 3568 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:53:44.0794 3568 DfsC - ok
07:53:44.0836 3568 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:53:44.0864 3568 discache - ok
07:53:44.0878 3568 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:53:44.0886 3568 Disk - ok
07:53:44.0922 3568 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
07:53:44.0946 3568 Dot4 - ok
07:53:44.0983 3568 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
07:53:45.0008 3568 Dot4Print - ok
07:53:45.0033 3568 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
07:53:45.0059 3568 dot4usb - ok
07:53:45.0088 3568 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:53:45.0107 3568 drmkaud - ok
07:53:45.0156 3568 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:53:45.0180 3568 DXGKrnl - ok
07:53:45.0239 3568 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:53:45.0311 3568 ebdrv - ok
07:53:45.0408 3568 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
07:53:45.0419 3568 eeCtrl - ok
07:53:45.0448 3568 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:53:45.0464 3568 elxstor - ok
07:53:45.0489 3568 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
07:53:45.0495 3568 EraserUtilRebootDrv - ok
07:53:45.0529 3568 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:53:45.0536 3568 ErrDev - ok
07:53:45.0582 3568 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:53:45.0625 3568 exfat - ok
07:53:45.0666 3568 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:53:45.0709 3568 fastfat - ok
07:53:45.0748 3568 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:53:45.0773 3568 fdc - ok
07:53:45.0798 3568 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:53:45.0805 3568 FileInfo - ok
07:53:45.0819 3568 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:53:45.0885 3568 Filetrace - ok
07:53:45.0921 3568 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:53:45.0928 3568 flpydisk - ok
07:53:45.0958 3568 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:53:45.0968 3568 FltMgr - ok
07:53:45.0981 3568 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:53:45.0988 3568 FsDepends - ok
07:53:46.0000 3568 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
07:53:46.0006 3568 Fs_Rec - ok
07:53:46.0038 3568 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:53:46.0048 3568 fvevol - ok
07:53:46.0064 3568 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:53:46.0071 3568 gagp30kx - ok
07:53:46.0114 3568 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:53:46.0118 3568 GEARAspiWDM - ok
07:53:46.0139 3568 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:53:46.0153 3568 hcw85cir - ok
07:53:46.0203 3568 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
07:53:46.0225 3568 HDAudBus - ok
07:53:46.0248 3568 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
07:53:46.0253 3568 HECIx64 - ok
07:53:46.0264 3568 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:53:46.0284 3568 HidBatt - ok
07:53:46.0305 3568 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:53:46.0328 3568 HidBth - ok
07:53:46.0351 3568 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:53:46.0362 3568 HidIr - ok
07:53:46.0398 3568 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
07:53:46.0407 3568 HidUsb - ok
07:53:46.0423 3568 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:53:46.0430 3568 HpSAMD - ok
07:53:46.0475 3568 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:53:46.0525 3568 HTTP - ok
07:53:46.0559 3568 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:53:46.0564 3568 hwpolicy - ok
07:53:46.0581 3568 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
07:53:46.0590 3568 i8042prt - ok
07:53:46.0641 3568 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
07:53:46.0654 3568 iaStorV - ok
07:53:46.0905 3568 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111228.001\IDSvia64.sys
07:53:46.0916 3568 IDSVia64 - ok
07:53:47.0070 3568 igfx (404548917acaaa314165c2882b045c94) C:\Windows\system32\DRIVERS\igdkmd64.sys
07:53:47.0333 3568 igfx - ok
07:53:47.0361 3568 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:53:47.0368 3568 iirsp - ok
07:53:47.0432 3568 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys
07:53:47.0483 3568 IntcAzAudAddService - ok
07:53:47.0499 3568 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
07:53:47.0513 3568 IntcDAud - ok
07:53:47.0546 3568 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:53:47.0552 3568 intelide - ok
07:53:47.0563 3568 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:53:47.0581 3568 intelppm - ok
07:53:47.0623 3568 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:53:47.0660 3568 IpFilterDriver - ok
07:53:47.0700 3568 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:53:47.0709 3568 IPMIDRV - ok
07:53:47.0723 3568 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:53:47.0763 3568 IPNAT - ok
07:53:47.0782 3568 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:53:47.0813 3568 IRENUM - ok
07:53:47.0824 3568 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:53:47.0830 3568 isapnp - ok
07:53:47.0866 3568 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:53:47.0876 3568 iScsiPrt - ok
07:53:47.0906 3568 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
07:53:47.0915 3568 k57nd60a - ok
07:53:47.0948 3568 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
07:53:47.0954 3568 kbdclass - ok
07:53:47.0969 3568 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
07:53:47.0977 3568 kbdhid - ok
07:53:47.0989 3568 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
07:53:47.0996 3568 KSecDD - ok
07:53:48.0055 3568 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
07:53:48.0064 3568 KSecPkg - ok
07:53:48.0072 3568 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:53:48.0116 3568 ksthunk - ok
07:53:48.0126 3568 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:53:48.0164 3568 lltdio - ok
07:53:48.0197 3568 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:53:48.0205 3568 LSI_FC - ok
07:53:48.0217 3568 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:53:48.0224 3568 LSI_SAS - ok
07:53:48.0249 3568 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:53:48.0256 3568 LSI_SAS2 - ok
07:53:48.0275 3568 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:53:48.0282 3568 LSI_SCSI - ok
07:53:48.0312 3568 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:53:48.0352 3568 luafv - ok
07:53:48.0411 3568 lvpepf64 (07389f6925e490d2db7882110e99921c) C:\Windows\system32\DRIVERS\lv302a64.sys
07:53:48.0416 3568 lvpepf64 - ok
07:53:48.0475 3568 LVRS64 (7f0ba3a6e8996f15693c6b7d81da049e) C:\Windows\system32\DRIVERS\lvrs64.sys
07:53:48.0492 3568 LVRS64 - ok
07:53:48.0559 3568 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\drivers\LVUSBS64.sys
07:53:48.0563 3568 LVUSBS64 - ok
07:53:48.0570 3568 MCSTRM - ok
07:53:48.0583 3568 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:53:48.0589 3568 megasas - ok
07:53:48.0607 3568 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:53:48.0618 3568 MegaSR - ok
07:53:48.0637 3568 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:53:48.0683 3568 Modem - ok
07:53:48.0706 3568 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:53:48.0733 3568 monitor - ok
07:53:48.0790 3568 motmodem (14eb6898923b5816e574f88835f4f454) C:\Windows\system32\DRIVERS\motmodem.sys
07:53:48.0837 3568 motmodem - ok
07:53:48.0873 3568 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
07:53:48.0879 3568 mouclass - ok
07:53:48.0892 3568 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:53:48.0900 3568 mouhid - ok
07:53:48.0938 3568 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:53:48.0945 3568 mountmgr - ok
07:53:48.0978 3568 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:53:48.0987 3568 mpio - ok
07:53:48.0998 3568 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:53:49.0049 3568 mpsdrv - ok
07:53:49.0081 3568 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:53:49.0135 3568 MRxDAV - ok
07:53:49.0189 3568 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:53:49.0228 3568 mrxsmb - ok
07:53:49.0265 3568 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:53:49.0299 3568 mrxsmb10 - ok
07:53:49.0317 3568 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:53:49.0325 3568 mrxsmb20 - ok
07:53:49.0338 3568 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:53:49.0344 3568 msahci - ok
07:53:49.0358 3568 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:53:49.0366 3568 msdsm - ok
07:53:49.0413 3568 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:53:49.0439 3568 Msfs - ok
07:53:49.0448 3568 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:53:49.0487 3568 mshidkmdf - ok
07:53:49.0510 3568 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:53:49.0516 3568 msisadrv - ok
07:53:49.0531 3568 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:53:49.0563 3568 MSKSSRV - ok
07:53:49.0580 3568 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:53:49.0622 3568 MSPCLOCK - ok
07:53:49.0644 3568 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:53:49.0694 3568 MSPQM - ok
07:53:49.0719 3568 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:53:49.0731 3568 MsRPC - ok
07:53:49.0762 3568 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
07:53:49.0768 3568 mssmbios - ok
07:53:49.0783 3568 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:53:49.0824 3568 MSTEE - ok
07:53:49.0845 3568 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:53:49.0872 3568 MTConfig - ok
07:53:49.0878 3568 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:53:49.0885 3568 Mup - ok
07:53:49.0936 3568 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:53:49.0966 3568 NativeWifiP - ok
07:53:50.0122 3568 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120101.006\ENG64.SYS
07:53:50.0127 3568 NAVENG - ok
07:53:50.0165 3568 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120101.006\EX64.SYS
07:53:50.0213 3568 NAVEX15 - ok
07:53:50.0272 3568 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
07:53:50.0293 3568 NDIS - ok
07:53:50.0307 3568 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:53:50.0335 3568 NdisCap - ok
07:53:50.0348 3568 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:53:50.0375 3568 NdisTapi - ok
07:53:50.0407 3568 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:53:50.0434 3568 Ndisuio - ok
07:53:50.0472 3568 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:53:50.0511 3568 NdisWan - ok
07:53:50.0540 3568 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:53:50.0583 3568 NDProxy - ok
07:53:50.0630 3568 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:53:50.0658 3568 NetBIOS - ok
07:53:50.0691 3568 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:53:50.0732 3568 NetBT - ok
07:53:50.0755 3568 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:53:50.0762 3568 nfrd960 - ok
07:53:50.0776 3568 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:53:50.0814 3568 Npfs - ok
07:53:50.0835 3568 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:53:50.0861 3568 nsiproxy - ok
07:53:50.0915 3568 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
07:53:50.0952 3568 Ntfs - ok
07:53:50.0989 3568 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:53:51.0033 3568 Null - ok
07:53:51.0056 3568 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
07:53:51.0061 3568 NVHDA - ok
07:53:51.0246 3568 nvlddmkm (51bd7ef17f0b525994ad5b3748c8288b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:53:51.0497 3568 nvlddmkm - ok
07:53:51.0531 3568 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
07:53:51.0540 3568 nvraid - ok
07:53:51.0567 3568 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
07:53:51.0575 3568 nvstor - ok
07:53:51.0595 3568 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:53:51.0603 3568 nv_agp - ok
07:53:51.0631 3568 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:53:51.0642 3568 ohci1394 - ok
07:53:51.0692 3568 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:53:51.0700 3568 Parport - ok
07:53:51.0738 3568 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
07:53:51.0745 3568 partmgr - ok
07:53:51.0858 3568 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
07:53:51.0866 3568 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
07:53:51.0901 3568 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:53:51.0910 3568 pci - ok
07:53:51.0921 3568 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:53:51.0927 3568 pciide - ok
07:53:51.0944 3568 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:53:51.0953 3568 pcmcia - ok
07:53:51.0986 3568 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
07:53:52.0019 3568 pcouffin - ok
07:53:52.0034 3568 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:53:52.0041 3568 pcw - ok
07:53:52.0058 3568 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:53:52.0109 3568 PEAUTH - ok
07:53:52.0185 3568 PID_PEPI (087a343dfc337f37723dd7912de6b6cd) C:\Windows\system32\DRIVERS\LV302V64.SYS
07:53:52.0238 3568 PID_PEPI - ok
07:53:52.0293 3568 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:53:52.0333 3568 PptpMiniport - ok
07:53:52.0352 3568 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:53:52.0380 3568 Processor - ok
07:53:52.0411 3568 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:53:52.0454 3568 Psched - ok
07:53:52.0510 3568 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
07:53:52.0514 3568 PSI - ok
07:53:52.0570 3568 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
07:53:52.0575 3568 PxHlpa64 - ok
07:53:52.0611 3568 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:53:52.0644 3568 ql2300 - ok
07:53:52.0656 3568 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:53:52.0666 3568 ql40xx - ok
07:53:52.0681 3568 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:53:52.0708 3568 QWAVEdrv - ok
07:53:52.0726 3568 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:53:52.0753 3568 RasAcd - ok
07:53:52.0788 3568 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:53:52.0831 3568 RasAgileVpn - ok
07:53:52.0860 3568 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:53:52.0888 3568 Rasl2tp - ok
07:53:52.0900 3568 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:53:52.0928 3568 RasPppoe - ok
07:53:52.0942 3568 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:53:52.0970 3568 RasSstp - ok
07:53:53.0008 3568 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:53:53.0050 3568 rdbss - ok
07:53:53.0071 3568 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:53:53.0094 3568 rdpbus - ok
07:53:53.0115 3568 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:53:53.0143 3568 RDPCDD - ok
07:53:53.0150 3568 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:53:53.0177 3568 RDPENCDD - ok
07:53:53.0187 3568 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:53:53.0229 3568 RDPREFMP - ok
07:53:53.0260 3568 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
07:53:53.0291 3568 RDPWD - ok
07:53:53.0324 3568 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:53:53.0333 3568 rdyboost - ok
07:53:53.0361 3568 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:53:53.0389 3568 rspndr - ok
07:53:53.0489 3568 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
07:53:53.0493 3568 SASDIFSV - ok
07:53:53.0511 3568 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
07:53:53.0515 3568 SASKUTIL - ok
07:53:53.0559 3568 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:53:53.0566 3568 sbp2port - ok
07:53:53.0614 3568 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:53:53.0652 3568 scfilter - ok
07:53:53.0676 3568 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:53:53.0716 3568 secdrv - ok
07:53:53.0787 3568 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:53:53.0811 3568 Serenum - ok
07:53:53.0831 3568 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:53:53.0841 3568 Serial - ok
07:53:53.0875 3568 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:53:53.0883 3568 sermouse - ok
07:53:53.0930 3568 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
07:53:53.0953 3568 sffdisk - ok
07:53:53.0973 3568 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:53:53.0983 3568 sffp_mmc - ok
07:53:53.0995 3568 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
07:53:54.0005 3568 sffp_sd - ok
07:53:54.0022 3568 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:53:54.0029 3568 sfloppy - ok
07:53:54.0086 3568 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:53:54.0093 3568 SiSRaid2 - ok
07:53:54.0144 3568 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:53:54.0153 3568 SiSRaid4 - ok
07:53:54.0165 3568 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:53:54.0193 3568 Smb - ok
07:53:54.0224 3568 SMR210 (03573da7c4abcf5591ad4d8c96736b00) C:\Windows\system32\drivers\SMR210.SYS
07:53:54.0228 3568 SMR210 - ok
07:53:54.0253 3568 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:53:54.0259 3568 spldr - ok
07:53:54.0366 3568 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0501000.01D\SRTSP64.SYS
07:53:54.0381 3568 SRTSP - ok
07:53:54.0394 3568 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
07:53:54.0398 3568 SRTSPX - ok
07:53:54.0436 3568 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:53:54.0469 3568 srv - ok
07:53:54.0495 3568 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:53:54.0507 3568 srv2 - ok
07:53:54.0517 3568 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:53:54.0539 3568 srvnet - ok
07:53:54.0578 3568 ssecbus (78a4d20187b5c241c70aa8e9573b3a6c) C:\Windows\system32\DRIVERS\ssecbus.sys
07:53:54.0584 3568 ssecbus - ok
07:53:54.0616 3568 ssecmdfl (6f65ffe86d515014e29fff44dbbfa49a) C:\Windows\system32\DRIVERS\ssecmdfl.sys
07:53:54.0620 3568 ssecmdfl - ok
07:53:54.0649 3568 ssecmdm (f4db6272044f0023c5ba1e17dcc4bd5a) C:\Windows\system32\DRIVERS\ssecmdm.sys
07:53:54.0655 3568 ssecmdm - ok
07:53:54.0682 3568 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:53:54.0688 3568 stexstor - ok
07:53:54.0737 3568 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
07:53:54.0763 3568 StillCam - ok
07:53:54.0805 3568 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
07:53:54.0811 3568 swenum - ok
07:53:54.0833 3568 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
07:53:54.0844 3568 SymDS - ok
07:53:54.0872 3568 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
07:53:54.0892 3568 SymEFA - ok
07:53:54.0944 3568 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
07:53:54.0950 3568 SymEvent - ok
07:53:54.0991 3568 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
07:53:54.0997 3568 SymIRON - ok
07:53:55.0029 3568 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS
07:53:55.0039 3568 SymNetS - ok
07:53:55.0110 3568 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
07:53:55.0151 3568 Tcpip - ok
07:53:55.0179 3568 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
07:53:55.0210 3568 TCPIP6 - ok
07:53:55.0246 3568 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:53:55.0287 3568 tcpipreg - ok
07:53:55.0338 3568 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:53:55.0379 3568 TDPIPE - ok
07:53:55.0423 3568 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
07:53:55.0466 3568 TDTCP - ok
07:53:55.0497 3568 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:53:55.0530 3568 tdx - ok
07:53:55.0562 3568 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
07:53:55.0569 3568 TermDD - ok
07:53:55.0623 3568 TFsExDisk (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
07:53:55.0628 3568 TFsExDisk - ok
07:53:55.0690 3568 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:53:55.0723 3568 tssecsrv - ok
07:53:55.0769 3568 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:53:55.0789 3568 TsUsbFlt - ok
07:53:55.0823 3568 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:53:55.0863 3568 tunnel - ok
07:53:55.0881 3568 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:53:55.0888 3568 uagp35 - ok
07:53:55.0927 3568 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:53:55.0969 3568 udfs - ok
07:53:55.0992 3568 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
07:53:55.0999 3568 uliagpkx - ok
07:53:56.0029 3568 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
07:53:56.0049 3568 umbus - ok
07:53:56.0070 3568 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:53:56.0090 3568 UmPass - ok
07:53:56.0149 3568 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
07:53:56.0187 3568 USBAAPL64 - ok
07:53:56.0221 3568 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
07:53:56.0242 3568 usbaudio - ok
07:53:56.0267 3568 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
07:53:56.0282 3568 usbccgp - ok
07:53:56.0319 3568 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
07:53:56.0341 3568 usbcir - ok
07:53:56.0372 3568 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
07:53:56.0396 3568 usbehci - ok
07:53:56.0427 3568 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
07:53:56.0453 3568 usbhub - ok
07:53:56.0477 3568 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
07:53:56.0486 3568 usbohci - ok
07:53:56.0492 3568 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:53:56.0503 3568 usbprint - ok
07:53:56.0552 3568 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
07:53:56.0576 3568 usbscan - ok
07:53:56.0614 3568 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:53:56.0651 3568 USBSTOR - ok
07:53:56.0672 3568 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
07:53:56.0692 3568 usbuhci - ok
07:53:56.0717 3568 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
07:53:56.0723 3568 vdrvroot - ok
07:53:56.0738 3568 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:53:56.0748 3568 vga - ok
07:53:56.0764 3568 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:53:56.0813 3568 VgaSave - ok
07:53:56.0837 3568 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
07:53:56.0846 3568 vhdmp - ok
07:53:56.0856 3568 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
07:53:56.0863 3568 viaide - ok
07:53:56.0880 3568 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
07:53:56.0887 3568 volmgr - ok
07:53:56.0925 3568 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
07:53:56.0936 3568 volmgrx - ok
07:53:56.0954 3568 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
07:53:56.0965 3568 volsnap - ok
07:53:56.0986 3568 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:53:56.0994 3568 vsmraid - ok
07:53:57.0007 3568 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
07:53:57.0029 3568 vwifibus - ok
07:53:57.0055 3568 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
07:53:57.0083 3568 vwififlt - ok
07:53:57.0116 3568 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
07:53:57.0127 3568 vwifimp - ok
07:53:57.0139 3568 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:53:57.0163 3568 WacomPen - ok
07:53:57.0186 3568 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:53:57.0228 3568 WANARP - ok
07:53:57.0231 3568 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:53:57.0259 3568 Wanarpv6 - ok
07:53:57.0312 3568 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:53:57.0318 3568 Wd - ok
07:53:57.0339 3568 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:53:57.0355 3568 Wdf01000 - ok
07:53:57.0396 3568 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:53:57.0425 3568 WfpLwf - ok
07:53:57.0485 3568 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
07:53:57.0493 3568 WimFltr - ok
07:53:57.0508 3568 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:53:57.0516 3568 WIMMount - ok
07:53:57.0584 3568 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
07:53:57.0594 3568 WinUsb - ok
07:53:57.0609 3568 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
07:53:57.0631 3568 WmiAcpi - ok
07:53:57.0702 3568 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:53:57.0743 3568 ws2ifsl - ok
07:53:57.0769 3568 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
07:53:57.0773 3568 WsAudio_DeviceS(1) - ok
07:53:57.0792 3568 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
07:53:57.0798 3568 WsAudio_DeviceS(2) - ok
07:53:57.0823 3568 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
07:53:57.0828 3568 WsAudio_DeviceS(3) - ok
07:53:57.0839 3568 WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
07:53:57.0844 3568 WsAudio_DeviceS(4) - ok
07:53:57.0856 3568 WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
07:53:57.0860 3568 WsAudio_DeviceS(5) - ok
07:53:57.0891 3568 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
07:53:57.0915 3568 WSDPrintDevice - ok
07:53:57.0945 3568 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
07:53:57.0972 3568 WudfPf - ok
07:53:58.0001 3568 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:53:58.0045 3568 WUDFRd - ok
07:53:58.0070 3568 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
07:53:58.0175 3568 \Device\Harddisk0\DR0 - ok
07:53:58.0178 3568 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
07:53:58.0304 3568 \Device\Harddisk5\DR5 - ok
07:53:58.0309 3568 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk6\DR6
07:53:58.0448 3568 \Device\Harddisk6\DR6 - ok
07:53:58.0454 3568 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk7\DR7
07:53:58.0573 3568 \Device\Harddisk7\DR7 - ok
07:53:58.0575 3568 Boot (0x1200) (2bd812be402c08e0d8789da6cb0d25e2) \Device\Harddisk0\DR0\Partition0
07:53:58.0575 3568 \Device\Harddisk0\DR0\Partition0 - ok
07:53:58.0597 3568 Boot (0x1200) (4d4014dd64287dea6372162158a497aa) \Device\Harddisk0\DR0\Partition1
07:53:58.0597 3568 \Device\Harddisk0\DR0\Partition1 - ok
07:53:58.0600 3568 Boot (0x1200) (ce08823e4514dd64c5bdb594c0db1e24) \Device\Harddisk5\DR5\Partition0
07:53:58.0601 3568 \Device\Harddisk5\DR5\Partition0 - ok
07:53:58.0603 3568 Boot (0x1200) (76b8b814f60987798b5b40b3f4e9bd9d) \Device\Harddisk6\DR6\Partition0
07:53:58.0604 3568 \Device\Harddisk6\DR6\Partition0 - ok
07:53:58.0608 3568 Boot (0x1200) (aea0f87a5c2dfc4b8ead7c7bbad86d7f) \Device\Harddisk7\DR7\Partition0
07:53:58.0608 3568 \Device\Harddisk7\DR7\Partition0 - ok
07:53:58.0609 3568 ============================================================
07:53:58.0609 3568 Scan finished
07:53:58.0609 3568 ============================================================
07:53:58.0624 3432 Detected object count: 0
07:53:58.0624 3432 Actual detected object count: 0



OTL logfile created on: 1/5/2012 7:55:59 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dad\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 5.84 Gb Available Physical Memory | 73.71% Memory free
15.86 Gb Paging File | 14.22 Gb Available in Paging File | 89.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.82 Gb Total Space | 121.12 Gb Free Space | 13.21% Space Free | Partition Type: NTFS
Drive I: | 698.64 Gb Total Space | 219.77 Gb Free Space | 31.46% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 161.56 Gb Free Space | 17.34% Space Free | Partition Type: NTFS
Drive K: | 244.63 Mb Total Space | 237.33 Mb Free Space | 97.02% Space Free | Partition Type: FAT

Computer Name: DAD-PC | User Name: Dad | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/05 07:55:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
PRC - [2012/01/01 07:34:34 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- K:\tdsskiller.exe
PRC - [2011/12/31 11:12:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/10/14 00:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2009/07/13 19:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE


========== Modules (No Company Name) ==========

MOD - [2011/12/31 11:12:25 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/24 07:04:11 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010/11/20 06:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/24 07:06:08 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/31 16:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2011/10/14 00:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/08/24 03:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/06/19 06:18:00 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/05 21:54:23 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 18:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/02 12:49:01 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR210.SYS -- (SMR210)
DRV:64bit: - [2011/12/13 19:19:10 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/08 16:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/07/06 11:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/05/31 10:18:17 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/30 21:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 21:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 20:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 00:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/15 19:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/09/01 02:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/06/18 19:31:13 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/04/26 20:25:20 | 000,152,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssecmdm.sys -- (ssecmdm)
DRV:64bit: - [2010/04/26 20:25:20 | 000,113,664 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssecbus.sys -- (ssecbus) Samsung Mobile Modem Device driver (WDM)
DRV:64bit: - [2010/04/26 20:25:20 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssecmdfl.sys -- (ssecmdfl)
DRV:64bit: - [2009/12/04 10:33:50 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV:64bit: - [2009/12/04 10:33:50 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV:64bit: - [2009/12/04 10:33:50 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV:64bit: - [2009/12/04 10:33:50 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV:64bit: - [2009/12/04 10:33:50 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV:64bit: - [2009/10/16 05:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/10/08 10:37:48 | 007,749,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/26 09:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/26 17:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 19:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/01/29 16:16:08 | 000,029,696 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2008/07/26 14:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 14:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008/07/26 14:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2008/07/26 14:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/01/01 12:02:10 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120101.006\EX64.SYS -- (NAVEX15)
DRV - [2012/01/01 12:02:10 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120101.006\ENG64.SYS -- (NAVENG)
DRV - [2011/11/14 13:28:01 | 001,156,216 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/09 02:40:04 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/09 02:40:04 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/22 23:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111228.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2838522421-95888037-425299958-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-2838522421-95888037-425299958-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
IE - HKU\S-1-5-21-2838522421-95888037-425299958-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.searchqu.com/405
IE - HKU\S-1-5-21-2838522421-95888037-425299958-1001\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - No CLSID value found
IE - HKU\S-1-5-21-2838522421-95888037-425299958-1001\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2838522421-95888037-425299958-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2838522421-95888037-425299958-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "Bing"
FF - prefs.js..browser.search.order.1: "Bing"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {F0E4844B-E00D-4CCC-BAC0-8568B27FBC10}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: crossriderapp498@crossrider.com:0.76.37
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.4.3
FF - prefs.js..keyword.URL: "http://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=siqEToIq&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "http://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=siqEToIq&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/22 21:36:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/10/13 02:28:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2012/01/01 21:45:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Dad\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/31 11:12:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/31 11:12:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/22 21:36:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F0E4844B-E00D-4CCC-BAC0-8568B27FBC10}: C:\Users\Dad\AppData\Local\{F0E4844B-E00D-4CCC-BAC0-8568B27FBC10} [2011/05/08 02:25:08 | 000,000,000 | ---D | M]

[2011/10/23 21:06:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions
[2010/06/20 07:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/12/31 11:36:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\79g60s1i.default\extensions
[2010/11/07 11:47:59 | 000,002,395 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\79g60s1i.default\searchplugins\askcom.xml
[2011/11/23 21:22:20 | 000,001,945 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\79g60s1i.default\searchplugins\bing-zugo.xml
[2010/11/02 15:54:54 | 000,000,935 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\79g60s1i.default\searchplugins\conduit.xml
[2011/03/04 16:11:27 | 000,002,197 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\79g60s1i.default\searchplugins\google-search.xml
[2011/05/31 19:26:25 | 000,002,468 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\79g60s1i.default\searchplugins\safesearch.xml
[2011/10/23 21:06:51 | 000,002,497 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\79g60s1i.default\searchplugins\SearchResults.xml
[2011/12/31 11:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/08 18:40:29 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/01 21:45:45 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_4_3
[2011/12/31 11:12:26 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/18 12:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 12:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/12/31 11:12:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/23 21:06:51 | 000,002,497 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2011/12/31 11:12:23 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: No name found = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

Hosts file not found
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI5C88~1\Datamngr\IEBHO.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2838522421-95888037-425299958-1001\..\Toolbar\WebBrowser: (no name) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No CLSID value found.
O3 - HKU\S-1-5-21-2838522421-95888037-425299958-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2838522421-95888037-425299958-1001\..\Toolbar\WebBrowser: (FreeOnlineRadioPlayerRecorder Toolbar) - {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\WI5C88~1\Datamngr\DATAMN~1.EXE File not found
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MimBoot] C:\Program Files (x86)\Musicmatch\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files (x86)\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MossySkySA] C:\Program Files (x86)\MossySky\bin\1.0.16.0\MossySkySA.exe ()
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" File not found
O4 - HKU\.DEFAULT..\Run: [DelayShred] c:\progra~2\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\dad\appdata\local\temp\VBE.SH! File not found
O4 - HKU\S-1-5-18..\Run: [DelayShred] c:\progra~2\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\dad\appdata\local\temp\VBE.SH! File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2838522421-95888037-425299958-1001..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-2838522421-95888037-425299958-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-2838522421-95888037-425299958-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2838522421-95888037-425299958-1001..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-2838522421-95888037-425299958-1001..\Run: [VoipStunt] C:\Program Files (x86)\VoipStunt.com\VoipStunt\voipstunt.exe (VoipStunt)
O4:64bit: - HKLM..\RunOnce: [GrpConv] C:\Windows\SysNative\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2838522421-95888037-425299958-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2838522421-95888037-425299958-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Save video on Savevid.com - C:\Program Files (x86)\Savevid\redirect.htm ()
O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files (x86)\Savevid\redirect.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-2838522421-95888037-425299958-1001\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-2838522421-95888037-425299958-1001\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-2838522421-95888037-425299958-1001\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-2838522421-95888037-425299958-1001\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{273AC440-8F19-46E1-AE6F-C36E21CB39BF}: DhcpNameServer = 68.87.72.134 68.87.77.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B150ED82-9B8D-412B-8F6D-C209486A0A30}: DhcpNameServer = 68.87.72.134 68.87.77.134
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI5C88~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI5C88~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI5C88~1\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\WI5C88~1\Datamngr\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/10 07:48:26 | 000,000,032 | ---- | M] () - I:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/02/19 20:00:56 | 000,000,067 | ---- | M] () - J:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\PC_Clickme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 07:55:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
[2012/01/04 19:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\MossySkySA
[2012/01/04 19:11:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MossySky
[2012/01/04 19:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2012/01/04 19:09:18 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\WinZip
[2012/01/04 18:38:23 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Dad\Desktop\dds.scr
[2012/01/03 17:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/03 17:00:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Dad\Desktop\esetsmartinstaller_enu.exe
[2012/01/02 19:05:43 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Secunia PSI
[2012/01/02 19:05:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012/01/02 13:01:12 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2012/01/02 12:49:01 | 000,096,376 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR210.SYS
[2012/01/01 21:56:02 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Conduit
[2012/01/01 12:05:43 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\NPE
[2012/01/01 02:03:14 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/12/28 15:46:14 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Tific
[2011/12/28 15:46:13 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Symantec
[2011/12/27 08:43:31 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Apps
[2011/12/25 22:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mplayer
[2011/12/25 22:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mplayer
[2011/12/25 22:51:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2011/12/25 12:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/25 12:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/25 12:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/25 12:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/12/25 12:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/12/25 12:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/12/25 12:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/12/25 12:39:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/12/23 11:09:18 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\SanctionedMedia
[2011/12/18 19:44:33 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\HpUpdate
[2011/12/18 19:44:28 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2011/12/18 15:04:53 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\ProgSense
[2011/12/18 15:04:27 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\GrabPro
[2011/12/18 15:04:27 | 000,000,000 | ---D | C] -- C:\downloads
[2011/12/18 15:04:24 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Orbit
[2011/12/16 16:03:48 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2011/12/15 03:01:47 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/15 03:01:47 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/15 03:01:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/15 03:01:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/15 03:01:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/15 03:01:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/15 03:01:45 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/15 03:01:45 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/15 03:01:44 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/15 03:01:44 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/15 03:01:44 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/14 20:34:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 20:34:28 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 20:34:28 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/10 09:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2010/06/18 19:31:13 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Dad\AppData\Roaming\pcouffin.sys
[9 C:\Users\Dad\Documents\*.tmp files -> C:\Users\Dad\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/05 07:55:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
[2012/01/04 19:12:18 | 054,703,432 | ---- | M] () -- C:\Users\Dad\Desktop\winzip160.exe
[2012/01/04 19:11:42 | 000,000,240 | ---- | M] () -- C:\Windows\tasks\RunAsStdUser Task.job
[2012/01/04 19:11:29 | 000,229,536 | ---- | M] () -- C:\Users\Dad\Desktop\setup.exe
[2012/01/04 18:38:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Dad\Desktop\dds.scr
[2012/01/04 18:38:00 | 000,000,000 | ---- | M] () -- C:\Users\Dad\defogger_reenable
[2012/01/04 18:36:29 | 000,050,477 | ---- | M] () -- C:\Users\Dad\Desktop\Defogger.exe
[2012/01/03 17:00:36 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Dad\Desktop\esetsmartinstaller_enu.exe
[2012/01/03 16:50:15 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/02 19:05:39 | 000,001,104 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/01/02 13:06:10 | 000,135,388 | ---- | M] () -- C:\Users\Dad\AppData\Local\census.cache
[2012/01/02 13:06:07 | 000,092,734 | ---- | M] () -- C:\Users\Dad\AppData\Local\ars.cache
[2012/01/02 13:00:39 | 000,000,036 | ---- | M] () -- C:\Users\Dad\AppData\Local\housecall.guid.cache
[2012/01/02 12:49:03 | 000,000,020 | ---- | M] () -- C:\Windows\SysNative\drivers\SMR210.dat
[2012/01/02 12:49:01 | 000,096,376 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR210.SYS
[2012/01/02 12:48:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/02 12:48:03 | 2090,164,223 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/01 23:10:48 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/01 23:10:48 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/01 22:29:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/01 21:46:59 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/01 12:07:26 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/01/01 11:45:42 | 000,870,128 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\mcs.rma
[2012/01/01 11:45:42 | 000,000,004 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\77D4C0
[2012/01/01 08:36:20 | 000,012,084 | -HS- | M] () -- C:\Users\Dad\AppData\Local\hnd413nc0fmw73bx2u030h3wknfks3ht6abhe
[2012/01/01 08:36:20 | 000,012,084 | -HS- | M] () -- C:\ProgramData\hnd413nc0fmw73bx2u030h3wknfks3ht6abhe
[2012/01/01 08:20:59 | 000,001,959 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/31 11:14:57 | 000,002,050 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/31 05:18:06 | 000,000,406 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Dad.job
[2011/12/28 16:01:08 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/28 14:24:41 | 000,410,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/28 14:24:35 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/26 22:21:27 | 000,730,384 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/26 22:21:27 | 000,626,976 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/26 22:21:27 | 000,107,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/26 18:17:30 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/26 16:26:47 | 000,074,077 | R--- | M] () -- C:\Users\Dad\sorrows.jpg
[2011/12/26 08:37:51 | 001,132,451 | ---- | M] () -- C:\Users\Dad\Documents\CitiBank-05-2011.pdf
[2011/12/26 08:37:20 | 001,194,252 | ---- | M] () -- C:\Users\Dad\Documents\CitiBank-04-2011.pdf
[2011/12/25 22:51:43 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\Mplayer.lnk
[2011/12/25 22:51:25 | 000,001,936 | ---- | M] () -- C:\Users\Dad\Desktop\Free Dolphin Screensaver.lnk
[2011/12/25 22:51:24 | 000,001,936 | ---- | M] () -- C:\Users\Dad\Desktop\Free Music Downloads.lnk
[2011/12/25 22:51:24 | 000,001,926 | ---- | M] () -- C:\Users\Dad\Desktop\Free Games!!.lnk
[2011/12/25 14:18:32 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Rhapsody.lnk
[2011/12/25 14:18:31 | 000,000,959 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2011/12/25 12:42:46 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/12/16 16:02:53 | 000,001,131 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/07 20:55:01 | 006,066,839 | ---- | M] () -- C:\Users\Dad\Documents\Lee Towers - You'll never walk alone.mp3
[2011/12/07 20:53:17 | 005,562,351 | ---- | M] () -- C:\Users\Dad\Documents\Lee Towers - You'll never walk alone.flv
[9 C:\Users\Dad\Documents\*.tmp files -> C:\Users\Dad\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/04 19:11:59 | 054,703,432 | ---- | C] () -- C:\Users\Dad\Desktop\winzip160.exe
[2012/01/04 19:11:42 | 000,000,240 | ---- | C] () -- C:\Windows\tasks\RunAsStdUser Task.job
[2012/01/04 19:11:29 | 000,229,536 | ---- | C] () -- C:\Users\Dad\Desktop\setup.exe
[2012/01/04 18:38:00 | 000,000,000 | ---- | C] () -- C:\Users\Dad\defogger_reenable
[2012/01/04 18:36:29 | 000,050,477 | ---- | C] () -- C:\Users\Dad\Desktop\Defogger.exe
[2012/01/03 16:50:15 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/02 19:05:39 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/01/02 19:05:39 | 000,001,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012/01/02 13:06:10 | 000,135,388 | ---- | C] () -- C:\Users\Dad\AppData\Local\census.cache
[2012/01/02 13:06:07 | 000,092,734 | ---- | C] () -- C:\Users\Dad\AppData\Local\ars.cache
[2012/01/02 13:00:39 | 000,000,036 | ---- | C] () -- C:\Users\Dad\AppData\Local\housecall.guid.cache
[2012/01/02 12:49:02 | 000,000,020 | ---- | C] () -- C:\Windows\SysNative\drivers\SMR210.dat
[2011/12/31 21:23:29 | 000,012,084 | -HS- | C] () -- C:\Users\Dad\AppData\Local\hnd413nc0fmw73bx2u030h3wknfks3ht6abhe
[2011/12/31 21:23:29 | 000,012,084 | -HS- | C] () -- C:\ProgramData\hnd413nc0fmw73bx2u030h3wknfks3ht6abhe
[2011/12/26 16:26:51 | 000,074,077 | R--- | C] () -- C:\Users\Dad\sorrows.jpg
[2011/12/26 08:37:49 | 001,132,451 | ---- | C] () -- C:\Users\Dad\Documents\CitiBank-05-2011.pdf
[2011/12/26 08:37:18 | 001,194,252 | ---- | C] () -- C:\Users\Dad\Documents\CitiBank-04-2011.pdf
[2011/12/25 22:51:41 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\Mplayer.lnk
[2011/12/25 22:51:24 | 000,001,936 | ---- | C] () -- C:\Users\Dad\Desktop\Free Music Downloads.lnk
[2011/12/25 22:51:24 | 000,001,936 | ---- | C] () -- C:\Users\Dad\Desktop\Free Dolphin Screensaver.lnk
[2011/12/25 22:51:24 | 000,001,926 | ---- | C] () -- C:\Users\Dad\Desktop\Free Games!!.lnk
[2011/12/25 14:18:31 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Rhapsody.lnk
[2011/12/25 12:45:38 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/25 12:42:46 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/12/25 12:39:31 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/12/16 16:04:04 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/16 16:04:01 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/12/07 20:54:53 | 006,066,839 | ---- | C] () -- C:\Users\Dad\Documents\Lee Towers - You'll never walk alone.mp3
[2011/12/07 20:51:17 | 005,562,351 | ---- | C] () -- C:\Users\Dad\Documents\Lee Towers - You'll never walk alone.flv
[2011/11/25 11:38:23 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/11/21 21:59:06 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/08 02:25:10 | 000,000,120 | ---- | C] () -- C:\Users\Dad\AppData\Local\Gwogewi.dat
[2011/05/08 02:25:10 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Local\Areluvijukija.bin
[2011/02/02 10:29:53 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp
[2011/01/29 02:51:10 | 000,004,096 | ---- | C] () -- C:\Users\Dad\AppData\Local\keyfile3.drm
[2010/12/22 21:31:32 | 000,207,346 | ---- | C] () -- C:\Windows\hpwins28.dat
[2010/12/03 21:45:57 | 000,870,128 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\mcs.rma
[2010/10/18 22:24:26 | 000,008,297 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\UserTile.png
[2010/06/20 19:28:45 | 000,000,004 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\77D4C0
[2010/06/19 07:31:24 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2010/06/19 06:13:02 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/06/19 06:13:02 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/06/19 06:13:02 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/06/19 06:13:02 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/06/19 06:13:02 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/06/19 06:13:02 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/06/19 06:13:02 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/06/19 06:13:02 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/06/19 06:13:02 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/06/19 06:13:02 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/06/19 06:13:02 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/06/19 06:13:02 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/06/19 06:13:02 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/06/19 06:13:02 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/06/19 06:13:02 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/06/19 06:13:02 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/06/19 06:09:42 | 000,000,044 | ---- | C] () -- C:\Windows\EPPV600.ini
[2010/06/18 21:05:13 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/06/18 20:26:55 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\WBCustomizer.dll
[2010/06/18 19:38:11 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/18 19:31:13 | 000,099,384 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\inst.exe
[2010/06/18 19:31:13 | 000,007,859 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\pcouffin.cat
[2010/06/18 19:31:13 | 000,001,167 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\pcouffin.inf
[2010/02/05 23:48:15 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/02/05 23:48:15 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/02/05 23:35:59 | 000,874,032 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/02/05 23:35:59 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/02/05 23:35:59 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/02/05 23:35:59 | 000,049,712 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/02/05 23:35:58 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2009/08/18 01:18:40 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

< End of report >


OTL Extras logfile created on: 1/5/2012 7:55:59 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dad\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 5.84 Gb Available Physical Memory | 73.71% Memory free
15.86 Gb Paging File | 14.22 Gb Available in Paging File | 89.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.82 Gb Total Space | 121.12 Gb Free Space | 13.21% Space Free | Partition Type: NTFS
Drive I: | 698.64 Gb Total Space | 219.77 Gb Free Space | 31.46% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 161.56 Gb Free Space | 17.34% Space Free | Partition Type: NTFS
Drive K: | 244.63 Mb Total Space | 237.33 Mb Free Space | 97.02% Space Free | Partition Type: FAT

Computer Name: DAD-PC | User Name: Dad | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2838522421-95888037-425299958-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{3E2DA560-EE3E-45C2-9CC7-B1B0A06C6BE6}" = Motorola Driver Installation 3.9.0
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Dell Support Center" = Dell Support Center
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 26
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{576CA494-F771-4B10-9AF0-8ED4A7AFB0CC}_is1" = Amnesia - The Dark Descent Demo
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981405}" = SaveVid Plug-in
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1" = Fast Duplicate File Finder 2.8.0.1
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EBBE3D90-9344-43A7-A548-91BA02B3B7CD}" = EPSON Perfection V600 Photo Scanner Driver Update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All2WAV Recorder_is1" = All2WAV Recorder 4.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Applian Director2.01" = Applian Director
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Debut" = Debut Video Capture Software
"DVD Shrink_is1" = DVD Shrink 3.1.7
"DVDFab 7_is1" = DVDFab 7.0.9.3 (08/08/2010)
"DVDFab 8 Qt_is1" = DVDFab 8.1.3.2 (31/10/2011) Qt
"DVDFab 8_is1" = DVDFab 8.0.7.6 Beta (25/02/2011)
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"FLV Player2.0.25" = FLV Player
"Free Sound Recorder_is1" = Free Sound Recorder 2010 v9.2.1
"Free Video to JPG Converter_is1" = Free Video to JPG Converter version 2.1.2.920
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Legacy 7.5" = Legacy 7.5
"LegacyChart7_is1" = Legacy Charting 7.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"MossySkySA" = MossySky
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Mplayer" = Mplayer 0.6.9
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.5
"N360" = Norton Security Suite
"NSS" = Norton Security Scan
"PageNest_is1" = PageNest
"PhotoScape" = PhotoScape
"Power Sound Editor Free" = Power Sound Editor Free
"Prisma Duits-Nederlands_is1" = Prisma D-N 1.0
"Prisma Engels-Nederlands_is1" = Prisma E-N 1.0
"Prisma Frans-Nederlands_is1" = Prisma F-N 1.0
"Prisma Nederlands-Duits_is1" = Prisma N-D 1.0
"Prisma Nederlands-Engels_is1" = Prisma N-E 1.0
"Prisma Nederlands-Frans_is1" = Prisma N-F 1.0
"Rhapsody" = Rhapsody
"SaveVid Plug-in" = SaveVid Plug-in
"Searchqu 405 MediaBar" = Windows Savevid Toolbar
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"StartNow Toolbar" = StartNow Toolbar
"Switch" = Switch Sound File Converter
"TomTom HOME" = TomTom HOME 2.7.6.2056
"VoipStunt_is1" = VoipStunt
"WavePad" = WavePad Sound Editor
"WebStripper Pro_is1" = WebStripper
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wondershare Music Converter_is1" = Wondershare Music Converter(Build 1.3.2.1)
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
"Zulu" = Zulu DJ Software

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2838522421-95888037-425299958-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smad" = SanctionedMedia

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/27/2011 8:43:21 PM | Computer Name = Dad-PC | Source = Application Hang | ID = 1002
Description = The program iTunes.exe version 10.5.2.11 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: fc4 Start
Time: 01ccc4f997b61b59 Termination Time: 17 Application Path: C:\Program Files (x86)\iTunes\iTunes.exe

Report
Id:

Error - 12/27/2011 8:43:26 PM | Computer Name = Dad-PC | Source = Bonjour Service | ID = 100
Description = Client application registered 2 identical instances of service Dad’s\032Library._home-sharing._tcp.local.
port 3689.

Error - 12/27/2011 8:44:08 PM | Computer Name = Dad-PC | Source = Application Hang | ID = 1002
Description = The program iTunes.exe version 10.5.2.11 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 23f4 Start
Time: 01ccc4f9b41a2195 Termination Time: 18 Application Path: C:\Program Files (x86)\iTunes\iTunes.exe

Report
Id:

Error - 12/27/2011 8:59:02 PM | Computer Name = Dad-PC | Source = Bonjour Service | ID = 100
Description = Client application registered 2 identical instances of service Dad’s\032Library._home-sharing._tcp.local.
port 3689.

Error - 12/27/2011 8:59:36 PM | Computer Name = Dad-PC | Source = Application Hang | ID = 1002
Description = The program iTunes.exe version 10.5.2.11 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 3068 Start
Time: 01ccc4fbe2998874 Termination Time: 24 Application Path: C:\Program Files (x86)\iTunes\iTunes.exe

Report
Id:

Error - 12/27/2011 8:59:42 PM | Computer Name = Dad-PC | Source = Bonjour Service | ID = 100
Description = Client application registered 2 identical instances of service Dad’s\032Library._home-sharing._tcp.local.
port 3689.

Error - 12/27/2011 9:00:12 PM | Computer Name = Dad-PC | Source = Application Hang | ID = 1002
Description = The program iTunes.exe version 10.5.2.11 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 4b34 Start
Time: 01ccc4fbfa5d1a38 Termination Time: 25 Application Path: C:\Program Files (x86)\iTunes\iTunes.exe

Report
Id:

Error - 12/27/2011 9:06:12 PM | Computer Name = Dad-PC | Source = Bonjour Service | ID = 100
Description = Client application registered 2 identical instances of service Dad’s\032Library._home-sharing._tcp.local.
port 3689.

Error - 12/27/2011 9:06:34 PM | Computer Name = Dad-PC | Source = Application Hang | ID = 1002
Description = The program iTunes.exe version 10.5.2.11 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 26a4 Start
Time: 01ccc4fce27ef4cb Termination Time: 22 Application Path: C:\Program Files (x86)\iTunes\iTunes.exe

Report
Id:

Error - 12/28/2011 2:30:23 PM | Computer Name = Dad-PC | Source = Application Error | ID = 1000
Description = Faulting application name: BackupPlg.exe, version: 2.0.3.129, time
stamp: 0x4db01947 Faulting module name: BackupApi.dll, version: 2.0.3.129, time
stamp: 0x4db0190c Exception code: 0xc0000005 Fault offset: 0x000085cf Faulting process
id: 0x39f4 Faulting application start time: 0x01ccc58ec27eaad6 Faulting application
path: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\FileBackup\BackupPlg.exe
Faulting
module path: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\FileBackup\BackupApi.dll
Report
Id: 00b55ef5-3182-11e1-a350-002564ebdaed

[ Dell Events ]
Error - 10/8/2011 1:57:56 AM | Computer Name = Dad-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/8/2011 2:02:35 AM | Computer Name = Dad-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/8/2011 2:02:35 AM | Computer Name = Dad-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/9/2011 1:01:59 PM | Computer Name = Dad-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/9/2011 1:01:59 PM | Computer Name = Dad-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/15/2011 2:01:59 PM | Computer Name = Dad-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/15/2011 2:01:59 PM | Computer Name = Dad-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/2/2011 5:01:12 PM | Computer Name = Dad-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/2/2011 5:01:12 PM | Computer Name = Dad-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/5/2011 5:00:42 PM | Computer Name = Dad-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 12/6/2010 12:43:57 AM | Computer Name = Dad-PC | Source = MCUpdate | ID = 0
Description = 10:43:55 PM - Error connecting to the internet. 10:43:55 PM - Unable
to contact server..

Error - 2/2/2011 1:28:37 AM | Computer Name = Dad-PC | Source = MCUpdate | ID = 0
Description = 11:28:16 PM - Failed to retrieve Directory (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 5/31/2011 12:17:27 AM | Computer Name = Dad-PC | Source = MCUpdate | ID = 0
Description = 11:17:27 PM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: An unexpected error occurred on a receive.)

Error - 5/31/2011 1:18:23 AM | Computer Name = Dad-PC | Source = MCUpdate | ID = 0
Description = 12:18:22 AM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: An unexpected error occurred on a receive.)

Error - 9/3/2011 12:25:46 AM | Computer Name = Dad-PC | Source = MCUpdate | ID = 0
Description = 11:25:45 PM - Error connecting to the internet. 11:25:45 PM - Unable
to contact server..

Error - 9/3/2011 12:26:19 AM | Computer Name = Dad-PC | Source = MCUpdate | ID = 0
Description = 11:26:15 PM - Error connecting to the internet. 11:26:15 PM - Unable
to contact server..

Error - 9/3/2011 1:27:16 AM | Computer Name = Dad-PC | Source = MCUpdate | ID = 0
Description = 12:27:16 AM - Error connecting to the internet. 12:27:16 AM - Unable
to contact server..

Error - 9/3/2011 1:27:49 AM | Computer Name = Dad-PC | Source = MCUpdate | ID = 0
Description = 12:27:45 AM - Error connecting to the internet. 12:27:45 AM - Unable
to contact server..

Error - 9/3/2011 2:28:48 AM | Computer Name = Dad-PC | Source = MCUpdate | ID = 0
Description = 1:28:48 AM - Error connecting to the internet. 1:28:48 AM - Unable
to contact server..

Error - 9/3/2011 2:29:23 AM | Computer Name = Dad-PC | Source = MCUpdate | ID = 0
Description = 1:29:17 AM - Error connecting to the internet. 1:29:17 AM - Unable
to contact server..

[ System Events ]
Error - 1/4/2012 11:11:40 AM | Computer Name = Dad-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OneTouch4.

Error - 1/4/2012 11:11:57 AM | Computer Name = Dad-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OneTouch4.

Error - 1/4/2012 11:48:26 AM | Computer Name = Dad-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 1/4/2012 11:48:28 AM | Computer Name = Dad-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 1/4/2012 11:48:31 AM | Computer Name = Dad-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 1/4/2012 2:48:11 PM | Computer Name = Dad-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 1/4/2012 2:48:26 PM | Computer Name = Dad-PC | Source = DCOM | ID = 10005
Description =

Error - 1/4/2012 8:36:24 PM | Computer Name = Dad-PC | Source = DCOM | ID = 10005
Description =

Error - 1/4/2012 9:12:42 PM | Computer Name = Dad-PC | Source = DCOM | ID = 10005
Description =

Error - 1/5/2012 2:48:11 AM | Computer Name = Dad-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:47 AM

Posted 05 January 2012 - 09:22 AM

Hi!

Please run this utility:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Pieter Pos

Pieter Pos
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 05 January 2012 - 06:43 PM

Between the last instructions the PC shut down for unknown reasons. Start up failed and windows automatic repair failed.

The options available that I can think of are: restore to an earlier state (last one before the first notice of the virus on date of the first report in 2012 was 12/24). Restore to factory settings
Command prompt.

I do have backups of "My Documents" but it is uncertain if the virus is embedded/hiding here.

Please advise.

Thanks

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:47 AM

Posted 06 January 2012 - 03:46 AM

Hi!

Just so I know how to best advise you, were you able to start the ComboFix instructions?

What about trying to boot using Last Known Good Configuration?

Last Known Good Configuration

Start the computer by using the last known good configuration. To start the computer by using the last known good configuration, follow these steps:

  • Restart your computer.
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • This will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll to Last Known Good Configuration
  • Then press the Enter Key on your Keyboard
  • Go into your usual account

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 Pieter Pos

Pieter Pos
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 06 January 2012 - 07:55 AM

Good morning AT,

I tried the last know good configuration.

PC restarted, hit F8 for safe mode with networking. PC kept restarting. Stried letting it start in normal mode and after restarting by itself (never getting to the logon screen) it was back to windows trying to automatically repair itself. Windows can't restart with automatic repair.

ComboFix never ran as it shut down before I could run it.

Thanks

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:47 AM

Posted 06 January 2012 - 08:14 AM

I have a few questions for you.

Do you have your Windows disc? If not, do you have the ability to burn files to a CD/DVD or USB device?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 Pieter Pos

Pieter Pos
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 06 January 2012 - 08:31 AM

I don't believe de PC came with a disc. I do have the ability to burn to a CD/DVD or USB from a different PC on the same network.

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:47 AM

Posted 07 January 2012 - 01:51 AM

Hi!

Okay.

Try this please. You will need a USB drive.

If you have any files on the USB device, I suggest you back them up somewhere else as we will be formatting the USB drive.

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download dumpit to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive).
  • Double click on the dumpit file.
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 Pieter Pos

Pieter Pos
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 07 January 2012 - 09:09 AM

I apologize. The files were loaded on the clean USB. Once inserted into the sick PC and rebooting from the USB, the ExPud welcome screen appeared with a list of languages to chose from. No option to press File. A black screen appeared after ExPud started automatically with a number of messages. The first Line read: Fatal Server Errror No screens found.
Please also check the log file at "/var/log/xorg.0.log"
ddxSigGiveup: closing log (followed by nine closing log lines)

Xinit: no such file or directory (errno2: unable to connect to xserver
Xinit: No such processes
Xauth: (argv):1 bad display name "(none):0 in"remove" command
sh: no job control in this shell'sh-4.0#.

again, there was never a "enter file" option

Thanks

Edited by Pieter Pos, 07 January 2012 - 11:58 AM.


#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:47 AM

Posted 08 January 2012 - 04:49 AM

Hi!

Sorry to hear that you experienced issues with my previous instructions.

I'd like to have you start over and try these instructions. They are different from the previous instructions I provided.

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • It will install a little bootable OS on your USB
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Press Tool at the top
  • Choose Open Terminal
  • Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 Pieter Pos

Pieter Pos
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 08 January 2012 - 09:42 AM

Sorry, I am getting the same results. The USB now has the testdisk folder on it but I am getting the same results as before.

#14 Pieter Pos

Pieter Pos
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 08 January 2012 - 06:46 PM

The following files and folders are present on the thumb drive after the downlaods.

dumpit
vesamenu.c32
xpud-0.9.2
XPUDTESTDISK.EXE
syslinux
boot (folder)
opt (folder)
tetsdisk (folder)

Hope this helps solve the mystery

Thanks again your your help.

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:47 AM

Posted 09 January 2012 - 05:02 AM

Hi!

That's interesting. Lets try a different tool completely and see how it works for us.

Lets try a different tool.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users