oxr52a Posted January 31, 2012 ID:522063 Share Posted January 31, 2012 I have be unable to fix SVCHOST.EXE infected with Trojan.Agent using Malwarebytes. Can you please assist?Thanks very much.Here's the DDS and attach logs as per the instructions..DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24Run by Nolan Scott at 21:47:54 on 2012-01-30Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.4802 [GMT -5:00].AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\WUDFHost.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\System32\spoolsv.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exec:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exeC:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exeC:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\WUDFHost.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe-netsvcsC:\Windows\system32\conhost.exeC:\Program Files\Zune\ZuneLauncher.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exeC:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exeC:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exeC:\Program Files (x86)\CyberDefender\Registry Cleaner\CDregclean.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\vssvc.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.att.net/uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dlluURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dllmURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllBHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dllBHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dllBHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLLBHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dllBHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllTB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dllTB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllTB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dllTB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dllTB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dllTB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileuRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunmRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exemRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [<NO NAME>]mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDEDmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScriptStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLLDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{6461BF92-C357-4EE9-807F-6745DE002A8D} : NameServer = 66.1.32.132 66.1.32.133TCP: Interfaces\{C553182D-B1D8-4C61-A369-24D891835C5A} : DhcpNameServer = 192.168.1.254Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllBHO-X64: 0x1 - No FileBHO-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dllBHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dllBHO-X64: Norton Identity Protection - No FileBHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLLBHO-X64: Norton Vulnerability Protection - No FileBHO-X64: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dllBHO-X64: Incredibar.com Helper Object - No FileBHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dllBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllTB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dllTB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dllTB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllTB-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dllTB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dllTB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dllTB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB-X64: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dllTB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FilemRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exemRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun-x64: [(Default)]mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDEDmRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb110?a=6OypJgPEHA&i=26FF - prefs.js: browser.search.selectedEngine - MyStart SearchFF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb110/?loc=IB_DS&a=6OypJgPEHA&&i=26&search=FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3\components\coFFPlgn.dllFF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dllFF - component: C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dllFF - component: C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dllFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dllFF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dllFF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.comFF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbarFF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}.---- FIREFOX POLICIES ----FF - user.js: extensions.incredibar_i.newTab - falseFF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OypJgPEHA&loc=IB_TB&i=26&search=FF - user.js: extensions.incredibar_i.id - 503328c6000000000000002682577d0fFF - user.js: extensions.incredibar_i.hardId - 503328c6000000000000002682577d0fFF - user.js: extensions.incredibar_i.instlDay - 15353FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2722:30:51FF - user.js: extensions.incredibar_i.prtnrId - IncredibarFF - user.js: extensions.incredibar_i.prdct - incredibarFF - user.js: extensions.incredibar_i.aflt - orgnlFF - user.js: extensions.incredibar_i.smplGrp - noneFF - user.js: extensions.incredibar_i.tlbrId - baseFF - user.js: extensions.incredibar_i.instlRef -FF - user.js: extensions.incredibar_i.dfltLng -FF - user.js: extensions.incredibar_i.excTlbr - falseFF - user.js: extensions.incredibar_i.ms_url_id -FF - user.js: extensions.incredibar_i.upn2 - 6OypJgPEHAFF - user.js: extensions.incredibar_i.upn2n - 92260720934036790FF - user.js: extensions.incredibar_i.productid - 26FF - user.js: extensions.incredibar_i.installerproductid - 26FF - user.js: extensions.incredibar_i.did - 10556FF - user.js: extensions.incredibar_i.ppd - 1000.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [?]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [?]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2012-1-23 1157240]R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [?]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120128.002\IDSviA64.sys [2012-1-30 488568]R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [?]R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe [2012-1-28 138248]R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-9 138360]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-12 136176]S3 bcm;WiMAX Network Adapter;C:\Windows\system32\DRIVERS\drxvi314_64.sys --> C:\Windows\system32\DRIVERS\drxvi314_64.sys [?]S3 bcmbusctr;WiMAX Bus Driver;C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys --> C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys [?]S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-12 136176]S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2012-01-31 01:29:31 -------- d-----w- C:\Users\Nolan Scott\AppData\Roaming\CyberDefender2012-01-31 01:29:22 -------- d-----w- C:\Program Files (x86)\CyberDefender2012-01-31 01:20:07 20480 ------w- C:\Windows\svchost.exe2012-01-29 18:17:36 -------- d-----w- C:\Users\Nolan Scott\AppData\Roaming\AppClient2012-01-29 18:17:06 -------- d-----w- C:\Users\Nolan Scott\AppData\Local\Deployment2012-01-29 18:17:06 -------- d-----w- C:\Users\Nolan Scott\AppData\Local\Apps2012-01-28 13:41:40 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\srtsp64.sys2012-01-28 13:41:40 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1305000.091\symds64.sys2012-01-28 13:41:40 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\symnets.sys2012-01-28 13:41:40 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\srtspx64.sys2012-01-28 13:41:40 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\ironx64.sys2012-01-28 13:41:40 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\ccsetx64.sys2012-01-28 13:41:40 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\symefa64.sys2012-01-28 13:41:33 -------- d-----w- C:\Windows\System32\drivers\NISx64\1305000.0912012-01-27 01:11:12 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4BB0.tmp2012-01-27 01:11:12 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4BAF.tmp2012-01-14 03:31:01 -------- d-----w- C:\Program Files (x86)\ADLSoft UnCompressor2012-01-14 03:30:53 -------- d-----w- C:\Program Files (x86)\Incredibar.com2012-01-12 00:44:22 -------- d-----w- C:\Windows\System32\ms-MY2012-01-12 00:28:02 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll2012-01-12 00:28:02 366592 ----a-w- C:\Windows\System32\qdvd.dll2012-01-12 00:28:02 1572864 ----a-w- C:\Windows\System32\quartz.dll2012-01-12 00:28:02 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll2012-01-12 00:28:01 1731920 ----a-w- C:\Windows\System32\ntdll.dll2012-01-12 00:28:01 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll2012-01-12 00:27:59 77312 ----a-w- C:\Windows\System32\packager.dll2012-01-12 00:27:59 67072 ----a-w- C:\Windows\SysWow64\packager.dll2012-01-10 00:53:32 -------- d-----w- C:\Windows\System32\drivers\UMDF\ko-KR2012-01-10 00:53:29 -------- d-----w- C:\Windows\System32\drivers\UMDF\ms-MY2012-01-10 00:53:26 -------- d-----w- C:\Windows\System32\drivers\UMDF\id-ID2012-01-10 00:53:21 -------- d-----w- C:\Windows\System32\drivers\UMDF\sv-SE2012-01-10 00:53:18 -------- d-----w- C:\Windows\System32\drivers\UMDF\nb-NO2012-01-10 00:53:15 -------- d-----w- C:\Windows\System32\drivers\UMDF\hu-HU2012-01-10 00:53:11 -------- d-----w- C:\Windows\System32\drivers\UMDF\fi-FI2012-01-10 00:53:09 -------- d-----w- C:\Windows\System32\drivers\UMDF\el-GR2012-01-10 00:53:07 -------- d-----w- C:\Windows\System32\drivers\UMDF\da-DK2012-01-10 00:53:06 -------- d-----w- C:\Windows\System32\drivers\UMDF\cs-CZ2012-01-10 00:53:01 -------- d-----w- C:\Windows\System32\drivers\UMDF\zh-TW2012-01-10 00:53:00 -------- d-----w- C:\Windows\System32\drivers\UMDF\ru-RU2012-01-10 00:52:58 -------- d-----w- C:\Windows\System32\drivers\UMDF\pl-PL2012-01-10 00:52:55 -------- d-----w- C:\Windows\System32\drivers\UMDF\zh-CN2012-01-10 00:52:52 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP2012-01-10 00:52:49 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-BR2012-01-10 00:52:47 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-PT2012-01-10 00:52:43 -------- d-----w- C:\Windows\System32\drivers\UMDF\nl-NL2012-01-10 00:52:42 -------- d-----w- C:\Windows\System32\drivers\UMDF\it-IT2012-01-10 00:52:39 -------- d-----w- C:\Windows\System32\drivers\UMDF\de-DE2012-01-10 00:52:38 -------- d-----w- C:\Windows\System32\drivers\UMDF\fr-FR2012-01-10 00:52:36 -------- d-----w- C:\Windows\System32\drivers\UMDF\es-ES2012-01-05 23:34:27 -------- d-----w- C:\Users\Nolan Scott\AppData\Local\NPE2012-01-05 01:37:41 -------- d-----w- C:\Users\Nolan Scott\AppData\Roaming\Tific2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll2012-01-03 11:21:06 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{992FA99F-1C48-4FAB-81EB-F8EDD821CD34}\mpengine.dll.==================== Find3M ====================.2012-01-28 13:41:49 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys2011-12-10 14:48:59 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2011-11-15 19:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb.============= FINISH: 21:48:17.87 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 3/10/2010 10:55:30 AMSystem Uptime: 1/30/2012 8:18:46 PM (1 hours ago).Motherboard: PEGATRON CORPORATION | | VIOLET6Processor: AMD Phenom II X4 820 Processor | CPU 1 | 2800/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 921 GiB total, 751.928 GiB free.D: is FIXED (NTFS) - 11 GiB total, 1.571 GiB free.F: is CDROM ()G: is RemovableH: is RemovableI: is RemovableJ: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP253: 1/9/2012 7:48:32 PM - Windows UpdateRP254: 1/11/2012 10:02:36 PM - Windows UpdateRP255: 1/16/2012 6:24:37 AM - HPSF Restore PointRP256: 1/26/2012 3:00:38 AM - Windows Update.==== Installed Programs ======================.Activation Assistant for the 2007 Microsoft Office suitesAdobe AIRAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.2)Apple Application SupportApple Software UpdateBitTorrentBitTorrentBar ToolbarCompatibility Pack for the 2007 Office systemConduit EngineCyberLink DVD Suite DeluxeCyberLink PowerDirectorD3DX10DirectX for Managed Code Update (Summer 2004)DoubleMySpeed Registry CleanerDropboxEmulator StarterFeedback ToolFinale SongWriter 2005Google ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperHewlett-Packard ACLM.NET v1.1.1.0HP AdvisorHP Customer Experience EnhancementsHP GamesHP MediaSmart DemoHP OdometerHP Remote SolutionHP SetupHP Support AssistantHP Support InformationHP UpdateIncredibar Toolbar on IE and ChromeInstallVC90SupportJava Auto UpdaterJava 6 Update 24Junk Mail filter updateLabelPrintLightScribe System SoftwareMalwarebytes Anti-Malware version 1.60.1.1000McAfee Security Scan PlusMesh RuntimeMessenger CompanionMicrosoft Live Search ToolbarMicrosoft Office Basic Edition 2003Microsoft Office File Validation Add-InMicrosoft Office Outlook ConnectorMicrosoft Office PowerPoint Viewer 2007 (English)Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMozilla Firefox (3.6.6)MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Norton Internet SecurityNorton Online BackupPictureMoverPower2GoQuickTimeRealtek High Definition Audio DriverRecovery ManagerSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)SmartSound Quicktracks PluginSystem Shock2Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Veetle TV 0.9.18vShare PluginWindows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesZip Motion Block Video codec (Remove Only).==== Event Viewer Messages From Past Week ========.1/30/2012 8:21:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.1/30/2012 8:17:02 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.1/30/2012 8:17:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}1/30/2012 8:17:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}1/30/2012 8:17:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}1/30/2012 8:17:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}1/30/2012 8:17:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}1/30/2012 8:16:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}1/30/2012 8:16:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_NIS DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.1/30/2012 6:34:22 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).1/30/2012 6:34:22 PM, Error: Service Control Manager [7038] - The Dhcp service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).1/30/2012 6:34:22 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service did not start due to a logon failure.1/30/2012 6:34:22 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.1/30/2012 6:34:22 PM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not start due to a logon failure.1/30/2012 6:34:15 PM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: A system shutdown is in progress.1/30/2012 6:34:05 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.1/30/2012 6:04:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000040, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ca4e38). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 013012-43446-01.1/30/2012 5:57:28 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.1/30/2012 5:57:20 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.1/26/2012 8:26:51 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.1/26/2012 8:19:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002cbcb5a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012612-46987-01..==== End Of File =========================== Link to post Share on other sites More sharing options...
oxr52a Posted January 31, 2012 Author ID:522357 Share Posted January 31, 2012 Hey guys, missed your policy about peer 2 peer. Here are the test results again with the prohibited software uninstalled. Thanks again.I noticed other people are having issues with the same Trojan Agent. Can I follow the instructions in another thread to solve my problem or is each solution unique?.DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24Run by Nolan Scott at 17:15:57 on 2012-01-31Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.5330 [GMT -5:00].AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\System32\spoolsv.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exec:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exeC:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exeC:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Zune\ZuneLauncher.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exeC:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exeC:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe-netsvcsC:\Windows\system32\conhost.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.att.net/uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dlluURLSearchHooks: H - No FileBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dllBHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLLBHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllTB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dllTB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dllTB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileTB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No FileuRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunmRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exemRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [<NO NAME>]mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDEDmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLLDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{6461BF92-C357-4EE9-807F-6745DE002A8D} : NameServer = 66.1.32.132 66.1.32.133TCP: Interfaces\{C553182D-B1D8-4C61-A369-24D891835C5A} : DhcpNameServer = 192.168.1.254Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllBHO-X64: 0x1 - No FileBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dllBHO-X64: Norton Identity Protection - No FileBHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLLBHO-X64: Norton Vulnerability Protection - No FileBHO-X64: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dllBHO-X64: Incredibar.com Helper Object - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllTB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dllTB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dllTB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllTB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB-X64: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dllTB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileTB-X64: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No FilemRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exemRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun-x64: [(Default)]mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDEDmRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe".================= FIREFOX ===================.FF - ProfilePath - C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb110?a=6OypJgPEHA&i=26FF - prefs.js: browser.search.selectedEngine - MyStart SearchFF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb110/?loc=IB_DS&a=6OypJgPEHA&&i=26&search=FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3\components\coFFPlgn.dllFF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dllFF - component: C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dllFF - component: C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dllFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dllFF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dllFF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.comFF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbarFF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}.---- FIREFOX POLICIES ----FF - user.js: extensions.incredibar_i.newTab - falseFF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OypJgPEHA&loc=IB_TB&i=26&search=FF - user.js: extensions.incredibar_i.id - 503328c6000000000000002682577d0fFF - user.js: extensions.incredibar_i.hardId - 503328c6000000000000002682577d0fFF - user.js: extensions.incredibar_i.instlDay - 15353FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2722:30:51FF - user.js: extensions.incredibar_i.prtnrId - IncredibarFF - user.js: extensions.incredibar_i.prdct - incredibarFF - user.js: extensions.incredibar_i.aflt - orgnlFF - user.js: extensions.incredibar_i.smplGrp - noneFF - user.js: extensions.incredibar_i.tlbrId - baseFF - user.js: extensions.incredibar_i.instlRef -FF - user.js: extensions.incredibar_i.dfltLng -FF - user.js: extensions.incredibar_i.excTlbr - falseFF - user.js: extensions.incredibar_i.ms_url_id -FF - user.js: extensions.incredibar_i.upn2 - 6OypJgPEHAFF - user.js: extensions.incredibar_i.upn2n - 92260720934036790FF - user.js: extensions.incredibar_i.productid - 26FF - user.js: extensions.incredibar_i.installerproductid - 26FF - user.js: extensions.incredibar_i.did - 10556FF - user.js: extensions.incredibar_i.ppd - 1000.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [?]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [?]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2012-1-23 1157240]R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [?]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120128.002\IDSviA64.sys [2012-1-30 488568]R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [?]R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe [2012-1-28 138248]R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-9 138360]R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-12 136176]S3 bcm;WiMAX Network Adapter;C:\Windows\system32\DRIVERS\drxvi314_64.sys --> C:\Windows\system32\DRIVERS\drxvi314_64.sys [?]S3 bcmbusctr;WiMAX Bus Driver;C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys --> C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys [?]S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-12 136176]S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2012-01-31 10:53:28 20480 ----a-w- C:\Windows\svchost.exe2012-01-29 18:17:36 -------- d-----w- C:\Users\Nolan Scott\AppData\Roaming\AppClient2012-01-29 18:17:06 -------- d-----w- C:\Users\Nolan Scott\AppData\Local\Deployment2012-01-29 18:17:06 -------- d-----w- C:\Users\Nolan Scott\AppData\Local\Apps2012-01-28 13:41:40 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\srtsp64.sys2012-01-28 13:41:40 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1305000.091\symds64.sys2012-01-28 13:41:40 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\symnets.sys2012-01-28 13:41:40 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\srtspx64.sys2012-01-28 13:41:40 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\ironx64.sys2012-01-28 13:41:40 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\ccsetx64.sys2012-01-28 13:41:40 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\symefa64.sys2012-01-28 13:41:33 -------- d-----w- C:\Windows\System32\drivers\NISx64\1305000.0912012-01-27 01:11:12 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4BB0.tmp2012-01-27 01:11:12 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4BAF.tmp2012-01-14 03:31:01 -------- d-----w- C:\Program Files (x86)\ADLSoft UnCompressor2012-01-14 03:30:53 -------- d-----w- C:\Program Files (x86)\Incredibar.com2012-01-12 00:44:22 -------- d-----w- C:\Windows\System32\ms-MY2012-01-12 00:28:02 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll2012-01-12 00:28:02 366592 ----a-w- C:\Windows\System32\qdvd.dll2012-01-12 00:28:02 1572864 ----a-w- C:\Windows\System32\quartz.dll2012-01-12 00:28:02 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll2012-01-12 00:28:01 1731920 ----a-w- C:\Windows\System32\ntdll.dll2012-01-12 00:28:01 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll2012-01-12 00:27:59 77312 ----a-w- C:\Windows\System32\packager.dll2012-01-12 00:27:59 67072 ----a-w- C:\Windows\SysWow64\packager.dll2012-01-10 00:53:32 -------- d-----w- C:\Windows\System32\drivers\UMDF\ko-KR2012-01-10 00:53:29 -------- d-----w- C:\Windows\System32\drivers\UMDF\ms-MY2012-01-10 00:53:26 -------- d-----w- C:\Windows\System32\drivers\UMDF\id-ID2012-01-10 00:53:21 -------- d-----w- C:\Windows\System32\drivers\UMDF\sv-SE2012-01-10 00:53:18 -------- d-----w- C:\Windows\System32\drivers\UMDF\nb-NO2012-01-10 00:53:15 -------- d-----w- C:\Windows\System32\drivers\UMDF\hu-HU2012-01-10 00:53:11 -------- d-----w- C:\Windows\System32\drivers\UMDF\fi-FI2012-01-10 00:53:09 -------- d-----w- C:\Windows\System32\drivers\UMDF\el-GR2012-01-10 00:53:07 -------- d-----w- C:\Windows\System32\drivers\UMDF\da-DK2012-01-10 00:53:06 -------- d-----w- C:\Windows\System32\drivers\UMDF\cs-CZ2012-01-10 00:53:01 -------- d-----w- C:\Windows\System32\drivers\UMDF\zh-TW2012-01-10 00:53:00 -------- d-----w- C:\Windows\System32\drivers\UMDF\ru-RU2012-01-10 00:52:58 -------- d-----w- C:\Windows\System32\drivers\UMDF\pl-PL2012-01-10 00:52:55 -------- d-----w- C:\Windows\System32\drivers\UMDF\zh-CN2012-01-10 00:52:52 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP2012-01-10 00:52:49 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-BR2012-01-10 00:52:47 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-PT2012-01-10 00:52:43 -------- d-----w- C:\Windows\System32\drivers\UMDF\nl-NL2012-01-10 00:52:42 -------- d-----w- C:\Windows\System32\drivers\UMDF\it-IT2012-01-10 00:52:39 -------- d-----w- C:\Windows\System32\drivers\UMDF\de-DE2012-01-10 00:52:38 -------- d-----w- C:\Windows\System32\drivers\UMDF\fr-FR2012-01-10 00:52:36 -------- d-----w- C:\Windows\System32\drivers\UMDF\es-ES2012-01-05 23:34:27 -------- d-----w- C:\Users\Nolan Scott\AppData\Local\NPE2012-01-05 01:37:41 -------- d-----w- C:\Users\Nolan Scott\AppData\Roaming\Tific2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll2012-01-03 11:21:06 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{992FA99F-1C48-4FAB-81EB-F8EDD821CD34}\mpengine.dll.==================== Find3M ====================.2012-01-28 13:41:49 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys2011-12-10 14:48:59 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2011-11-15 19:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb.============= FINISH: 17:16:44.80 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 3/10/2010 10:55:30 AMSystem Uptime: 1/31/2012 4:58:13 PM (1 hours ago).Motherboard: PEGATRON CORPORATION | | VIOLET6Processor: AMD Phenom II X4 820 Processor | CPU 1 | 2800/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 921 GiB total, 750.937 GiB free.D: is FIXED (NTFS) - 11 GiB total, 1.571 GiB free.E: is CDROM (UDF)F: is CDROM ()G: is RemovableH: is RemovableI: is RemovableJ: is RemovableK: is FIXED (NTFS) - 931 GiB total, 687.256 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP253: 1/9/2012 7:48:32 PM - Windows UpdateRP254: 1/11/2012 10:02:36 PM - Windows UpdateRP255: 1/16/2012 6:24:37 AM - HPSF Restore PointRP256: 1/26/2012 3:00:38 AM - Windows UpdateRP257: 1/30/2012 10:16:22 PM - Removed Apple Software UpdateRP258: 1/30/2012 10:17:19 PM - Removed Apple Mobile Device SupportRP259: 1/30/2012 10:18:21 PM - Removed Apple Application Support.==== Installed Programs ======================.Activation Assistant for the 2007 Microsoft Office suitesAdobe AIRAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.2)Apple Software UpdateCompatibility Pack for the 2007 Office systemCyberLink DVD Suite DeluxeCyberLink PowerDirectorD3DX10DirectX for Managed Code Update (Summer 2004)Feedback ToolFinale SongWriter 2005Google ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperHewlett-Packard ACLM.NET v1.1.1.0HP AdvisorHP Customer Experience EnhancementsHP GamesHP MediaSmart DemoHP OdometerHP Remote SolutionHP SetupHP Support AssistantHP Support InformationHP UpdateIncredibar Toolbar on IE and ChromeInstallVC90SupportJava Auto UpdaterJava 6 Update 24Junk Mail filter updateLabelPrintLightScribe System SoftwareMalwarebytes Anti-Malware version 1.60.1.1000McAfee Security Scan PlusMesh RuntimeMessenger CompanionMicrosoft Live Search ToolbarMicrosoft Office Basic Edition 2003Microsoft Office File Validation Add-InMicrosoft Office Outlook ConnectorMicrosoft Office PowerPoint Viewer 2007 (English)Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMozilla Firefox (3.6.6)MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Norton Internet SecurityNorton Online BackupPictureMoverPower2GoQuickTimeRealtek High Definition Audio DriverRecovery ManagerSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)SmartSound Quicktracks PluginSystem Shock2Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Windows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesZip Motion Block Video codec (Remove Only).==== Event Viewer Messages From Past Week ========.1/30/2012 8:21:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.1/30/2012 8:17:02 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.1/30/2012 8:17:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}1/30/2012 8:17:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}1/30/2012 8:17:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}1/30/2012 8:17:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}1/30/2012 8:17:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}1/30/2012 8:16:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}1/30/2012 8:16:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_NIS DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.1/30/2012 8:16:41 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.1/30/2012 6:34:22 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).1/30/2012 6:34:22 PM, Error: Service Control Manager [7038] - The Dhcp service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).1/30/2012 6:34:22 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service did not start due to a logon failure.1/30/2012 6:34:22 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.1/30/2012 6:34:22 PM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not start due to a logon failure.1/30/2012 6:34:15 PM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: A system shutdown is in progress.1/30/2012 6:34:05 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.1/30/2012 6:04:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000040, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ca4e38). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 013012-43446-01.1/30/2012 5:57:28 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.1/30/2012 5:57:20 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.1/30/2012 10:17:51 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.1/26/2012 8:26:51 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.1/26/2012 8:19:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002cbcb5a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012612-46987-01..==== End Of File =========================== Link to post Share on other sites More sharing options...
Larusso Posted February 1, 2012 ID:522572 Share Posted February 1, 2012 Hymy name is Daniel and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Yes, all steps are for unique for each user.Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.Download TDSSKiller.exe and save it to your desktopExecute TDSSKiller.exe by doubleclicking on it.Press Start ScanIf Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txtPlease post the contents of that log in your next reply.Please download aswMBR.exe and save it to your desktop. Double click aswMBR.exe to start the tool.Vista/Windows 7 users: Right click to "Run as Administrator"The tool may ask youThis application can use AVAST! Free Antivirus to scanningWould you like to download latest AVAST! virus definitions ?Please click No Click ScanUpon completion of the scan, click Save log and save it to your desktop, and post the aswmbr.txt in your next reply for review. Note - do NOT attempt any Fix yet. You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.Please post in your next replyTDSSKiller LogaswMBR.txt Link to post Share on other sites More sharing options...
oxr52a Posted February 2, 2012 Author ID:522758 Share Posted February 2, 2012 Awesome! Let's destroy this thing:19:16:24.0683 2380 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:4919:16:24.0697 2380 ============================================================19:16:24.0698 2380 Current date / time: 2012/02/01 19:16:24.069719:16:24.0698 2380 SystemInfo:19:16:24.0698 238019:16:24.0698 2380 OS Version: 6.1.7601 ServicePack: 1.019:16:24.0698 2380 Product type: Workstation19:16:24.0698 2380 ComputerName: NES-PC19:16:24.0698 2380 UserName: Nolan Scott19:16:24.0698 2380 Windows directory: C:\Windows19:16:24.0698 2380 System windows directory: C:\Windows19:16:24.0698 2380 Running under WOW6419:16:24.0698 2380 Processor architecture: Intel x6419:16:24.0698 2380 Number of processors: 419:16:24.0698 2380 Page size: 0x100019:16:24.0698 2380 Boot type: Normal boot19:16:24.0698 2380 ============================================================19:16:27.0185 2380 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004019:16:27.0196 2380 Drive \Device\Harddisk5\DR5 - Size: 0xE8B6F00000 (930.86 Gb), SectorSize: 0x200, Cylinders: 0x1DAAB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'19:16:27.0198 2380 \Device\Harddisk0\DR0:19:16:27.0198 2380 MBR used19:16:27.0198 2380 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3200019:16:27.0198 2380 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7314780019:16:27.0198 2380 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7317A000, BlocksNum 0x158C00019:16:27.0198 2380 \Device\Harddisk5\DR5:19:16:27.0199 2380 MBR used19:16:27.0199 2380 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x745B700019:16:27.0310 2380 Initialize success19:16:27.0310 2380 ============================================================19:16:32.0629 4432 ============================================================19:16:32.0629 4432 Scan started19:16:32.0629 4432 Mode: Manual;19:16:32.0629 4432 ============================================================19:16:38.0037 4432 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys19:16:38.0040 4432 1394ohci - ok19:16:38.0073 4432 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys19:16:38.0077 4432 ACPI - ok19:16:38.0103 4432 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys19:16:38.0104 4432 AcpiPmi - ok19:16:38.0174 4432 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys19:16:38.0197 4432 adp94xx - ok19:16:38.0242 4432 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys19:16:38.0247 4432 adpahci - ok19:16:38.0281 4432 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys19:16:38.0304 4432 adpu320 - ok19:16:38.0355 4432 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys19:16:38.0361 4432 AFD - ok19:16:38.0381 4432 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys19:16:38.0383 4432 agp440 - ok19:16:38.0406 4432 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys19:16:38.0408 4432 aliide - ok19:16:38.0427 4432 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys19:16:38.0429 4432 amdide - ok19:16:38.0457 4432 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys19:16:38.0459 4432 AmdK8 - ok19:16:38.0493 4432 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys19:16:38.0494 4432 AmdPPM - ok19:16:38.0533 4432 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys19:16:38.0536 4432 amdsata - ok19:16:38.0568 4432 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys19:16:38.0574 4432 amdsbs - ok19:16:38.0588 4432 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys19:16:38.0589 4432 amdxata - ok19:16:38.0614 4432 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys19:16:38.0644 4432 AppID - ok19:16:38.0669 4432 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys19:16:38.0671 4432 arc - ok19:16:38.0679 4432 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys19:16:38.0701 4432 arcsas - ok19:16:38.0739 4432 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys19:16:38.0751 4432 AsyncMac - ok19:16:38.0785 4432 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys19:16:38.0787 4432 atapi - ok19:16:38.0847 4432 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys19:16:38.0861 4432 athr - ok19:16:38.0908 4432 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys19:16:38.0914 4432 b06bdrv - ok19:16:38.0941 4432 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys19:16:38.0945 4432 b57nd60a - ok19:16:38.0994 4432 bcm (d1ba00d7cb6c1fbf29dc8935d8525d22) C:\Windows\system32\DRIVERS\drxvi314_64.sys19:16:39.0014 4432 bcm - ok19:16:39.0045 4432 bcmbusctr (5ccd19e7fa04db87adf171fa702a4169) C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys19:16:39.0046 4432 bcmbusctr - ok19:16:39.0068 4432 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys19:16:39.0081 4432 Beep - ok19:16:39.0235 4432 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120121.002\BHDrvx64.sys19:16:39.0243 4432 BHDrvx64 - ok19:16:39.0283 4432 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys19:16:39.0284 4432 blbdrive - ok19:16:39.0301 4432 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys19:16:39.0303 4432 bowser - ok19:16:39.0322 4432 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys19:16:39.0324 4432 BrFiltLo - ok19:16:39.0343 4432 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys19:16:39.0345 4432 BrFiltUp - ok19:16:39.0363 4432 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys19:16:39.0366 4432 Brserid - ok19:16:39.0390 4432 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys19:16:39.0392 4432 BrSerWdm - ok19:16:39.0415 4432 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys19:16:39.0417 4432 BrUsbMdm - ok19:16:39.0429 4432 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys19:16:39.0431 4432 BrUsbSer - ok19:16:39.0459 4432 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys19:16:39.0461 4432 BTHMODEM - ok19:16:39.0548 4432 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys19:16:39.0550 4432 ccSet_NIS - ok19:16:39.0573 4432 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys19:16:39.0575 4432 cdfs - ok19:16:39.0619 4432 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys19:16:39.0621 4432 cdrom - ok19:16:39.0668 4432 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys19:16:39.0669 4432 circlass - ok19:16:39.0698 4432 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys19:16:39.0702 4432 CLFS - ok19:16:39.0752 4432 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys19:16:39.0754 4432 CmBatt - ok19:16:39.0786 4432 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys19:16:39.0788 4432 cmdide - ok19:16:39.0819 4432 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys19:16:39.0824 4432 CNG - ok19:16:39.0831 4432 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys19:16:39.0833 4432 Compbatt - ok19:16:39.0847 4432 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys19:16:39.0865 4432 CompositeBus - ok19:16:39.0896 4432 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys19:16:39.0911 4432 crcdisk - ok19:16:39.0967 4432 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys19:16:39.0969 4432 DfsC - ok19:16:39.0988 4432 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys19:16:39.0989 4432 discache - ok19:16:40.0007 4432 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys19:16:40.0009 4432 Disk - ok19:16:40.0056 4432 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys19:16:40.0058 4432 drmkaud - ok19:16:40.0094 4432 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys19:16:40.0100 4432 DXGKrnl - ok19:16:40.0182 4432 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys19:16:40.0250 4432 ebdrv - ok19:16:40.0332 4432 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys19:16:40.0335 4432 eeCtrl - ok19:16:40.0412 4432 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys19:16:40.0418 4432 elxstor - ok19:16:40.0468 4432 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys19:16:40.0469 4432 EraserUtilRebootDrv - ok19:16:40.0496 4432 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys19:16:40.0497 4432 ErrDev - ok19:16:40.0545 4432 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys19:16:40.0548 4432 exfat - ok19:16:40.0564 4432 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys19:16:40.0577 4432 fastfat - ok19:16:40.0601 4432 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys19:16:40.0603 4432 fdc - ok19:16:40.0628 4432 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys19:16:40.0630 4432 FileInfo - ok19:16:40.0645 4432 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys19:16:40.0646 4432 Filetrace - ok19:16:40.0674 4432 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys19:16:40.0675 4432 flpydisk - ok19:16:40.0716 4432 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys19:16:40.0719 4432 FltMgr - ok19:16:40.0742 4432 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys19:16:40.0744 4432 FsDepends - ok19:16:40.0783 4432 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys19:16:40.0796 4432 fssfltr - ok19:16:40.0824 4432 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys19:16:40.0825 4432 Fs_Rec - ok19:16:40.0854 4432 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys19:16:40.0856 4432 fvevol - ok19:16:40.0878 4432 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys19:16:40.0880 4432 gagp30kx - ok19:16:40.0944 4432 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys19:16:40.0946 4432 hcw85cir - ok19:16:40.0978 4432 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys19:16:40.0980 4432 HDAudBus - ok19:16:40.0997 4432 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys19:16:40.0998 4432 HidBatt - ok19:16:41.0021 4432 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys19:16:41.0023 4432 HidBth - ok19:16:41.0048 4432 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys19:16:41.0050 4432 HidIr - ok19:16:41.0072 4432 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys19:16:41.0074 4432 HidUsb - ok19:16:41.0134 4432 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys19:16:41.0145 4432 HpSAMD - ok19:16:41.0199 4432 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys19:16:41.0206 4432 HTTP - ok19:16:41.0230 4432 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys19:16:41.0231 4432 hwpolicy - ok19:16:41.0272 4432 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys19:16:41.0275 4432 i8042prt - ok19:16:41.0309 4432 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys19:16:41.0328 4432 iaStorV - ok19:16:41.0467 4432 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120128.002\IDSvia64.sys19:16:41.0470 4432 IDSVia64 - ok19:16:41.0507 4432 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys19:16:41.0508 4432 iirsp - ok19:16:41.0582 4432 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys19:16:41.0593 4432 IntcAzAudAddService - ok19:16:41.0612 4432 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys19:16:41.0613 4432 intelide - ok19:16:41.0653 4432 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys19:16:41.0655 4432 intelppm - ok19:16:41.0702 4432 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys19:16:41.0704 4432 IpFilterDriver - ok19:16:41.0732 4432 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys19:16:41.0754 4432 IPMIDRV - ok19:16:41.0788 4432 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys19:16:41.0800 4432 IPNAT - ok19:16:41.0824 4432 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys19:16:41.0825 4432 IRENUM - ok19:16:41.0845 4432 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys19:16:41.0846 4432 isapnp - ok19:16:41.0879 4432 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys19:16:41.0896 4432 iScsiPrt - ok19:16:41.0938 4432 ivusb (2f9f76349bb8c578873a58c840ba0589) C:\Windows\system32\DRIVERS\ivusb.sys19:16:41.0940 4432 ivusb - ok19:16:41.0968 4432 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys19:16:41.0980 4432 kbdclass - ok19:16:42.0013 4432 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys19:16:42.0029 4432 kbdhid - ok19:16:42.0069 4432 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys19:16:42.0071 4432 KSecDD - ok19:16:42.0091 4432 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys19:16:42.0094 4432 KSecPkg - ok19:16:42.0104 4432 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys19:16:42.0105 4432 ksthunk - ok19:16:42.0166 4432 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys19:16:42.0167 4432 lltdio - ok19:16:42.0215 4432 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys19:16:42.0229 4432 LSI_FC - ok19:16:42.0263 4432 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys19:16:42.0265 4432 LSI_SAS - ok19:16:42.0279 4432 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys19:16:42.0281 4432 LSI_SAS2 - ok19:16:42.0294 4432 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys19:16:42.0296 4432 LSI_SCSI - ok19:16:42.0316 4432 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys19:16:42.0334 4432 luafv - ok19:16:42.0396 4432 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys19:16:42.0414 4432 megasas - ok19:16:42.0440 4432 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys19:16:42.0444 4432 MegaSR - ok19:16:42.0468 4432 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys19:16:42.0469 4432 Modem - ok19:16:42.0498 4432 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys19:16:42.0499 4432 monitor - ok19:16:42.0532 4432 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys19:16:42.0544 4432 mouclass - ok19:16:42.0587 4432 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys19:16:42.0588 4432 mouhid - ok19:16:42.0620 4432 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys19:16:42.0621 4432 mountmgr - ok19:16:42.0649 4432 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys19:16:42.0651 4432 mpio - ok19:16:42.0672 4432 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys19:16:42.0674 4432 mpsdrv - ok19:16:42.0710 4432 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys19:16:42.0713 4432 MRxDAV - ok19:16:42.0748 4432 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys19:16:42.0750 4432 mrxsmb - ok19:16:42.0776 4432 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys19:16:42.0780 4432 mrxsmb10 - ok19:16:42.0802 4432 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys19:16:42.0822 4432 mrxsmb20 - ok19:16:42.0848 4432 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys19:16:42.0849 4432 msahci - ok19:16:42.0887 4432 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys19:16:42.0889 4432 msdsm - ok19:16:42.0915 4432 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys19:16:42.0916 4432 Msfs - ok19:16:42.0939 4432 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys19:16:43.0316 4432 mshidkmdf - ok19:16:43.0411 4432 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys19:16:43.0412 4432 msisadrv - ok19:16:43.0513 4432 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys19:16:43.0515 4432 MSKSSRV - ok19:16:43.0552 4432 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys19:16:43.0553 4432 MSPCLOCK - ok19:16:43.0567 4432 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys19:16:43.0568 4432 MSPQM - ok19:16:43.0593 4432 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys19:16:43.0598 4432 MsRPC - ok19:16:43.0619 4432 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys19:16:43.0619 4432 mssmbios - ok19:16:43.0638 4432 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys19:16:43.0639 4432 MSTEE - ok19:16:43.0674 4432 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys19:16:43.0676 4432 MTConfig - ok19:16:43.0701 4432 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys19:16:43.0702 4432 Mup - ok19:16:43.0727 4432 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys19:16:43.0731 4432 NativeWifiP - ok19:16:43.0825 4432 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120131.017\ENG64.SYS19:16:43.0827 4432 NAVENG - ok19:16:43.0874 4432 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120131.017\EX64.SYS19:16:43.0887 4432 NAVEX15 - ok19:16:43.0947 4432 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys19:16:43.0956 4432 NDIS - ok19:16:43.0975 4432 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys19:16:43.0988 4432 NdisCap - ok19:16:44.0040 4432 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys19:16:44.0041 4432 NdisTapi - ok19:16:44.0074 4432 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys19:16:44.0076 4432 Ndisuio - ok19:16:44.0114 4432 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys19:16:44.0116 4432 NdisWan - ok19:16:44.0127 4432 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys19:16:44.0129 4432 NDProxy - ok19:16:44.0142 4432 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys19:16:44.0145 4432 NetBIOS - ok19:16:44.0176 4432 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys19:16:44.0179 4432 NetBT - ok19:16:44.0241 4432 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys19:16:44.0243 4432 nfrd960 - ok19:16:44.0278 4432 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys19:16:44.0279 4432 Npfs - ok19:16:44.0288 4432 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys19:16:44.0289 4432 nsiproxy - ok19:16:44.0341 4432 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys19:16:44.0359 4432 Ntfs - ok19:16:44.0377 4432 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys19:16:44.0379 4432 Null - ok19:16:44.0578 4432 nvlddmkm (1cf597c9f0745735a6c5181ecb83706e) C:\Windows\system32\DRIVERS\nvlddmkm.sys19:16:44.0641 4432 nvlddmkm - ok19:16:44.0687 4432 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys19:16:44.0689 4432 NVNET - ok19:16:44.0724 4432 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys19:16:44.0738 4432 nvraid - ok19:16:44.0760 4432 nvsmu (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS\nvsmu.sys19:16:44.0761 4432 nvsmu - ok19:16:44.0798 4432 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys19:16:44.0811 4432 nvstor - ok19:16:44.0832 4432 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys19:16:44.0833 4432 nvstor64 - ok19:16:44.0854 4432 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys19:16:44.0856 4432 nv_agp - ok19:16:44.0906 4432 NWADI (f79633a8b7db75cb5fad53b02985a414) C:\Windows\system32\DRIVERS\NWADIenum.sys19:16:44.0909 4432 NWADI - ok19:16:44.0938 4432 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys19:16:44.0940 4432 ohci1394 - ok19:16:45.0010 4432 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys19:16:45.0011 4432 Parport - ok19:16:45.0046 4432 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys19:16:45.0048 4432 partmgr - ok19:16:45.0063 4432 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys19:16:45.0066 4432 pci - ok19:16:45.0081 4432 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys19:16:45.0083 4432 pciide - ok19:16:45.0111 4432 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys19:16:45.0115 4432 pcmcia - ok19:16:45.0121 4432 PCTINDIS5X64 - ok19:16:45.0153 4432 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys19:16:45.0154 4432 pcw - ok19:16:45.0175 4432 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys19:16:45.0183 4432 PEAUTH - ok19:16:45.0275 4432 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys19:16:45.0278 4432 PptpMiniport - ok19:16:45.0297 4432 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys19:16:45.0299 4432 Processor - ok19:16:45.0332 4432 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys19:16:45.0333 4432 Psched - ok19:16:45.0386 4432 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys19:16:45.0402 4432 ql2300 - ok19:16:45.0430 4432 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys19:16:45.0432 4432 ql40xx - ok19:16:45.0448 4432 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys19:16:45.0449 4432 QWAVEdrv - ok19:16:45.0469 4432 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys19:16:45.0470 4432 RasAcd - ok19:16:45.0502 4432 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys19:16:45.0517 4432 RasAgileVpn - ok19:16:45.0561 4432 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys19:16:45.0563 4432 Rasl2tp - ok19:16:45.0583 4432 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys19:16:45.0585 4432 RasPppoe - ok19:16:45.0619 4432 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys19:16:45.0620 4432 RasSstp - ok19:16:45.0645 4432 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys19:16:45.0649 4432 rdbss - ok19:16:45.0669 4432 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys19:16:45.0670 4432 rdpbus - ok19:16:45.0690 4432 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys19:16:45.0690 4432 RDPCDD - ok19:16:45.0719 4432 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys19:16:45.0719 4432 RDPENCDD - ok19:16:45.0732 4432 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys19:16:45.0732 4432 RDPREFMP - ok19:16:45.0753 4432 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys19:16:45.0756 4432 RDPWD - ok19:16:45.0779 4432 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys19:16:45.0796 4432 rdyboost - ok19:16:45.0854 4432 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys19:16:45.0856 4432 RimUsb - ok19:16:45.0875 4432 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys19:16:45.0903 4432 rspndr - ok19:16:45.0942 4432 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys19:16:45.0944 4432 sbp2port - ok19:16:45.0975 4432 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys19:16:45.0993 4432 scfilter - ok19:16:46.0005 4432 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys19:16:46.0007 4432 secdrv - ok19:16:46.0064 4432 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys19:16:46.0065 4432 Serenum - ok19:16:46.0100 4432 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys19:16:46.0102 4432 Serial - ok19:16:46.0136 4432 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys19:16:46.0138 4432 sermouse - ok19:16:46.0172 4432 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys19:16:46.0174 4432 sffdisk - ok19:16:46.0185 4432 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys19:16:46.0206 4432 sffp_mmc - ok19:16:46.0225 4432 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys19:16:46.0227 4432 sffp_sd - ok19:16:46.0252 4432 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys19:16:46.0253 4432 sfloppy - ok19:16:46.0298 4432 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys19:16:46.0299 4432 SiSRaid2 - ok19:16:46.0325 4432 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys19:16:46.0327 4432 SiSRaid4 - ok19:16:46.0363 4432 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys19:16:46.0365 4432 Smb - ok19:16:46.0397 4432 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys19:16:46.0398 4432 spldr - ok19:16:46.0490 4432 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS19:16:46.0494 4432 SRTSP - ok19:16:46.0520 4432 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS19:16:46.0521 4432 SRTSPX - ok19:16:46.0551 4432 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys19:16:46.0556 4432 srv - ok19:16:46.0594 4432 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys19:16:46.0600 4432 srv2 - ok19:16:46.0635 4432 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys19:16:46.0638 4432 srvnet - ok19:16:46.0688 4432 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys19:16:46.0689 4432 stexstor - ok19:16:46.0745 4432 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys19:16:46.0746 4432 swenum - ok19:16:46.0778 4432 swmx00 (a8e9e76cc2f342f205273702969c84c9) C:\Windows\system32\DRIVERS\swmx00.sys19:16:46.0790 4432 swmx00 - ok19:16:46.0826 4432 SWNC5E00 (b053610bb36d9bd1bff7102727427600) C:\Windows\system32\DRIVERS\SWNC5E00.sys19:16:46.0830 4432 SWNC5E00 - ok19:16:46.0861 4432 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS19:16:46.0884 4432 SymDS - ok19:16:46.0931 4432 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS19:16:46.0942 4432 SymEFA - ok19:16:46.0990 4432 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS19:16:47.0005 4432 SymEvent - ok19:16:47.0050 4432 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS19:16:47.0052 4432 SymIRON - ok19:16:47.0084 4432 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS19:16:47.0087 4432 SymNetS - ok19:16:47.0147 4432 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys19:16:47.0217 4432 Tcpip - ok19:16:47.0271 4432 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys19:16:47.0281 4432 TCPIP6 - ok19:16:47.0326 4432 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys19:16:47.0347 4432 tcpipreg - ok19:16:47.0376 4432 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys19:16:47.0378 4432 TDPIPE - ok19:16:47.0390 4432 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys19:16:47.0392 4432 TDTCP - ok19:16:47.0433 4432 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys19:16:47.0435 4432 tdx - ok19:16:47.0461 4432 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys19:16:47.0482 4432 TermDD - ok19:16:47.0528 4432 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys19:16:47.0530 4432 tssecsrv - ok19:16:47.0543 4432 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys19:16:47.0546 4432 TsUsbFlt - ok19:16:47.0588 4432 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys19:16:47.0591 4432 tunnel - ok19:16:47.0619 4432 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys19:16:47.0621 4432 uagp35 - ok19:16:47.0654 4432 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys19:16:47.0658 4432 udfs - ok19:16:47.0694 4432 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys19:16:47.0696 4432 uliagpkx - ok19:16:47.0741 4432 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys19:16:47.0743 4432 umbus - ok19:16:47.0772 4432 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys19:16:47.0773 4432 UmPass - ok19:16:47.0807 4432 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys19:16:47.0809 4432 USBAAPL64 - ok19:16:47.0829 4432 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys19:16:47.0831 4432 usbccgp - ok19:16:47.0858 4432 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys19:16:47.0860 4432 usbcir - ok19:16:47.0884 4432 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys19:16:47.0899 4432 usbehci - ok19:16:47.0930 4432 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys19:16:47.0935 4432 usbhub - ok19:16:47.0968 4432 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys19:16:47.0970 4432 usbohci - ok19:16:48.0010 4432 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys19:16:48.0011 4432 usbprint - ok19:16:48.0022 4432 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS19:16:48.0024 4432 USBSTOR - ok19:16:48.0045 4432 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys19:16:48.0061 4432 usbuhci - ok19:16:48.0084 4432 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys19:16:48.0085 4432 vdrvroot - ok19:16:48.0133 4432 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys19:16:48.0147 4432 vga - ok19:16:48.0176 4432 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys19:16:48.0178 4432 VgaSave - ok19:16:48.0209 4432 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys19:16:48.0228 4432 vhdmp - ok19:16:48.0244 4432 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys19:16:48.0258 4432 viaide - ok19:16:48.0282 4432 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys19:16:48.0284 4432 volmgr - ok19:16:48.0314 4432 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys19:16:48.0318 4432 volmgrx - ok19:16:48.0342 4432 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys19:16:48.0347 4432 volsnap - ok19:16:48.0402 4432 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys19:16:48.0404 4432 vsmraid - ok19:16:48.0436 4432 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys19:16:48.0454 4432 vwifibus - ok19:16:48.0486 4432 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys19:16:48.0950 4432 vwififlt - ok19:16:48.0994 4432 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys19:16:48.0996 4432 WacomPen - ok19:16:49.0028 4432 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys19:16:49.0030 4432 WANARP - ok19:16:49.0033 4432 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys19:16:49.0034 4432 Wanarpv6 - ok19:16:49.0083 4432 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys19:16:49.0084 4432 Wd - ok19:16:49.0117 4432 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys19:16:49.0118 4432 WDC_SAM - ok19:16:49.0155 4432 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys19:16:49.0162 4432 Wdf01000 - ok19:16:49.0188 4432 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys19:16:49.0189 4432 WfpLwf - ok19:16:49.0215 4432 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys19:16:49.0217 4432 WIMMount - ok19:16:49.0287 4432 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys19:16:49.0289 4432 WinUsb - ok19:16:49.0317 4432 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys19:16:49.0317 4432 WmiAcpi - ok19:16:49.0357 4432 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys19:16:49.0358 4432 ws2ifsl - ok19:16:49.0393 4432 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys19:16:49.0396 4432 WudfPf - ok19:16:49.0421 4432 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys19:16:49.0442 4432 WUDFRd - ok19:16:49.0487 4432 MBR (0x1B8) (6c6fdff834aa5d876c307bee53974486) \Device\Harddisk0\DR019:16:49.0517 4432 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected19:16:49.0517 4432 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)19:16:49.0521 4432 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR519:16:49.0526 4432 \Device\Harddisk5\DR5 - ok19:16:49.0563 4432 Boot (0x1200) (4b93ad6997c122c2a34c53f68e8419fb) \Device\Harddisk0\DR0\Partition019:16:49.0563 4432 \Device\Harddisk0\DR0\Partition0 - ok19:16:49.0577 4432 Boot (0x1200) (8939e572536e073941c7a88b1b6d8b54) \Device\Harddisk0\DR0\Partition119:16:49.0578 4432 \Device\Harddisk0\DR0\Partition1 - ok19:16:49.0609 4432 Boot (0x1200) (cdd854cdc6a14df4eedd737d2154b3a5) \Device\Harddisk0\DR0\Partition219:16:49.0610 4432 \Device\Harddisk0\DR0\Partition2 - ok19:16:49.0613 4432 Boot (0x1200) (1c2876fb371e8c673e9c32fc6670b016) \Device\Harddisk5\DR5\Partition019:16:49.0614 4432 \Device\Harddisk5\DR5\Partition0 - ok19:16:49.0615 4432 ============================================================19:16:49.0615 4432 Scan finished19:16:49.0615 4432 ============================================================19:16:49.0629 5112 Detected object count: 119:16:49.0629 5112 Actual detected object count: 119:17:15.0080 5112 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user19:17:15.0080 5112 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: SkipaswMBR version 0.9.9.1532 Copyright© 2011 AVAST SoftwareRun date: 2012-02-01 19:21:26-----------------------------19:21:26.018 OS Version: Windows x64 6.1.7601 Service Pack 119:21:26.019 Number of processors: 4 586 0x40219:21:26.019 ComputerName: NES-PC UserName:19:21:37.227 Initialize success19:21:58.207 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006419:21:58.212 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 319:21:58.217 Device \Driver\nvstor64 -> MajorFunction fffffa80092635c419:21:58.219 Disk 0 MBR read successfully19:21:58.223 Disk 0 MBR scan19:21:58.225 Disk 0 unknown MBR code19:21:58.258 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 204819:21:58.301 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942735 MB offset 20684819:21:58.356 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11032 MB offset 193092812819:21:58.359 Service scanning19:22:06.880 Modules scanning19:22:06.883 Disk 0 trace - called modules:19:22:06.886 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80092635c4]<<19:22:06.889 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800739f060]19:22:07.218 3 CLASSPNP.SYS[fffff88001bbd43f] -> nt!IofCallDriver -> [0xfffffa80067c2e40]19:22:07.221 5 ACPI.sys[fffff88000efd7a1] -> nt!IofCallDriver -> \Device\00000064[0xfffffa80067ff240]19:22:07.225 \Driver\nvstor64[0xfffffa800817be70] -> IRP_MJ_CREATE -> 0xfffffa80092635c419:22:07.230 Scan finished successfully19:22:46.642 Disk 0 MBR has been saved successfully to "C:\Users\Nolan Scott\Desktop\MBR.dat"19:22:46.647 The log file has been saved successfully to "C:\Users\Nolan Scott\Desktop\aswMBR.txt"MBR (zipped).zip Link to post Share on other sites More sharing options...
Larusso Posted February 2, 2012 ID:522828 Share Posted February 2, 2012 Hy there,Execute TDSSKiller.exe and press Start Scan. Ensure Cure is selected ( it should be by default )Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed Click Continue then click Reboot now.Once complete, a log will be produced at the root drive which is typically C:\For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.Please post the contents of that log in your next reply.Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT- Save ComboFix.exe to your Desktop====================================================Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications====================================================Double click on combofix.exe & follow the prompts.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.Please post in your next replyTDSSKiller LogCombofix.txt Link to post Share on other sites More sharing options...
oxr52a Posted February 2, 2012 Author ID:523076 Share Posted February 2, 2012 18:09:06.0643 5480 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:4918:09:08.0608 5480 ============================================================18:09:08.0608 5480 Current date / time: 2012/02/02 18:09:08.060818:09:08.0608 5480 SystemInfo:18:09:08.0608 5480 18:09:08.0608 5480 OS Version: 6.1.7601 ServicePack: 1.018:09:08.0608 5480 Product type: Workstation18:09:08.0608 5480 ComputerName: NES-PC18:09:08.0608 5480 UserName: Nolan Scott18:09:08.0608 5480 Windows directory: C:\Windows18:09:08.0608 5480 System windows directory: C:\Windows18:09:08.0608 5480 Running under WOW6418:09:08.0608 5480 Processor architecture: Intel x6418:09:08.0608 5480 Number of processors: 418:09:08.0608 5480 Page size: 0x100018:09:08.0608 5480 Boot type: Normal boot18:09:08.0608 5480 ============================================================18:09:11.0292 5480 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004018:09:11.0307 5480 Drive \Device\Harddisk5\DR5 - Size: 0xE8B6F00000 (930.86 Gb), SectorSize: 0x200, Cylinders: 0x1DAAB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'18:09:11.0307 5480 \Device\Harddisk0\DR0:18:09:11.0307 5480 MBR used18:09:11.0307 5480 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3200018:09:11.0307 5480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7314780018:09:11.0307 5480 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7317A000, BlocksNum 0x158C00018:09:11.0307 5480 \Device\Harddisk5\DR5:18:09:11.0323 5480 MBR used18:09:11.0323 5480 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x745B700018:09:11.0557 5480 Initialize success18:09:11.0557 5480 ============================================================18:09:14.0240 5892 ============================================================18:09:14.0240 5892 Scan started18:09:14.0240 5892 Mode: Manual;18:09:14.0240 5892 ============================================================18:09:17.0552 5892 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys18:09:17.0552 5892 1394ohci - ok18:09:17.0602 5892 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys18:09:17.0602 5892 ACPI - ok18:09:17.0632 5892 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys18:09:17.0632 5892 AcpiPmi - ok18:09:17.0712 5892 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys18:09:17.0762 5892 adp94xx - ok18:09:17.0812 5892 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys18:09:17.0822 5892 adpahci - ok18:09:17.0852 5892 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys18:09:17.0852 5892 adpu320 - ok18:09:17.0962 5892 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys18:09:17.0972 5892 AFD - ok18:09:18.0002 5892 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys18:09:18.0012 5892 agp440 - ok18:09:18.0052 5892 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys18:09:18.0072 5892 aliide - ok18:09:18.0092 5892 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys18:09:18.0092 5892 amdide - ok18:09:18.0122 5892 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys18:09:18.0132 5892 AmdK8 - ok18:09:18.0162 5892 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys18:09:18.0162 5892 AmdPPM - ok18:09:18.0182 5892 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys18:09:18.0192 5892 amdsata - ok18:09:18.0222 5892 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys18:09:18.0252 5892 amdsbs - ok18:09:18.0272 5892 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys18:09:18.0282 5892 amdxata - ok18:09:18.0302 5892 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys18:09:18.0322 5892 AppID - ok18:09:18.0382 5892 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys18:09:18.0382 5892 arc - ok18:09:18.0402 5892 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys18:09:18.0412 5892 arcsas - ok18:09:18.0472 5892 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys18:09:18.0492 5892 AsyncMac - ok18:09:18.0528 5892 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys18:09:18.0543 5892 atapi - ok18:09:18.0715 5892 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys18:09:18.0746 5892 athr - ok18:09:18.0824 5892 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys18:09:18.0824 5892 b06bdrv - ok18:09:18.0855 5892 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys18:09:18.0855 5892 b57nd60a - ok18:09:18.0933 5892 bcm (d1ba00d7cb6c1fbf29dc8935d8525d22) C:\Windows\system32\DRIVERS\drxvi314_64.sys18:09:18.0964 5892 bcm - ok18:09:18.0996 5892 bcmbusctr (5ccd19e7fa04db87adf171fa702a4169) C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys18:09:19.0011 5892 bcmbusctr - ok18:09:19.0042 5892 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys18:09:19.0058 5892 Beep - ok18:09:19.0386 5892 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120121.002\BHDrvx64.sys18:09:19.0401 5892 BHDrvx64 - ok18:09:19.0635 5892 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys18:09:19.0651 5892 blbdrive - ok18:09:19.0682 5892 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys18:09:19.0698 5892 bowser - ok18:09:19.0744 5892 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys18:09:19.0744 5892 BrFiltLo - ok18:09:19.0760 5892 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys18:09:19.0760 5892 BrFiltUp - ok18:09:19.0791 5892 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys18:09:19.0791 5892 Brserid - ok18:09:19.0822 5892 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys18:09:19.0822 5892 BrSerWdm - ok18:09:19.0838 5892 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys18:09:19.0838 5892 BrUsbMdm - ok18:09:19.0854 5892 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys18:09:19.0854 5892 BrUsbSer - ok18:09:19.0885 5892 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys18:09:19.0885 5892 BTHMODEM - ok18:09:20.0056 5892 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys18:09:20.0056 5892 ccSet_NIS - ok18:09:20.0103 5892 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys18:09:20.0103 5892 cdfs - ok18:09:20.0150 5892 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys18:09:20.0166 5892 cdrom - ok18:09:20.0212 5892 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys18:09:20.0228 5892 circlass - ok18:09:20.0275 5892 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys18:09:20.0290 5892 CLFS - ok18:09:20.0353 5892 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys18:09:20.0353 5892 CmBatt - ok18:09:20.0384 5892 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys18:09:20.0400 5892 cmdide - ok18:09:20.0446 5892 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys18:09:20.0446 5892 CNG - ok18:09:20.0462 5892 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys18:09:20.0462 5892 Compbatt - ok18:09:20.0509 5892 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys18:09:20.0524 5892 CompositeBus - ok18:09:20.0571 5892 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys18:09:20.0587 5892 crcdisk - ok18:09:20.0649 5892 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys18:09:20.0649 5892 DfsC - ok18:09:20.0680 5892 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys18:09:20.0680 5892 discache - ok18:09:20.0712 5892 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys18:09:20.0712 5892 Disk - ok18:09:20.0758 5892 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys18:09:20.0758 5892 drmkaud - ok18:09:20.0852 5892 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys18:09:20.0868 5892 DXGKrnl - ok18:09:21.0507 5892 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys18:09:21.0570 5892 ebdrv - ok18:09:21.0648 5892 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys18:09:21.0679 5892 eeCtrl - ok18:09:21.0788 5892 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys18:09:21.0788 5892 elxstor - ok18:09:21.0850 5892 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys18:09:21.0850 5892 EraserUtilRebootDrv - ok18:09:21.0882 5892 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys18:09:21.0897 5892 ErrDev - ok18:09:21.0991 5892 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys18:09:21.0991 5892 exfat - ok18:09:22.0022 5892 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys18:09:22.0038 5892 fastfat - ok18:09:22.0100 5892 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys18:09:22.0100 5892 fdc - ok18:09:22.0131 5892 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys18:09:22.0131 5892 FileInfo - ok18:09:22.0147 5892 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys18:09:22.0147 5892 Filetrace - ok18:09:22.0178 5892 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys18:09:22.0178 5892 flpydisk - ok18:09:22.0240 5892 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys18:09:22.0256 5892 FltMgr - ok18:09:22.0287 5892 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys18:09:22.0287 5892 FsDepends - ok18:09:22.0318 5892 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys18:09:22.0334 5892 fssfltr - ok18:09:22.0365 5892 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys18:09:22.0365 5892 Fs_Rec - ok18:09:22.0412 5892 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys18:09:22.0412 5892 fvevol - ok18:09:22.0428 5892 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys18:09:22.0428 5892 gagp30kx - ok18:09:22.0506 5892 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys18:09:22.0506 5892 hcw85cir - ok18:09:22.0568 5892 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys18:09:22.0568 5892 HDAudBus - ok18:09:22.0599 5892 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys18:09:22.0599 5892 HidBatt - ok18:09:22.0646 5892 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys18:09:22.0646 5892 HidBth - ok18:09:22.0662 5892 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys18:09:22.0677 5892 HidIr - ok18:09:22.0693 5892 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys18:09:22.0708 5892 HidUsb - ok18:09:22.0802 5892 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys18:09:22.0818 5892 HpSAMD - ok18:09:22.0864 5892 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys18:09:22.0880 5892 HTTP - ok18:09:22.0911 5892 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys18:09:22.0911 5892 hwpolicy - ok18:09:22.0942 5892 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys18:09:22.0974 5892 i8042prt - ok18:09:23.0005 5892 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys18:09:23.0036 5892 iaStorV - ok18:09:23.0239 5892 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120131.002\IDSvia64.sys18:09:23.0254 5892 IDSVia64 - ok18:09:23.0286 5892 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys18:09:23.0301 5892 iirsp - ok18:09:23.0395 5892 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys18:09:23.0426 5892 IntcAzAudAddService - ok18:09:23.0535 5892 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys18:09:23.0551 5892 intelide - ok18:09:23.0582 5892 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys18:09:23.0598 5892 intelppm - ok18:09:23.0629 5892 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys18:09:23.0629 5892 IpFilterDriver - ok18:09:23.0707 5892 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys18:09:23.0722 5892 IPMIDRV - ok18:09:23.0785 5892 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys18:09:23.0816 5892 IPNAT - ok18:09:23.0863 5892 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys18:09:23.0863 5892 IRENUM - ok18:09:23.0894 5892 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys18:09:23.0910 5892 isapnp - ok18:09:24.0034 5892 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys18:09:24.0066 5892 iScsiPrt - ok18:09:24.0128 5892 ivusb (2f9f76349bb8c578873a58c840ba0589) C:\Windows\system32\DRIVERS\ivusb.sys18:09:24.0128 5892 ivusb - ok18:09:24.0190 5892 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys18:09:24.0206 5892 kbdclass - ok18:09:24.0237 5892 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys18:09:24.0284 5892 kbdhid - ok18:09:24.0315 5892 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys18:09:24.0331 5892 KSecDD - ok18:09:24.0362 5892 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys18:09:24.0378 5892 KSecPkg - ok18:09:24.0393 5892 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys18:09:24.0393 5892 ksthunk - ok18:09:24.0456 5892 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys18:09:24.0471 5892 lltdio - ok18:09:24.0518 5892 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys18:09:24.0518 5892 LSI_FC - ok18:09:24.0565 5892 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys18:09:24.0565 5892 LSI_SAS - ok18:09:24.0627 5892 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys18:09:24.0627 5892 LSI_SAS2 - ok18:09:24.0658 5892 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys18:09:24.0658 5892 LSI_SCSI - ok18:09:24.0690 5892 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys18:09:24.0705 5892 luafv - ok18:09:24.0783 5892 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys18:09:24.0799 5892 megasas - ok18:09:24.0830 5892 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys18:09:24.0830 5892 MegaSR - ok18:09:24.0861 5892 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys18:09:24.0861 5892 Modem - ok18:09:24.0892 5892 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys18:09:24.0892 5892 monitor - ok18:09:24.0908 5892 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys18:09:24.0924 5892 mouclass - ok18:09:24.0955 5892 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys18:09:24.0955 5892 mouhid - ok18:09:25.0002 5892 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys18:09:25.0033 5892 mountmgr - ok18:09:25.0064 5892 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys18:09:25.0095 5892 mpio - ok18:09:25.0111 5892 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys18:09:25.0111 5892 mpsdrv - ok18:09:25.0158 5892 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys18:09:25.0158 5892 MRxDAV - ok18:09:25.0204 5892 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys18:09:25.0236 5892 mrxsmb - ok18:09:25.0282 5892 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys18:09:25.0282 5892 mrxsmb10 - ok18:09:25.0345 5892 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys18:09:25.0360 5892 mrxsmb20 - ok18:09:25.0392 5892 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys18:09:25.0392 5892 msahci - ok18:09:25.0423 5892 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys18:09:25.0454 5892 msdsm - ok18:09:25.0485 5892 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys18:09:25.0485 5892 Msfs - ok18:09:25.0532 5892 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys18:09:25.0579 5892 mshidkmdf - ok18:09:25.0594 5892 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys18:09:25.0594 5892 msisadrv - ok18:09:25.0657 5892 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys18:09:25.0657 5892 MSKSSRV - ok18:09:25.0688 5892 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys18:09:25.0688 5892 MSPCLOCK - ok18:09:25.0704 5892 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys18:09:25.0704 5892 MSPQM - ok18:09:25.0766 5892 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys18:09:25.0766 5892 MsRPC - ok18:09:25.0797 5892 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys18:09:25.0797 5892 mssmbios - ok18:09:25.0813 5892 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys18:09:25.0813 5892 MSTEE - ok18:09:25.0844 5892 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys18:09:25.0844 5892 MTConfig - ok18:09:25.0875 5892 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys18:09:25.0875 5892 Mup - ok18:09:26.0016 5892 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys18:09:26.0016 5892 NativeWifiP - ok18:09:26.0468 5892 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120201.003\ENG64.SYS18:09:26.0468 5892 NAVENG - ok18:09:26.0796 5892 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120201.003\EX64.SYS18:09:26.0842 5892 NAVEX15 - ok18:09:27.0123 5892 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys18:09:27.0139 5892 NDIS - ok18:09:27.0170 5892 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys18:09:27.0186 5892 NdisCap - ok18:09:27.0217 5892 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys18:09:27.0217 5892 NdisTapi - ok18:09:27.0248 5892 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys18:09:27.0248 5892 Ndisuio - ok18:09:27.0279 5892 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys18:09:27.0279 5892 NdisWan - ok18:09:27.0295 5892 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys18:09:27.0295 5892 NDProxy - ok18:09:27.0310 5892 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys18:09:27.0310 5892 NetBIOS - ok18:09:27.0342 5892 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys18:09:27.0342 5892 NetBT - ok18:09:27.0388 5892 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys18:09:27.0388 5892 nfrd960 - ok18:09:27.0435 5892 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys18:09:27.0435 5892 Npfs - ok18:09:27.0435 5892 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys18:09:27.0435 5892 nsiproxy - ok18:09:27.0498 5892 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys18:09:27.0513 5892 Ntfs - ok18:09:27.0529 5892 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys18:09:27.0529 5892 Null - ok18:09:27.0825 5892 nvlddmkm (1cf597c9f0745735a6c5181ecb83706e) C:\Windows\system32\DRIVERS\nvlddmkm.sys18:09:27.0888 5892 nvlddmkm - ok18:09:27.0934 5892 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys18:09:27.0950 5892 NVNET - ok18:09:27.0997 5892 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys18:09:28.0012 5892 nvraid - ok18:09:28.0075 5892 nvsmu (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS\nvsmu.sys18:09:28.0075 5892 nvsmu - ok18:09:28.0090 5892 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys18:09:28.0122 5892 nvstor - ok18:09:28.0168 5892 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys18:09:28.0168 5892 nvstor64 - ok18:09:28.0200 5892 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys18:09:28.0215 5892 nv_agp - ok18:09:28.0278 5892 NWADI (f79633a8b7db75cb5fad53b02985a414) C:\Windows\system32\DRIVERS\NWADIenum.sys18:09:28.0293 5892 NWADI - ok18:09:28.0309 5892 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys18:09:28.0324 5892 ohci1394 - ok18:09:28.0418 5892 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys18:09:28.0418 5892 Parport - ok18:09:28.0465 5892 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys18:09:28.0465 5892 partmgr - ok18:09:28.0496 5892 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys18:09:28.0496 5892 pci - ok18:09:28.0512 5892 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys18:09:28.0512 5892 pciide - ok18:09:28.0527 5892 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys18:09:28.0527 5892 pcmcia - ok18:09:28.0558 5892 PCTINDIS5X64 - ok18:09:28.0590 5892 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys18:09:28.0590 5892 pcw - ok18:09:28.0933 5892 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys18:09:28.0948 5892 PEAUTH - ok18:09:29.0042 5892 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys18:09:29.0042 5892 PptpMiniport - ok18:09:29.0058 5892 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys18:09:29.0058 5892 Processor - ok18:09:29.0104 5892 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys18:09:29.0104 5892 Psched - ok18:09:29.0307 5892 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys18:09:29.0354 5892 ql2300 - ok18:09:29.0385 5892 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys18:09:29.0385 5892 ql40xx - ok18:09:29.0463 5892 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys18:09:29.0463 5892 QWAVEdrv - ok18:09:29.0479 5892 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys18:09:29.0479 5892 RasAcd - ok18:09:29.0510 5892 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys18:09:29.0526 5892 RasAgileVpn - ok18:09:29.0588 5892 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys18:09:29.0588 5892 Rasl2tp - ok18:09:29.0619 5892 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys18:09:29.0635 5892 RasPppoe - ok18:09:29.0666 5892 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys18:09:29.0666 5892 RasSstp - ok18:09:29.0682 5892 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys18:09:29.0697 5892 rdbss - ok18:09:29.0728 5892 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys18:09:29.0728 5892 rdpbus - ok18:09:29.0760 5892 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys18:09:29.0760 5892 RDPCDD - ok18:09:29.0775 5892 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys18:09:29.0775 5892 RDPENCDD - ok18:09:29.0806 5892 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys18:09:29.0806 5892 RDPREFMP - ok18:09:30.0072 5892 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys18:09:30.0072 5892 RDPWD - ok18:09:30.0181 5892 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys18:09:30.0212 5892 rdyboost - ok18:09:30.0274 5892 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys18:09:30.0290 5892 RimUsb - ok18:09:30.0337 5892 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys18:09:30.0352 5892 rspndr - ok18:09:30.0399 5892 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys18:09:30.0415 5892 sbp2port - ok18:09:30.0462 5892 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys18:09:30.0493 5892 scfilter - ok18:09:30.0524 5892 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys18:09:30.0540 5892 secdrv - ok18:09:30.0586 5892 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys18:09:30.0586 5892 Serenum - ok18:09:30.0618 5892 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys18:09:30.0618 5892 Serial - ok18:09:30.0649 5892 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys18:09:30.0664 5892 sermouse - ok18:09:30.0696 5892 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys18:09:30.0711 5892 sffdisk - ok18:09:30.0742 5892 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys18:09:30.0758 5892 sffp_mmc - ok18:09:30.0789 5892 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys18:09:30.0820 5892 sffp_sd - ok18:09:30.0836 5892 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys18:09:30.0836 5892 sfloppy - ok18:09:30.0898 5892 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys18:09:30.0898 5892 SiSRaid2 - ok18:09:30.0930 5892 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys18:09:30.0930 5892 SiSRaid4 - ok18:09:30.0976 5892 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys18:09:30.0976 5892 Smb - ok18:09:31.0023 5892 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys18:09:31.0023 5892 spldr - ok18:09:31.0444 5892 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS18:09:31.0460 5892 SRTSP - ok18:09:31.0741 5892 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS18:09:31.0741 5892 SRTSPX - ok18:09:31.0788 5892 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys18:09:31.0788 5892 srv - ok18:09:31.0850 5892 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys18:09:31.0866 5892 srv2 - ok18:09:31.0897 5892 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys18:09:31.0912 5892 srvnet - ok18:09:31.0975 5892 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys18:09:31.0975 5892 stexstor - ok18:09:32.0022 5892 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys18:09:32.0037 5892 swenum - ok18:09:32.0084 5892 swmx00 (a8e9e76cc2f342f205273702969c84c9) C:\Windows\system32\DRIVERS\swmx00.sys18:09:32.0115 5892 swmx00 - ok18:09:32.0162 5892 SWNC5E00 (b053610bb36d9bd1bff7102727427600) C:\Windows\system32\DRIVERS\SWNC5E00.sys18:09:32.0162 5892 SWNC5E00 - ok18:09:32.0412 5892 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS18:09:32.0443 5892 SymDS - ok18:09:32.0521 5892 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS18:09:32.0552 5892 SymEFA - ok18:09:32.0599 5892 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS18:09:32.0614 5892 SymEvent - ok18:09:32.0630 5892 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS18:09:32.0630 5892 SymIRON - ok18:09:32.0677 5892 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS18:09:32.0677 5892 SymNetS - ok18:09:32.0786 5892 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys18:09:32.0880 5892 Tcpip - ok18:09:32.0911 5892 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys18:09:32.0926 5892 TCPIP6 - ok18:09:32.0973 5892 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys18:09:33.0004 5892 tcpipreg - ok18:09:33.0036 5892 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys18:09:33.0036 5892 TDPIPE - ok18:09:33.0051 5892 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys18:09:33.0051 5892 TDTCP - ok18:09:33.0098 5892 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys18:09:33.0098 5892 tdx - ok18:09:33.0160 5892 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys18:09:33.0176 5892 TermDD - ok18:09:33.0270 5892 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys18:09:33.0270 5892 tssecsrv - ok18:09:33.0316 5892 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys18:09:33.0316 5892 TsUsbFlt - ok18:09:33.0363 5892 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys18:09:33.0363 5892 tunnel - ok18:09:33.0410 5892 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys18:09:33.0426 5892 uagp35 - ok18:09:33.0472 5892 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys18:09:33.0488 5892 udfs - ok18:09:33.0519 5892 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys18:09:33.0535 5892 uliagpkx - ok18:09:33.0597 5892 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys18:09:33.0613 5892 umbus - ok18:09:33.0660 5892 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys18:09:33.0660 5892 UmPass - ok18:09:33.0706 5892 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys18:09:33.0706 5892 USBAAPL64 - ok18:09:33.0738 5892 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys18:09:33.0753 5892 usbccgp - ok18:09:33.0800 5892 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys18:09:33.0800 5892 usbcir - ok18:09:33.0816 5892 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys18:09:33.0816 5892 usbehci - ok18:09:33.0831 5892 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys18:09:33.0862 5892 usbhub - ok18:09:33.0878 5892 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys18:09:33.0878 5892 usbohci - ok18:09:33.0925 5892 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys18:09:33.0925 5892 usbprint - ok18:09:33.0940 5892 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS18:09:33.0940 5892 USBSTOR - ok18:09:33.0956 5892 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys18:09:33.0987 5892 usbuhci - ok18:09:34.0003 5892 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys18:09:34.0018 5892 vdrvroot - ok18:09:34.0050 5892 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys18:09:34.0065 5892 vga - ok18:09:34.0096 5892 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys18:09:34.0096 5892 VgaSave - ok18:09:34.0112 5892 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys18:09:34.0143 5892 vhdmp - ok18:09:34.0159 5892 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys18:09:34.0174 5892 viaide - ok18:09:34.0206 5892 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys18:09:34.0206 5892 volmgr - ok18:09:34.0237 5892 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys18:09:34.0252 5892 volmgrx - ok18:09:34.0377 5892 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys18:09:34.0377 5892 volsnap - ok18:09:34.0440 5892 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys18:09:34.0471 5892 vsmraid - ok18:09:34.0502 5892 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys18:09:34.0502 5892 vwifibus - ok18:09:34.0533 5892 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys18:09:34.0533 5892 vwififlt - ok18:09:34.0564 5892 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys18:09:34.0564 5892 WacomPen - ok18:09:34.0611 5892 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys18:09:34.0611 5892 WANARP - ok18:09:34.0642 5892 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys18:09:34.0642 5892 Wanarpv6 - ok18:09:34.0705 5892 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys18:09:34.0705 5892 Wd - ok18:09:34.0752 5892 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys18:09:34.0767 5892 WDC_SAM - ok18:09:34.0939 5892 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys18:09:34.0954 5892 Wdf01000 - ok18:09:35.0032 5892 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys18:09:35.0032 5892 WfpLwf - ok18:09:35.0064 5892 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys18:09:35.0064 5892 WIMMount - ok18:09:35.0142 5892 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys18:09:35.0157 5892 WinUsb - ok18:09:35.0204 5892 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys18:09:35.0204 5892 WmiAcpi - ok18:09:35.0266 5892 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys18:09:35.0266 5892 ws2ifsl - ok18:09:35.0298 5892 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys18:09:35.0298 5892 WudfPf - ok18:09:35.0376 5892 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys18:09:35.0391 5892 WUDFRd - ok18:09:35.0500 5892 MBR (0x1B8) (6c6fdff834aa5d876c307bee53974486) \Device\Harddisk0\DR018:09:35.0547 5892 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected18:09:35.0547 5892 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)18:09:35.0563 5892 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR518:09:35.0563 5892 \Device\Harddisk5\DR5 - ok18:09:35.0610 5892 Boot (0x1200) (4b93ad6997c122c2a34c53f68e8419fb) \Device\Harddisk0\DR0\Partition018:09:35.0656 5892 \Device\Harddisk0\DR0\Partition0 - ok18:09:35.0703 5892 Boot (0x1200) (8939e572536e073941c7a88b1b6d8b54) \Device\Harddisk0\DR0\Partition118:09:35.0703 5892 \Device\Harddisk0\DR0\Partition1 - ok18:09:35.0766 5892 Boot (0x1200) (cdd854cdc6a14df4eedd737d2154b3a5) \Device\Harddisk0\DR0\Partition218:09:35.0766 5892 \Device\Harddisk0\DR0\Partition2 - ok18:09:35.0766 5892 Boot (0x1200) (1c2876fb371e8c673e9c32fc6670b016) \Device\Harddisk5\DR5\Partition018:09:35.0766 5892 \Device\Harddisk5\DR5\Partition0 - ok18:09:35.0781 5892 ============================================================18:09:35.0781 5892 Scan finished18:09:35.0781 5892 ============================================================18:09:35.0797 5864 Detected object count: 118:09:35.0797 5864 Actual detected object count: 118:09:47.0292 5864 \Device\Harddisk0\DR0\# - copied to quarantine18:09:47.0292 5864 \Device\Harddisk0\DR0 - copied to quarantine18:09:47.0697 5864 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine18:09:47.0713 5864 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine18:09:47.0728 5864 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine18:09:47.0744 5864 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine18:09:47.0791 5864 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine18:09:47.0791 5864 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine18:09:47.0838 5864 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine18:09:47.0838 5864 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine18:09:47.0853 5864 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine18:09:47.0869 5864 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine18:09:47.0978 5864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot18:09:47.0978 5864 \Device\Harddisk0\DR0 - ok18:09:47.0978 5864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure18:10:01.0722 3848 Deinitialize successComboFix 12-02-02.02 - Nolan Scott 02/02/2012 18:22:45.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.6450 [GMT -5:00]Running from: c:\users\Nolan Scott\Desktop\ComboFix.exeAV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\Incredibar.comc:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dllc:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibar.crxc:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarApp.dllc:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarEng.dllc:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarsrv.exec:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dllc:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\uninstall.exec:\windows\svchost.exe..((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))..2012-02-02 23:27 . 2012-02-02 23:27 -------- d-----w- c:\users\Default\AppData\Local\temp2012-02-02 23:09 . 2012-02-02 23:09 -------- d-----w- C:\TDSSKiller_Quarantine2012-02-01 00:22 . 2012-02-01 00:22 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}2012-01-29 18:17 . 2012-01-29 18:17 -------- d-----w- c:\users\Nolan Scott\AppData\Roaming\AppClient2012-01-29 18:17 . 2012-01-31 03:12 -------- d-----w- c:\users\Nolan Scott\AppData\Local\Deployment2012-01-29 18:17 . 2012-01-29 18:17 -------- d-----w- c:\users\Nolan Scott\AppData\Local\Apps2012-01-28 20:06 . 2012-01-28 20:06 -------- d-----w- c:\windows\Sun2012-01-28 13:41 . 2012-01-28 19:49 -------- d-----w- c:\windows\system32\drivers\NISx64\1305000.0912012-01-27 01:11 . 2012-01-27 01:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\4BB0.tmp2012-01-27 01:11 . 2012-01-27 01:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\4BAF.tmp2012-01-14 03:31 . 2012-01-14 03:31 -------- d-----w- c:\program files (x86)\ADLSoft UnCompressor2012-01-14 03:30 . 2012-01-14 03:30 451 ----a-w- C:\user.js2012-01-12 00:44 . 2012-01-12 00:44 -------- d-----w- c:\windows\system32\ms-MY2012-01-12 00:28 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll2012-01-12 00:28 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll2012-01-12 00:28 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll2012-01-12 00:28 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll2012-01-12 00:28 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll2012-01-12 00:28 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll2012-01-12 00:27 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll2012-01-12 00:27 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\ko-KR2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\ms-MY2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\id-ID2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\sv-SE2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\nb-NO2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\hu-HU2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\fi-FI2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\el-GR2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\da-DK2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\cs-CZ2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\zh-TW2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\ru-RU2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\pl-PL2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\zh-CN2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-BR2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES2012-01-05 23:34 . 2012-01-05 23:51 -------- d-----w- c:\users\Nolan Scott\AppData\Local\NPE2012-01-05 01:37 . 2012-01-05 01:37 -------- d-----w- c:\users\Nolan Scott\AppData\Roaming\Tific...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-01-28 13:41 . 2010-03-10 16:07 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS2011-12-10 20:24 . 2010-03-10 16:23 23152 ----a-w- c:\windows\system32\drivers\mbam.sys2011-12-10 14:48 . 2011-05-27 00:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-11-24 04:52 . 2011-12-19 00:22 3145216 ----a-w- c:\windows\system32\win32k.sys2011-11-21 11:40 . 2012-01-03 11:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{992FA99F-1C48-4FAB-81EB-F8EDD821CD34}\mpengine.dll2011-11-15 19:29 . 2010-07-24 15:24 270720 ------w- c:\windows\system32\MpSigStub.exe2011-11-05 05:32 . 2011-12-19 00:22 2048 ----a-w- c:\windows\system32\tzres.dll2011-11-05 04:26 . 2011-12-19 00:22 2048 ----a-w- c:\windows\SysWow64\tzres.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-13 39408]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2111296]WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 136176]R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [x]R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [x]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 136176]R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [x]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [x]S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2011-12-01 1157240]S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [x]S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120131.002\IDSvia64.sys [2011-12-15 488568]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [x]S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [x]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-30 138248]S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.Contents of the 'Scheduled Tasks' folder.2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 00:22].2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 00:22].2012-02-02 c:\windows\Tasks\HPCeeScheduleForNolan Scott.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22].2011-09-30 c:\windows\Tasks\PCDRScheduledMaintenance.job- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Supplementary Scan -------.uStart Page = hxxp://www.att.net/uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{6461BF92-C357-4EE9-807F-6745DE002A8D}: NameServer = 66.1.32.132 66.1.32.133FF - ProfilePath - c:\users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb110?a=6OypJgPEHA&i=26FF - prefs.js: browser.search.selectedEngine - MyStart SearchFF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb110/?loc=IB_DS&a=6OypJgPEHA&&i=26&search=FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.comFF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbarFF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}FF - user.js: extensions.incredibar_i.newTab - falseFF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OypJgPEHA&loc=IB_TB&i=26&search=FF - user.js: extensions.incredibar_i.id - 503328c6000000000000002682577d0fFF - user.js: extensions.incredibar_i.hardId - 503328c6000000000000002682577d0fFF - user.js: extensions.incredibar_i.instlDay - 15353FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2722:30FF - user.js: extensions.incredibar_i.prtnrId - IncredibarFF - user.js: extensions.incredibar_i.prdct - incredibarFF - user.js: extensions.incredibar_i.aflt - orgnlFF - user.js: extensions.incredibar_i.smplGrp - noneFF - user.js: extensions.incredibar_i.tlbrId - baseFF - user.js: extensions.incredibar_i.instlRef -FF - user.js: extensions.incredibar_i.dfltLng -FF - user.js: extensions.incredibar_i.excTlbr - falseFF - user.js: extensions.incredibar_i.ms_url_id -FF - user.js: extensions.incredibar_i.upn2 - 6OypJgPEHAFF - user.js: extensions.incredibar_i.upn2n - 92260720934036790FF - user.js: extensions.incredibar_i.productid - 26FF - user.js: extensions.incredibar_i.installerproductid - 26FF - user.js: extensions.incredibar_i.did - 10556FF - user.js: extensions.incredibar_i.ppd - 1000.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dllToolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dllShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\uninstall.exeAddRemove-My HP Game Console - c:\program files (x86)\HP Games\HP Game Console\Uninstall.exeAddRemove-SShockDeinstallKey - c:\sshock2\SShocku.logAddRemove-WildTangent hp Master Uninstall - c:\program files (x86)\HP Games\Uninstall.exeAddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exeAddRemove-WildTangentGameProvider-hp-main - c:\program files (x86)\HP Games\Game Explorer Categories - main\Uninstall.exeAddRemove-WT065221 - c:\program files (x86)\HP Games\Family Feud 3\Uninstall.exeAddRemove-WT065223 - c:\program files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exeAddRemove-WT065225 - c:\program files (x86)\HP Games\Blasterball 2 Revolution\Uninstall.exeAddRemove-WT065227 - c:\program files (x86)\HP Games\Bob the Builder Can-Do-Zoo\Uninstall.exeAddRemove-WT065277 - c:\program files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exeAddRemove-WT065290 - c:\program files (x86)\HP Games\Mah Jong Medley\Uninstall.exeAddRemove-WT065293 - c:\program files (x86)\HP Games\Mystery P.I. - The New York Fortune\Uninstall.exeAddRemove-WT065294 - c:\program files (x86)\HP Games\Penguins!\Uninstall.exeAddRemove-WT065295 - c:\program files (x86)\HP Games\Polar Bowler\Uninstall.exeAddRemove-WT065296 - c:\program files (x86)\HP Games\Polar Golfer\Uninstall.exeAddRemove-WT065299 - c:\program files (x86)\HP Games\Totem Tribe\Uninstall.exeAddRemove-WT065301 - c:\program files (x86)\HP Games\Scrabble\Uninstall.exeAddRemove-WT065305 - c:\program files (x86)\HP Games\Virtual Villagers - The Secret City\Uninstall.exeAddRemove-WT065306 - c:\program files (x86)\HP Games\Wheel of Fortune 2\Uninstall.exeAddRemove-WT065308 - c:\program files (x86)\HP Games\Dora's Carnival Adventure\Uninstall.exeAddRemove-WT065414 - c:\program files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exeAddRemove-WT065426 - c:\program files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exeAddRemove-WT065459 - c:\program files (x86)\HP Games\Zuma Deluxe\Uninstall.exeAddRemove-WT074389 - c:\program files (x86)\HP Games\Diner Dash\Uninstall.exeAddRemove-WT074421 - c:\program files (x86)\HP Games\FATE\Uninstall.exeAddRemove-WT074427 - c:\program files (x86)\HP Games\Monopoly\Uninstall.exeAddRemove-WT074428 - c:\program files (x86)\HP Games\Peggle Nights\Uninstall.exeAddRemove-WT074433 - c:\program files (x86)\HP Games\Plants vs. Zombies\Uninstall.exeAddRemove-WT074434 - c:\program files (x86)\HP Games\Poker Superstars III\Uninstall.exeAddRemove-WT074441 - c:\program files (x86)\HP Games\THE GAME OF LIFE\Uninstall.exeAddRemove-WT074442 - c:\program files (x86)\HP Games\Virtual Families\Uninstall.exeAddRemove-WT074585 - c:\program files (x86)\HP Games\Yahtzee\Uninstall.exeAddRemove-Yahoo! Toolbar - c:\progra~2\Yahoo!\Common\UNYT_W~1.EXEAddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\LightScribe\LSSrvc.exec:\program files (x86)\Cyberlink\Shared files\RichVideo.exe.**************************************************************************.Completion time: 2012-02-02 18:34:08 - machine was rebootedComboFix-quarantined-files.txt 2012-02-02 23:34.Pre-Run: 804,295,196,672 bytes freePost-Run: 804,125,655,040 bytes free.- - End Of File - - C90B344505DB8F78D654FA3CB80FB54C Link to post Share on other sites More sharing options...
Larusso Posted February 3, 2012 ID:523189 Share Posted February 3, 2012 Open notepad and copy/paste the text in the Code-box below into it:FireFox::FF - ProfilePath - c:\users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\FF - prefs.js: browser.search.selectedEngine - MyStart SearchFF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb110/?loc=IB_DS&a=6OypJgPEHA&&i=26&search=FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.comFF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbarFF - user.js: extensions.incredibar_i.newTab - falseFF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OypJgPEHA&loc=IB_TB&i=26&search=FF - user.js: extensions.incredibar_i.id - 503328c6000000000000002682577d0fFF - user.js: extensions.incredibar_i.hardId - 503328c6000000000000002682577d0fFF - user.js: extensions.incredibar_i.instlDay - 15353FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2722:30FF - user.js: extensions.incredibar_i.prtnrId - IncredibarFF - user.js: extensions.incredibar_i.prdct - incredibarFF - user.js: extensions.incredibar_i.aflt - orgnlFF - user.js: extensions.incredibar_i.smplGrp - noneFF - user.js: extensions.incredibar_i.tlbrId - baseFF - user.js: extensions.incredibar_i.instlRef -FF - user.js: extensions.incredibar_i.dfltLng -FF - user.js: extensions.incredibar_i.excTlbr - falseFF - user.js: extensions.incredibar_i.ms_url_id -FF - user.js: extensions.incredibar_i.upn2 - 6OypJgPEHAFF - user.js: extensions.incredibar_i.upn2n - 92260720934036790FF - user.js: extensions.incredibar_i.productid - 26FF - user.js: extensions.incredibar_i.installerproductid - 26FF - user.js: extensions.incredibar_i.did - 10556FF - user.js: extensions.incredibar_i.ppd - 1000ClearJavaCache:: Save this as CFScript.txt, in the same location as ComboFix.exe. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Refering to the picture above, drag CFScript into ComboFix.exe.When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform Quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Save it to your desktop.Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.Please post in your next replyCombofix.txtMBAM LogLet me know how your system behaves now Link to post Share on other sites More sharing options...
oxr52a Posted February 3, 2012 Author ID:523448 Share Posted February 3, 2012 The computer is functioning normally. Malwarebytes returned no threats.ComboFix 12-02-02.02 - Nolan Scott 02/03/2012 17:22:31.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.6470 [GMT -5:00]Running from: c:\users\Nolan Scott\Desktop\ComboFix.exeCommand switches used :: c:\users\Nolan Scott\Desktop\CFScript.txtAV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))..2012-02-03 22:27 . 2012-02-03 22:27 -------- d-----w- c:\users\Default\AppData\Local\temp2012-02-02 23:09 . 2012-02-02 23:09 -------- d-----w- C:\TDSSKiller_Quarantine2012-02-01 00:22 . 2012-02-01 00:22 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}2012-01-29 18:17 . 2012-01-29 18:17 -------- d-----w- c:\users\Nolan Scott\AppData\Roaming\AppClient2012-01-29 18:17 . 2012-01-31 03:12 -------- d-----w- c:\users\Nolan Scott\AppData\Local\Deployment2012-01-29 18:17 . 2012-01-29 18:17 -------- d-----w- c:\users\Nolan Scott\AppData\Local\Apps2012-01-28 20:06 . 2012-01-28 20:06 -------- d-----w- c:\windows\Sun2012-01-28 13:41 . 2012-01-28 19:49 -------- d-----w- c:\windows\system32\drivers\NISx64\1305000.0912012-01-27 01:11 . 2012-01-27 01:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\4BB0.tmp2012-01-27 01:11 . 2012-01-27 01:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\4BAF.tmp2012-01-14 03:31 . 2012-01-14 03:31 -------- d-----w- c:\program files (x86)\ADLSoft UnCompressor2012-01-14 03:30 . 2012-01-14 03:30 451 ----a-w- C:\user.js2012-01-12 00:44 . 2012-01-12 00:44 -------- d-----w- c:\windows\system32\ms-MY2012-01-12 00:28 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll2012-01-12 00:28 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll2012-01-12 00:28 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll2012-01-12 00:28 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll2012-01-12 00:28 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll2012-01-12 00:28 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll2012-01-12 00:27 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll2012-01-12 00:27 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\ko-KR2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\ms-MY2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\id-ID2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\sv-SE2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\nb-NO2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\hu-HU2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\fi-FI2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\el-GR2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\da-DK2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\cs-CZ2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\zh-TW2012-01-10 00:53 . 2012-01-10 00:53 -------- d-----w- c:\windows\system32\drivers\UMDF\ru-RU2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\pl-PL2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\zh-CN2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-BR2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES2012-01-05 23:34 . 2012-01-05 23:51 -------- d-----w- c:\users\Nolan Scott\AppData\Local\NPE2012-01-05 01:37 . 2012-01-05 01:37 -------- d-----w- c:\users\Nolan Scott\AppData\Roaming\Tific...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-01-28 13:41 . 2010-03-10 16:07 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS2011-12-10 20:24 . 2010-03-10 16:23 23152 ----a-w- c:\windows\system32\drivers\mbam.sys2011-12-10 14:48 . 2011-05-27 00:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-11-24 04:52 . 2011-12-19 00:22 3145216 ----a-w- c:\windows\system32\win32k.sys2011-11-21 11:40 . 2012-01-03 11:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{992FA99F-1C48-4FAB-81EB-F8EDD821CD34}\mpengine.dll2011-11-15 19:29 . 2010-07-24 15:24 270720 ------w- c:\windows\system32\MpSigStub.exe..((((((((((((((((((((((((((((( SnapShot@2012-02-02_23.29.23 ))))))))))))))))))))))))))))))))))))))))).+ 2009-12-02 03:13 . 2012-02-03 22:14 61524 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin+ 2009-07-14 05:10 . 2012-02-03 22:14 31990 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2010-03-10 15:57 . 2012-02-03 22:14 21564 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-691728720-1317653375-3200975859-1001_UserData.bin+ 2010-03-10 15:50 . 2012-02-02 23:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-03-10 15:50 . 2012-01-31 02:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-03-10 15:50 . 2012-01-31 02:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2010-03-10 15:50 . 2012-02-02 23:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2009-07-14 04:54 . 2012-02-02 23:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2009-07-14 04:54 . 2012-01-31 02:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2012-02-02 23:28 . 2012-02-02 23:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-02-03 22:27 . 2012-02-03 22:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat- 2012-02-02 23:28 . 2012-02-02 23:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2012-02-03 22:27 . 2012-02-03 22:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2009-07-14 04:54 . 2012-02-03 01:38 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-07-14 04:54 . 2012-02-02 23:01 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2010-03-11 07:06 . 2012-02-03 11:24 320458 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin- 2009-07-14 05:01 . 2012-02-02 23:27 321104 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2009-07-14 05:01 . 2012-02-03 22:27 321104 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat- 2009-07-14 04:54 . 2012-02-02 23:01 6176768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2009-07-14 04:54 . 2012-02-03 01:38 6176768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2010-03-10 18:42 . 2012-02-03 22:27 9831655 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-691728720-1317653375-3200975859-1001-8192.dat- 2010-03-10 18:42 . 2012-02-02 23:27 9831655 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-691728720-1317653375-3200975859-1001-8192.dat- 2009-07-14 04:54 . 2012-02-02 23:01 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 04:54 . 2012-02-03 01:38 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2010-11-05 13:53 . 2012-02-03 22:27 62744064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-691728720-1317653375-3200975859-1001-4096.dat- 2010-11-05 13:53 . 2012-02-02 23:28 62744064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-691728720-1317653375-3200975859-1001-4096.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}]c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll [bU].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{F9639E4A-801B-4843-AEE3-03D9DA199E77}"= "c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll" [bU].[HKEY_CLASSES_ROOT\clsid\{f9639e4a-801b-4843-aee3-03d9da199e77}][HKEY_CLASSES_ROOT\Incredibar.dskBnd.1][HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}][HKEY_CLASSES_ROOT\Incredibar.dskBnd].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-13 39408]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2111296]WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 136176]R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [x]R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [x]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 136176]R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [x]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [x]S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2011-12-01 1157240]S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [x]S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120202.002\IDSvia64.sys [2011-12-15 488568]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [x]S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [x]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-30 138248]S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]..Contents of the 'Scheduled Tasks' folder.2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 00:22].2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 00:22].2012-02-02 c:\windows\Tasks\HPCeeScheduleForNolan Scott.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22].2011-09-30 c:\windows\Tasks\PCDRScheduledMaintenance.job- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552].------- Supplementary Scan -------.uStart Page = hxxp://www.att.net/uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{6461BF92-C357-4EE9-807F-6745DE002A8D}: NameServer = 66.1.32.132 66.1.32.133FF - ProfilePath - c:\users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb110?a=6OypJgPEHA&i=26FF - prefs.js: browser.search.selectedEngine - MyStart SearchFF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb110/?loc=IB_DS&a=6OypJgPEHA&&i=26&search=FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.comFF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbarFF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}FF - user.js: extensions.incredibar_i.newTab - falseFF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OypJgPEHA&loc=IB_TB&i=26&search=FF - user.js: extensions.incredibar_i.id - 503328c6000000000000002682577d0fFF - user.js: extensions.incredibar_i.hardId - 503328c6000000000000002682577d0fFF - user.js: extensions.incredibar_i.instlDay - 15353FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2722:30FF - user.js: extensions.incredibar_i.prtnrId - IncredibarFF - user.js: extensions.incredibar_i.prdct - incredibarFF - user.js: extensions.incredibar_i.aflt - orgnlFF - user.js: extensions.incredibar_i.smplGrp - noneFF - user.js: extensions.incredibar_i.tlbrId - baseFF - user.js: extensions.incredibar_i.instlRef -FF - user.js: extensions.incredibar_i.dfltLng -FF - user.js: extensions.incredibar_i.excTlbr - falseFF - user.js: extensions.incredibar_i.ms_url_id -FF - user.js: extensions.incredibar_i.upn2 - 6OypJgPEHAFF - user.js: extensions.incredibar_i.upn2n - 92260720934036790FF - user.js: extensions.incredibar_i.productid - 26FF - user.js: extensions.incredibar_i.installerproductid - 26FF - user.js: extensions.incredibar_i.did - 10556FF - user.js: extensions.incredibar_i.ppd - 1000.- - - - ORPHANS REMOVED - - - -.ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\LightScribe\LSSrvc.exec:\program files (x86)\Cyberlink\Shared files\RichVideo.exec:\program files (x86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\cltLMH.exe.**************************************************************************.Completion time: 2012-02-03 17:33:04 - machine was rebootedComboFix-quarantined-files.txt 2012-02-03 22:33ComboFix2.txt 2012-02-02 23:34.Pre-Run: 804,805,869,568 bytes freePost-Run: 804,727,578,624 bytes free.- - End Of File - - CCEB125C9444138C6CEE452C4916D3C1Malwarebytes Anti-Malware 1.60.1.1000www.malwarebytes.orgDatabase version: v2012.02.03.10Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Nolan Scott :: NES-PC [administrator]2/3/2012 5:45:46 PMmbam-log-2012-02-03 (17-45-46).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 182969Time elapsed: 4 minute(s), 9 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Larusso Posted February 4, 2012 ID:523525 Share Posted February 4, 2012 Hy there,Glad to hear your system is better now. Something add the removed Incredibar Toolbar back. So let me look a little bit closer over this.Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):Incredibar Toolbar on IE and ChromeDownload OTL to your Desktop. Double click on the icon to run it. Under the box paste this inactivexnetsvcsmsconfig%SYSTEMDRIVE%\*.%PROGRAMFILES%\*.exe%LOCALAPPDATA%\*.exe%systemroot%\*. /mp /s%systemroot%\system32\*.manifest /3/md5startexplorer.exeregedit.exewinlogon.exewininit.exeuserinit.exe/md5stopHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rsHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rsCREATERESTOREPOINTMake sure all other windows are closed to let it run uninterrupted. Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please post both logfiles in your next reply.Please post in your next replyOTL.txtExtras.txt Link to post Share on other sites More sharing options...
oxr52a Posted February 4, 2012 Author ID:523584 Share Posted February 4, 2012 Incredibar Toolbar on IE and Chrome is in Add/Remove programs. When I try uninstall it, I get this message:"An error occurred while trying to uninstall Incredibar Toolbar on IE and Chrome. It may have already been uninstalled. Would you like to remove Incredibar Toolbar on IE and Chrome from the Programs and Features list?"Here are the text files:OTL logfile created on: 2/4/2012 8:44:29 AM - Run 2OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nolan Scott\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy7.75 Gb Total Physical Memory | 5.76 Gb Available Physical Memory | 74.34% Memory free15.50 Gb Paging File | 13.61 Gb Available in Paging File | 87.80% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 920.64 Gb Total Space | 751.37 Gb Free Space | 81.61% Space Free | Partition Type: NTFSDrive D: | 10.77 Gb Total Space | 1.57 Gb Free Space | 14.58% Space Free | Partition Type: NTFSDrive E: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDFDrive K: | 930.86 Gb Total Space | 684.31 Gb Free Space | 73.51% Space Free | Partition Type: NTFSComputer Name: NES-PC | User Name: Nolan Scott | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/02/04 08:34:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exePRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exePRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exePRC - [2010/09/03 01:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exePRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe========== Modules (No Company Name) ==================== Win32 Services (SafeList) ==========SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)SRV:64bit: - [2011/08/01 10:12:52 | 001,338,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)SRV:64bit: - [2011/08/01 10:12:50 | 001,978,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)SRV:64bit: - [2011/08/01 10:12:46 | 000,317,328 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/01/28 08:41:49 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)DRV:64bit: - [2011/11/23 21:23:47 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symefa64.sys -- (SymEFA)DRV:64bit: - [2011/11/23 20:50:27 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.sys -- (SRTSP)DRV:64bit: - [2011/11/23 20:50:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)DRV:64bit: - [2011/11/16 22:37:59 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symnets.sys -- (SymNetS)DRV:64bit: - [2011/11/16 22:17:49 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ironx64.sys -- (SymIRON)DRV:64bit: - [2011/11/04 18:59:30 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.sys -- (ccSet_NIS)DRV:64bit: - [2011/07/25 21:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symds64.sys -- (SymDS)DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)DRV:64bit: - [2010/05/16 20:09:42 | 000,285,696 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)DRV:64bit: - [2010/05/16 20:09:42 | 000,211,328 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)DRV:64bit: - [2010/05/16 20:09:26 | 000,255,488 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)DRV:64bit: - [2010/03/26 19:08:34 | 000,359,040 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)DRV:64bit: - [2010/03/26 19:04:34 | 000,062,976 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)DRV:64bit: - [2010/03/10 15:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)DRV:64bit: - [2009/07/30 12:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/06/05 10:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)DRV - [2012/02/04 08:30:55 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120203.036\ex64.sys -- (NAVEX15)DRV - [2012/02/04 08:30:55 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120203.036\eng64.sys -- (NAVENG)DRV - [2012/02/03 22:02:31 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)DRV - [2012/02/03 22:02:31 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)DRV - [2011/12/15 18:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120203.002\IDSviA64.sys -- (IDSVia64)DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 File not foundIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "MyStart Search"FF - prefs.js..browser.search.selectedEngine: "MyStart Search"FF - prefs.js..browser.startup.homepage: "http://mystart.incredibar.com/mb110?a=6OypJgPEHA&i=26"FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.6.0.1FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not foundFF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/01/28 08:20:31 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/02/04 08:10:01 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/12 12:28:42 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/17 06:16:16 | 000,000,000 | ---D | M][2010/07/12 18:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Extensions[2012/02/04 08:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions[2010/11/26 13:08:53 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}[2010/11/26 13:08:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\engine@conduit.com[2012/01/13 22:30:42 | 000,002,203 | ---- | M] () -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\searchplugins\MyStart Search.xml[2012/02/03 19:41:06 | 000,002,470 | ---- | M] () -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\searchplugins\safesearch.xml[2011/03/03 18:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2011/03/03 18:42:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}[2012/02/04 08:10:01 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\COFFPLGN[2012/01/28 08:20:31 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPLGN[2011/03/03 18:41:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dllCHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllCHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dllCHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dllCHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLLCHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dllCHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dllCHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dllCHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Default Plug-in (Enabled) = default_pluginCHR - Extension: YouTube = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\CHR - Extension: Google Search = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\CHR - Extension: Norton Identity Protection = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\CHR - Extension: Gmail = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\O1 HOSTS File: ([2012/02/03 17:28:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll File not foundO2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll File not foundO2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not foundO3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll File not foundO3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll File not foundO3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6461BF92-C357-4EE9-807F-6745DE002A8D}: NameServer = 66.1.32.132 66.1.32.133O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C553182D-B1D8-4C61-A369-24D891835C5A}: DhcpNameServer = 192.168.1.254O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value foundO18:64bit: - Protocol\Handler\ms-itss - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18:64bit: - Protocol\Filter\text/xml - No CLSID value foundO20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/06/18 16:12:18 | 000,000,088 | ---- | M] () - E:\autorun.inf -- [ UDF ]O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2012/02/04 08:34:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exe[2012/02/03 18:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital[2012/02/03 18:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare[2012/02/03 17:35:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2012/02/03 17:33:07 | 000,000,000 | ---D | C] -- C:\Windows\temp[2012/02/02 18:21:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2012/02/02 18:21:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2012/02/02 18:21:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2012/02/02 18:21:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT[2012/02/02 18:20:07 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/02/02 18:09:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine[2012/02/01 19:19:53 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Nolan Scott\Desktop\aswMBR.exe[2012/02/01 19:15:32 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nolan Scott\Desktop\tdsskiller.exe[2012/01/31 19:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support[2012/01/31 19:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}[2012/01/29 13:17:36 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Roaming\AppClient[2012/01/29 13:17:06 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Local\Deployment[2012/01/29 13:17:06 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Local\Apps[2012/01/28 15:06:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun[2012/01/13 22:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdlSoft Uncompressor[2012/01/13 22:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ADLSoft UnCompressor[2012/01/11 19:44:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ms-MY[2012/01/09 19:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune[2012/01/05 18:34:27 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Local\NPE========== Files - Modified Within 30 Days ==========[2012/02/04 08:34:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exe[2012/02/04 08:23:42 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/02/04 08:23:42 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/02/04 08:17:30 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/02/04 08:09:48 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol[2012/02/04 08:09:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/02/04 08:09:37 | 1945,554,943 | -HS- | M] () -- C:\hiberfil.sys[2012/02/03 22:10:00 | 001,990,379 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Cat.DB[2012/02/03 22:04:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/02/03 18:53:09 | 000,001,161 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk[2012/02/03 17:28:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2012/02/01 19:23:41 | 000,000,022 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\MBR (zipped).zip[2012/02/01 19:22:46 | 000,000,512 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\MBR.dat[2012/02/01 19:20:20 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Nolan Scott\Desktop\aswMBR.exe[2012/02/01 19:15:33 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nolan Scott\Desktop\tdsskiller.exe[2012/02/01 19:01:01 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNolan Scott.job[2012/01/31 19:24:07 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk[2012/01/30 20:15:18 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/01/28 14:50:34 | 000,002,514 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk[2012/01/28 14:49:53 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\VT20111023.024[2012/01/28 08:41:49 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS[2012/01/28 08:41:49 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT[2012/01/28 08:41:49 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF[2012/01/26 23:26:45 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\isolate.ini[2012/01/26 03:01:40 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2012/01/25 21:52:44 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk[2012/01/22 19:02:28 | 000,002,456 | ---- | M] () -- C:\{0DC75D24-118E-4230-B2EB-FA4EC553AA28}[2012/01/13 22:30:55 | 000,000,451 | ---- | M] () -- C:\user.js[2012/01/11 22:07:23 | 000,739,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/01/11 22:07:23 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/01/11 22:07:23 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/01/09 19:51:15 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk[2012/01/05 22:02:01 | 000,002,017 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\CyberLink PowerDirector.lnk[2012/01/05 18:49:10 | 000,001,286 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\Norton Installation Files.lnk========== Files Created - No Company Name ==========[2012/02/03 18:53:08 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk[2012/02/02 18:21:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2012/02/02 18:21:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2012/02/02 18:21:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2012/02/02 18:21:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2012/02/02 18:21:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2012/02/01 19:23:41 | 000,000,022 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\MBR (zipped).zip[2012/02/01 19:22:46 | 000,000,512 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\MBR.dat[2012/01/31 19:24:04 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk[2012/01/22 19:02:27 | 000,002,456 | ---- | C] () -- C:\{0DC75D24-118E-4230-B2EB-FA4EC553AA28}[2012/01/13 22:30:54 | 000,000,451 | ---- | C] () -- C:\user.js[2012/01/09 19:51:14 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk[2012/01/04 20:12:31 | 000,010,854 | -HS- | C] () -- C:\Users\Nolan Scott\AppData\Local\cxd8o8j8hsar[2012/01/04 20:12:31 | 000,010,854 | -HS- | C] () -- C:\ProgramData\cxd8o8j8hsar[2011/10/09 20:56:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol[2010/11/20 15:29:58 | 000,000,285 | ---- | C] () -- C:\Windows\EReg072.dat[2010/11/20 15:29:46 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll[2010/11/09 16:03:03 | 000,033,134 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Roaming\UserTile.png[2010/09/12 19:04:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI[2010/04/09 14:08:26 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\zmbv.dll[2010/03/21 21:03:57 | 001,354,833 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Local\tmpP3160007.JPG[2010/03/21 16:39:12 | 001,196,978 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Local\tmpP3160011.JPG[2010/03/10 11:39:21 | 000,000,011 | ---- | C] () -- C:\Windows\OSA.INI[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI========== LOP Check ==========[2012/01/29 13:17:43 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\AppClient[2012/01/30 22:14:43 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\BitTorrent[2012/01/31 05:52:18 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Dropbox[2010/03/10 13:42:10 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\GetRightToGo[2010/03/10 11:01:20 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\PictureMover[2010/03/29 11:00:03 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Publish Providers[2011/10/09 20:56:20 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Sierra Wireless[2010/03/23 21:22:04 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Sony[2012/01/04 20:37:41 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Tific[2010/03/10 11:52:29 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Western Digital[2010/03/11 19:01:06 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\WinBatch[2010/10/28 19:17:10 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Windows Live Writer[2011/09/30 09:33:47 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job[2012/01/05 19:37:05 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86< End of report >OTL Extras logfile created on: 2/4/2012 8:35:09 AM - Run 1OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nolan Scott\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy7.75 Gb Total Physical Memory | 5.87 Gb Available Physical Memory | 75.78% Memory free15.50 Gb Paging File | 13.69 Gb Available in Paging File | 88.36% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 920.64 Gb Total Space | 751.37 Gb Free Space | 81.61% Space Free | Partition Type: NTFSDrive D: | 10.77 Gb Total Space | 1.57 Gb Free Space | 14.58% Space Free | Partition Type: NTFSDrive E: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDFDrive K: | 930.86 Gb Total Space | 684.31 Gb Free Space | 73.51% Space Free | Partition Type: NTFSComputer Name: NES-PC | User Name: Nolan Scott | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0========== Firewall Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant"{23B47A34-0517-48DA-8B76-015DA8546893}" = WD SmartWare"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component"{F31E3C75-A273-419A-8BEB-58835F28BD47}" = Initio USB Default Controller Driver 64-bit"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"CCleaner" = CCleaner"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"NVIDIA Drivers" = NVIDIA Drivers"PC-Doctor for Windows" = Hardware Diagnostic Tools"Zune" = Zune[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 24"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core"{7FC8C210-A319-4835-A87D-B935EFB4C148}" = Microsoft Live Search Toolbar"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Finale SongWriter 2005" = Finale SongWriter 2005"Google Chrome" = Google Chrome"HP Remote Solution" = HP Remote Solution"incredibar" = Incredibar Toolbar on IE and Chrome"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000"McAfee Security Scan" = McAfee Security Scan Plus"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)"NIS" = Norton Internet Security"SShockDeinstallKey" = System Shock2"WildTangent hp Master Uninstall" = HP Games"WinLiveSuite" = Windows Live Essentials"ZMBV" = Zip Motion Block Video codec (Remove Only)========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]========== Last 10 Event Log Errors ==========[ Application Events ]Error - 5/7/2011 8:46:54 PM | Computer Name = NES-PC | Source = Application Error | ID = 1000Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,time stamp: 0x4d76255d Faulting module name: ccIPC.dll, version: 10.1.0.37, timestamp: 0x4cec764e Exception code: 0xc0000005 Fault offset: 0x000014e6 Faulting process id: 0xa2c Faulting application start time: 0x01cc0d138ef6abe0 Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccIPC.dll Report Id: ab0a612c-790c-11e0-8b02-e0cb4e9bde34Error - 5/8/2011 10:58:49 PM | Computer Name = NES-PC | Source = Windows Backup | ID = 4103Description =Error - 5/10/2011 6:13:35 AM | Computer Name = NES-PC | Source = WPDMTPDriver | ID = 80836Description =Error - 5/11/2011 7:10:40 PM | Computer Name = NES-PC | Source = Application Hang | ID = 1002Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: cb4 Start Time: 01cc1030492e3770 Termination Time: 78 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 5/13/2011 6:19:11 AM | Computer Name = NES-PC | Source = WPDMTPDriver | ID = 80836Description =Error - 5/15/2011 7:00:01 PM | Computer Name = NES-PC | Source = Windows Backup | ID = 4103Description =Error - 5/17/2011 6:21:51 AM | Computer Name = NES-PC | Source = WPDMTPDriver | ID = 80836Description =Error - 5/17/2011 10:02:43 PM | Computer Name = NES-PC | Source = Application Error | ID = 1000Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,time stamp: 0x4d76255d Faulting module name: Flash10p.ocx, version: 10.2.159.1, time stamp: 0x4da39a4c Exception code: 0xc0000005 Fault offset: 0x001930b4 Faulting process id: 0x1374 Faulting application start time: 0x01cc14f4891a1174 Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\Flash10p.ocx Report Id: ea56f244-80f2-11e0-ab1e-e0cb4e9bde34Error - 5/20/2011 6:18:48 AM | Computer Name = NES-PC | Source = WPDMTPDriver | ID = 80836Description =Error - 5/22/2011 7:00:08 PM | Computer Name = NES-PC | Source = Windows Backup | ID = 4103Description =[ Hewlett-Packard Events ]Error - 1/3/2011 8:30:16 PM | Computer Name = NES-PC | Source = Hewlett-Packard | ID = 0Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011103073012.xml File not created by asset agentError - 2/21/2011 8:05:48 PM | Computer Name = NES-PC | Source = Hewlett-Packard | ID = 0Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021121070516.xml File not created by asset agentError - 2/21/2011 8:06:20 PM | Computer Name = NES-PC | Source = Hewlett-Packard | ID = 0Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021121070548.xml File not created by asset agentError - 5/30/2011 11:23:11 PM | Computer Name = NES-PC | Source = Hewlett-Packard | ID = 0Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051130112309.xml File not created by asset agentError - 5/30/2011 11:23:14 PM | Computer Name = NES-PC | Source = Hewlett-Packard | ID = 0Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051130112311.xml File not created by asset agentError - 10/24/2011 4:38:36 PM | Computer Name = NES-PC | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Object '/c9636717_e749_4bdf_b344_e2a7e230c6d0/ttrcl2xdqm0u2mxgqazkq2m6_5.rem' has been disconnected or does not exist at the server. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat: en-US RAM: 7935 Ram Utilization: 20 TargetSite: Void UpdateDetail(System.String) [ System Events ]Error - 2/3/2012 6:24:49 PM | Computer Name = NES-PC | Source = Service Control Manager | ID = 7030Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error - 2/3/2012 6:27:05 PM | Computer Name = NES-PC | Source = Service Control Manager | ID = 7030Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error - 2/3/2012 6:30:35 PM | Computer Name = NES-PC | Source = Service Control Manager | ID = 7000Description = The HP Support Assistant Service service failed to start due to the following error: %%31Error - 2/3/2012 8:24:11 PM | Computer Name = NES-PC | Source = Service Control Manager | ID = 7024Description = The Windows Search service terminated with service-specific error%%-1073473535.Error - 2/3/2012 8:24:11 PM | Computer Name = NES-PC | Source = Service Control Manager | ID = 7031Description = The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.Error - 2/3/2012 8:24:15 PM | Computer Name = NES-PC | Source = Service Control Manager | ID = 7011Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.Error - 2/3/2012 8:29:41 PM | Computer Name = NES-PC | Source = Service Control Manager | ID = 7022Description = The Windows Update service hung on starting.Error - 2/3/2012 11:19:36 PM | Computer Name = NES-PC | Source = DCOM | ID = 10010Description =Error - 2/3/2012 11:20:18 PM | Computer Name = NES-PC | Source = Service Control Manager | ID = 7022Description = The Windows Font Cache Service service hung on starting.Error - 2/4/2012 9:16:59 AM | Computer Name = NES-PC | Source = Service Control Manager | ID = 7022Description = The Windows Update service hung on starting.< End of report > Link to post Share on other sites More sharing options...
oxr52a Posted February 4, 2012 Author ID:523593 Share Posted February 4, 2012 This also may be relevant for you. In Add/Remove programs, it says that Incredibar Toolbar on IE and Chrome was installed on 1/13/2012. Link to post Share on other sites More sharing options...
Larusso Posted February 4, 2012 ID:523594 Share Posted February 4, 2012 It looks like the OTL.txt is not complete. Please open OTL.txt, highlight all -> copy and paste it here Link to post Share on other sites More sharing options...
oxr52a Posted February 5, 2012 Author ID:523725 Share Posted February 5, 2012 Here it is again. I have made sure all the text is highlighted.OTL logfile created on: 2/4/2012 8:44:29 AM - Run 2OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nolan Scott\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy7.75 Gb Total Physical Memory | 5.76 Gb Available Physical Memory | 74.34% Memory free15.50 Gb Paging File | 13.61 Gb Available in Paging File | 87.80% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 920.64 Gb Total Space | 751.37 Gb Free Space | 81.61% Space Free | Partition Type: NTFSDrive D: | 10.77 Gb Total Space | 1.57 Gb Free Space | 14.58% Space Free | Partition Type: NTFSDrive E: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDFDrive K: | 930.86 Gb Total Space | 684.31 Gb Free Space | 73.51% Space Free | Partition Type: NTFSComputer Name: NES-PC | User Name: Nolan Scott | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/02/04 08:34:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exePRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exePRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exePRC - [2010/09/03 01:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exePRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe========== Modules (No Company Name) ==================== Win32 Services (SafeList) ==========SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)SRV:64bit: - [2011/08/01 10:12:52 | 001,338,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)SRV:64bit: - [2011/08/01 10:12:50 | 001,978,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)SRV:64bit: - [2011/08/01 10:12:46 | 000,317,328 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/01/28 08:41:49 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)DRV:64bit: - [2011/11/23 21:23:47 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symefa64.sys -- (SymEFA)DRV:64bit: - [2011/11/23 20:50:27 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.sys -- (SRTSP)DRV:64bit: - [2011/11/23 20:50:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)DRV:64bit: - [2011/11/16 22:37:59 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symnets.sys -- (SymNetS)DRV:64bit: - [2011/11/16 22:17:49 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ironx64.sys -- (SymIRON)DRV:64bit: - [2011/11/04 18:59:30 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.sys -- (ccSet_NIS)DRV:64bit: - [2011/07/25 21:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symds64.sys -- (SymDS)DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)DRV:64bit: - [2010/05/16 20:09:42 | 000,285,696 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)DRV:64bit: - [2010/05/16 20:09:42 | 000,211,328 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)DRV:64bit: - [2010/05/16 20:09:26 | 000,255,488 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)DRV:64bit: - [2010/03/26 19:08:34 | 000,359,040 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)DRV:64bit: - [2010/03/26 19:04:34 | 000,062,976 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)DRV:64bit: - [2010/03/10 15:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)DRV:64bit: - [2009/07/30 12:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/06/05 10:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)DRV - [2012/02/04 08:30:55 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120203.036\ex64.sys -- (NAVEX15)DRV - [2012/02/04 08:30:55 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120203.036\eng64.sys -- (NAVENG)DRV - [2012/02/03 22:02:31 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)DRV - [2012/02/03 22:02:31 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)DRV - [2011/12/15 18:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120203.002\IDSviA64.sys -- (IDSVia64)DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 File not foundIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "MyStart Search"FF - prefs.js..browser.search.selectedEngine: "MyStart Search"FF - prefs.js..browser.startup.homepage: "http://mystart.incredibar.com/mb110?a=6OypJgPEHA&i=26"FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.6.0.1FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not foundFF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/01/28 08:20:31 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/02/04 08:10:01 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/12 12:28:42 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/17 06:16:16 | 000,000,000 | ---D | M][2010/07/12 18:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Extensions[2012/02/04 08:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions[2010/11/26 13:08:53 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}[2010/11/26 13:08:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\engine@conduit.com[2012/01/13 22:30:42 | 000,002,203 | ---- | M] () -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\searchplugins\MyStart Search.xml[2012/02/03 19:41:06 | 000,002,470 | ---- | M] () -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\searchplugins\safesearch.xml[2011/03/03 18:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2011/03/03 18:42:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}[2012/02/04 08:10:01 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\COFFPLGN[2012/01/28 08:20:31 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPLGN[2011/03/03 18:41:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dllCHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllCHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dllCHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dllCHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLLCHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dllCHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dllCHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dllCHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Default Plug-in (Enabled) = default_pluginCHR - Extension: YouTube = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\CHR - Extension: Google Search = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\CHR - Extension: Norton Identity Protection = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\CHR - Extension: Gmail = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\O1 HOSTS File: ([2012/02/03 17:28:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll File not foundO2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll File not foundO2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not foundO3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll File not foundO3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll File not foundO3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6461BF92-C357-4EE9-807F-6745DE002A8D}: NameServer = 66.1.32.132 66.1.32.133O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C553182D-B1D8-4C61-A369-24D891835C5A}: DhcpNameServer = 192.168.1.254O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value foundO18:64bit: - Protocol\Handler\ms-itss - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18:64bit: - Protocol\Filter\text/xml - No CLSID value foundO20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/06/18 16:12:18 | 000,000,088 | ---- | M] () - E:\autorun.inf -- [ UDF ]O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2012/02/04 08:34:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exe[2012/02/03 18:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital[2012/02/03 18:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare[2012/02/03 17:35:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2012/02/03 17:33:07 | 000,000,000 | ---D | C] -- C:\Windows\temp[2012/02/02 18:21:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2012/02/02 18:21:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2012/02/02 18:21:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2012/02/02 18:21:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT[2012/02/02 18:20:07 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/02/02 18:09:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine[2012/02/01 19:19:53 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Nolan Scott\Desktop\aswMBR.exe[2012/02/01 19:15:32 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nolan Scott\Desktop\tdsskiller.exe[2012/01/31 19:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support[2012/01/31 19:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}[2012/01/29 13:17:36 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Roaming\AppClient[2012/01/29 13:17:06 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Local\Deployment[2012/01/29 13:17:06 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Local\Apps[2012/01/28 15:06:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun[2012/01/13 22:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdlSoft Uncompressor[2012/01/13 22:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ADLSoft UnCompressor[2012/01/11 19:44:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ms-MY[2012/01/09 19:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune[2012/01/05 18:34:27 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Local\NPE========== Files - Modified Within 30 Days ==========[2012/02/04 08:34:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exe[2012/02/04 08:23:42 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/02/04 08:23:42 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/02/04 08:17:30 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/02/04 08:09:48 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol[2012/02/04 08:09:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/02/04 08:09:37 | 1945,554,943 | -HS- | M] () -- C:\hiberfil.sys[2012/02/03 22:10:00 | 001,990,379 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Cat.DB[2012/02/03 22:04:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/02/03 18:53:09 | 000,001,161 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk[2012/02/03 17:28:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2012/02/01 19:23:41 | 000,000,022 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\MBR (zipped).zip[2012/02/01 19:22:46 | 000,000,512 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\MBR.dat[2012/02/01 19:20:20 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Nolan Scott\Desktop\aswMBR.exe[2012/02/01 19:15:33 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nolan Scott\Desktop\tdsskiller.exe[2012/02/01 19:01:01 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNolan Scott.job[2012/01/31 19:24:07 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk[2012/01/30 20:15:18 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/01/28 14:50:34 | 000,002,514 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk[2012/01/28 14:49:53 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\VT20111023.024[2012/01/28 08:41:49 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS[2012/01/28 08:41:49 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT[2012/01/28 08:41:49 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF[2012/01/26 23:26:45 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\isolate.ini[2012/01/26 03:01:40 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2012/01/25 21:52:44 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk[2012/01/22 19:02:28 | 000,002,456 | ---- | M] () -- C:\{0DC75D24-118E-4230-B2EB-FA4EC553AA28}[2012/01/13 22:30:55 | 000,000,451 | ---- | M] () -- C:\user.js[2012/01/11 22:07:23 | 000,739,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/01/11 22:07:23 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/01/11 22:07:23 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/01/09 19:51:15 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk[2012/01/05 22:02:01 | 000,002,017 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\CyberLink PowerDirector.lnk[2012/01/05 18:49:10 | 000,001,286 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\Norton Installation Files.lnk========== Files Created - No Company Name ==========[2012/02/03 18:53:08 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk[2012/02/02 18:21:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2012/02/02 18:21:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2012/02/02 18:21:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2012/02/02 18:21:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2012/02/02 18:21:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2012/02/01 19:23:41 | 000,000,022 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\MBR (zipped).zip[2012/02/01 19:22:46 | 000,000,512 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\MBR.dat[2012/01/31 19:24:04 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk[2012/01/22 19:02:27 | 000,002,456 | ---- | C] () -- C:\{0DC75D24-118E-4230-B2EB-FA4EC553AA28}[2012/01/13 22:30:54 | 000,000,451 | ---- | C] () -- C:\user.js[2012/01/09 19:51:14 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk[2012/01/04 20:12:31 | 000,010,854 | -HS- | C] () -- C:\Users\Nolan Scott\AppData\Local\cxd8o8j8hsar[2012/01/04 20:12:31 | 000,010,854 | -HS- | C] () -- C:\ProgramData\cxd8o8j8hsar[2011/10/09 20:56:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol[2010/11/20 15:29:58 | 000,000,285 | ---- | C] () -- C:\Windows\EReg072.dat[2010/11/20 15:29:46 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll[2010/11/09 16:03:03 | 000,033,134 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Roaming\UserTile.png[2010/09/12 19:04:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI[2010/04/09 14:08:26 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\zmbv.dll[2010/03/21 21:03:57 | 001,354,833 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Local\tmpP3160007.JPG[2010/03/21 16:39:12 | 001,196,978 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Local\tmpP3160011.JPG[2010/03/10 11:39:21 | 000,000,011 | ---- | C] () -- C:\Windows\OSA.INI[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI========== LOP Check ==========[2012/01/29 13:17:43 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\AppClient[2012/01/30 22:14:43 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\BitTorrent[2012/01/31 05:52:18 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Dropbox[2010/03/10 13:42:10 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\GetRightToGo[2010/03/10 11:01:20 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\PictureMover[2010/03/29 11:00:03 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Publish Providers[2011/10/09 20:56:20 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Sierra Wireless[2010/03/23 21:22:04 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Sony[2012/01/04 20:37:41 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Tific[2010/03/10 11:52:29 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Western Digital[2010/03/11 19:01:06 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\WinBatch[2010/10/28 19:17:10 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Windows Live Writer[2011/09/30 09:33:47 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job[2012/01/05 19:37:05 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86< End of report > Link to post Share on other sites More sharing options...
Larusso Posted February 5, 2012 ID:523757 Share Posted February 5, 2012 Hy there,I miss the whole Custom Scan part. Sorry to annoy you with it, but I need those informations also. Double click on the OTL icon to run it.Under the box paste this inactivexnetsvcsmsconfig%SYSTEMDRIVE%\*.%PROGRAMFILES%\*.exe%LOCALAPPDATA%\*.exe%systemroot%\*. /mp /s%systemroot%\system32\*.manifest /3/md5startexplorer.exeregedit.exewinlogon.exewininit.exeuserinit.exe/md5stopHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rsHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rsCREATERESTOREPOINTMake sure all other windows are closed to let it run uninterrupted.Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open a OTL.Txt . It is saved in the same location as OTL.Please post this logfile in your next reply. Link to post Share on other sites More sharing options...
oxr52a Posted February 7, 2012 Author ID:524331 Share Posted February 7, 2012 No problem. Whatever it takes to get it fixed. Here it is:OTL logfile created on: 2/6/2012 7:59:57 PM - Run 3OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nolan Scott\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy7.75 Gb Total Physical Memory | 5.85 Gb Available Physical Memory | 75.49% Memory free15.50 Gb Paging File | 13.57 Gb Available in Paging File | 87.56% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 920.64 Gb Total Space | 748.02 Gb Free Space | 81.25% Space Free | Partition Type: NTFSDrive D: | 10.77 Gb Total Space | 1.57 Gb Free Space | 14.58% Space Free | Partition Type: NTFSDrive E: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDFDrive K: | 930.86 Gb Total Space | 684.31 Gb Free Space | 73.51% Space Free | Partition Type: NTFSComputer Name: NES-PC | User Name: Nolan Scott | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/02/04 08:34:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exePRC - [2012/01/10 05:58:57 | 000,307,312 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exePRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2011/12/10 09:48:59 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exePRC - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exePRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exePRC - [2010/11/20 07:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exePRC - [2010/09/03 01:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exePRC - [2009/10/07 07:22:28 | 000,091,704 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exePRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe========== Modules (No Company Name) ==========MOD - [2011/10/13 02:26:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dllMOD - [2011/10/13 02:26:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dllMOD - [2011/10/13 02:26:54 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dllMOD - [2011/10/13 02:26:42 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll========== Win32 Services (SafeList) ==========SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)SRV:64bit: - [2011/08/01 10:12:52 | 001,338,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)SRV:64bit: - [2011/08/01 10:12:50 | 001,978,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)SRV:64bit: - [2011/08/01 10:12:46 | 000,317,328 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/01/28 08:41:49 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)DRV:64bit: - [2011/11/23 21:23:47 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symefa64.sys -- (SymEFA)DRV:64bit: - [2011/11/23 20:50:27 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.sys -- (SRTSP)DRV:64bit: - [2011/11/23 20:50:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)DRV:64bit: - [2011/11/16 22:37:59 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symnets.sys -- (SymNetS)DRV:64bit: - [2011/11/16 22:17:49 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ironx64.sys -- (SymIRON)DRV:64bit: - [2011/11/04 18:59:30 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.sys -- (ccSet_NIS)DRV:64bit: - [2011/07/25 21:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symds64.sys -- (SymDS)DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)DRV:64bit: - [2010/05/16 20:09:42 | 000,285,696 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)DRV:64bit: - [2010/05/16 20:09:42 | 000,211,328 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)DRV:64bit: - [2010/05/16 20:09:26 | 000,255,488 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)DRV:64bit: - [2010/03/26 19:08:34 | 000,359,040 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)DRV:64bit: - [2010/03/26 19:04:34 | 000,062,976 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)DRV:64bit: - [2010/03/10 15:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)DRV:64bit: - [2009/07/30 12:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/06/05 10:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)DRV - [2012/02/05 05:49:51 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120204.023\ex64.sys -- (NAVEX15)DRV - [2012/02/05 05:49:51 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)DRV - [2012/02/05 05:49:51 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120204.023\eng64.sys -- (NAVENG)DRV - [2012/02/03 22:02:31 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)DRV - [2011/12/15 18:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120203.002\IDSviA64.sys -- (IDSVia64)DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 File not foundIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "MyStart Search"FF - prefs.js..browser.search.selectedEngine: "MyStart Search"FF - prefs.js..browser.startup.homepage: "http://mystart.incredibar.com/mb110?a=6OypJgPEHA&i=26"FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.6.0.1FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not foundFF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/01/28 08:20:31 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/02/06 19:48:23 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/12 12:28:42 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/17 06:16:16 | 000,000,000 | ---D | M][2010/07/12 18:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Extensions[2012/02/05 05:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions[2010/11/26 13:08:53 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}[2010/11/26 13:08:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\engine@conduit.com[2012/01/13 22:30:42 | 000,002,203 | ---- | M] () -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\searchplugins\MyStart Search.xml[2012/02/03 19:41:06 | 000,002,470 | ---- | M] () -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\searchplugins\safesearch.xml[2011/03/03 18:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2011/03/03 18:42:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}[2012/02/06 19:48:23 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\COFFPLGN[2012/01/28 08:20:31 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPLGN[2011/03/03 18:41:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dllCHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllCHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dllCHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dllCHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLLCHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dllCHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dllCHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dllCHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Default Plug-in (Enabled) = default_pluginCHR - Extension: YouTube = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\CHR - Extension: Google Search = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\CHR - Extension: Norton Identity Protection = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\CHR - Extension: Gmail = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\O1 HOSTS File: ([2012/02/03 17:28:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll File not foundO2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll File not foundO2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not foundO3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll File not foundO3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll File not foundO3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6461BF92-C357-4EE9-807F-6745DE002A8D}: NameServer = 66.1.32.132 66.1.32.133O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C553182D-B1D8-4C61-A369-24D891835C5A}: DhcpNameServer = 192.168.1.254O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value foundO18:64bit: - Protocol\Handler\ms-itss - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18:64bit: - Protocol\Filter\text/xml - No CLSID value foundO20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/06/18 16:12:18 | 000,000,088 | ---- | M] () - E:\autorun.inf -- [ UDF ]O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2012/02/04 08:34:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exe[2012/02/03 18:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital[2012/02/03 18:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare[2012/02/03 17:35:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2012/02/03 17:33:07 | 000,000,000 | ---D | C] -- C:\Windows\temp[2012/02/02 18:21:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2012/02/02 18:21:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2012/02/02 18:21:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2012/02/02 18:21:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT[2012/02/02 18:20:07 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/02/02 18:09:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine[2012/02/01 19:19:53 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Nolan Scott\Desktop\aswMBR.exe[2012/02/01 19:15:32 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nolan Scott\Desktop\tdsskiller.exe[2012/01/31 19:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support[2012/01/31 19:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}[2012/01/29 13:17:36 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Roaming\AppClient[2012/01/29 13:17:06 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Local\Deployment[2012/01/29 13:17:06 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Local\Apps[2012/01/28 15:06:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun[2012/01/13 22:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdlSoft Uncompressor[2012/01/13 22:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ADLSoft UnCompressor[2012/01/11 19:44:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ms-MY[2012/01/09 19:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune========== Files - Modified Within 30 Days ==========[2012/02/06 20:04:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/02/06 20:04:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/02/06 20:00:05 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNolan Scott.job[2012/02/06 19:57:41 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/02/06 19:57:41 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/02/06 19:48:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/02/06 19:48:15 | 1945,554,943 | -HS- | M] () -- C:\hiberfil.sys[2012/02/05 14:47:20 | 000,237,407 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\berm.jpg[2012/02/05 14:42:42 | 000,092,092 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\jump.jpg[2012/02/04 21:14:00 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol[2012/02/04 08:34:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exe[2012/02/03 22:10:00 | 001,990,379 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Cat.DB[2012/02/03 18:53:09 | 000,001,161 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk[2012/02/03 17:28:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2012/02/01 19:23:41 | 000,000,022 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\MBR (zipped).zip[2012/02/01 19:22:46 | 000,000,512 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\MBR.dat[2012/02/01 19:20:20 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Nolan Scott\Desktop\aswMBR.exe[2012/02/01 19:15:33 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nolan Scott\Desktop\tdsskiller.exe[2012/01/31 19:24:07 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk[2012/01/30 20:15:18 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/01/28 14:50:34 | 000,002,514 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk[2012/01/28 14:49:53 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\VT20111023.024[2012/01/28 08:41:49 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS[2012/01/28 08:41:49 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT[2012/01/28 08:41:49 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF[2012/01/26 23:26:45 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\isolate.ini[2012/01/26 03:01:40 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2012/01/25 21:52:44 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk[2012/01/22 19:02:28 | 000,002,456 | ---- | M] () -- C:\{0DC75D24-118E-4230-B2EB-FA4EC553AA28}[2012/01/13 22:30:55 | 000,000,451 | ---- | M] () -- C:\user.js[2012/01/11 22:07:23 | 000,739,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/01/11 22:07:23 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/01/11 22:07:23 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/01/09 19:51:15 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk========== Files Created - No Company Name ==========[2012/02/06 20:00:05 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForNolan Scott.job[2012/02/05 14:52:25 | 000,092,092 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\jump.jpg[2012/02/05 14:50:34 | 000,237,407 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\berm.jpg[2012/02/03 18:53:08 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk[2012/02/02 18:21:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2012/02/02 18:21:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2012/02/02 18:21:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2012/02/02 18:21:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2012/02/02 18:21:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2012/02/01 19:23:41 | 000,000,022 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\MBR (zipped).zip[2012/02/01 19:22:46 | 000,000,512 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\MBR.dat[2012/01/31 19:24:04 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk[2012/01/22 19:02:27 | 000,002,456 | ---- | C] () -- C:\{0DC75D24-118E-4230-B2EB-FA4EC553AA28}[2012/01/13 22:30:54 | 000,000,451 | ---- | C] () -- C:\user.js[2012/01/09 19:51:14 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk[2012/01/04 20:12:31 | 000,010,854 | -HS- | C] () -- C:\Users\Nolan Scott\AppData\Local\cxd8o8j8hsar[2012/01/04 20:12:31 | 000,010,854 | -HS- | C] () -- C:\ProgramData\cxd8o8j8hsar[2011/10/09 20:56:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol[2010/11/20 15:29:58 | 000,000,285 | ---- | C] () -- C:\Windows\EReg072.dat[2010/11/20 15:29:46 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll[2010/11/09 16:03:03 | 000,033,134 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Roaming\UserTile.png[2010/09/12 19:04:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI[2010/04/09 14:08:26 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\zmbv.dll[2010/03/21 21:03:57 | 001,354,833 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Local\tmpP3160007.JPG[2010/03/21 16:39:12 | 001,196,978 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Local\tmpP3160011.JPG[2010/03/10 11:39:21 | 000,000,011 | ---- | C] () -- C:\Windows\OSA.INI[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI========== LOP Check ==========[2012/01/29 13:17:43 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\AppClient[2012/01/30 22:14:43 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\BitTorrent[2012/01/31 05:52:18 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Dropbox[2010/03/10 13:42:10 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\GetRightToGo[2010/03/10 11:01:20 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\PictureMover[2010/03/29 11:00:03 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Publish Providers[2011/10/09 20:56:20 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Sierra Wireless[2010/03/23 21:22:04 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Sony[2012/01/04 20:37:41 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Tific[2010/03/10 11:52:29 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Western Digital[2010/03/11 19:01:06 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\WinBatch[2010/10/28 19:17:10 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Windows Live Writer[2011/09/30 09:33:47 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job[2012/01/05 19:37:05 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86< End of report > Link to post Share on other sites More sharing options...
oxr52a Posted February 7, 2012 Author ID:524349 Share Posted February 7, 2012 Shortly after making that last post, the computer crashed. After I was able to get the computer booted back up, I ran a quick scan with Malwarebytes. I think trojan.agent has also returned. I did not perform any fixes after checking with the quick scan. This bug is being very difficult. Link to post Share on other sites More sharing options...
Larusso Posted February 7, 2012 ID:524372 Share Posted February 7, 2012 Please do me a favor and read my instructions carefully otherwise it makes it much more work for you and me.The Custom Scan part is still missing.Also from my first answerDo not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Link to post Share on other sites More sharing options...
oxr52a Posted February 8, 2012 Author ID:524644 Share Posted February 8, 2012 Okay, thanks for your patience. Here it is again. I think that it worked this time.OTL logfile created on: 2/7/2012 8:12:29 PM - Run 4OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nolan Scott\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy7.75 Gb Total Physical Memory | 5.28 Gb Available Physical Memory | 68.13% Memory free15.50 Gb Paging File | 13.11 Gb Available in Paging File | 84.57% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 920.64 Gb Total Space | 748.21 Gb Free Space | 81.27% Space Free | Partition Type: NTFSDrive D: | 10.77 Gb Total Space | 1.57 Gb Free Space | 14.58% Space Free | Partition Type: NTFSDrive E: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDFDrive K: | 930.86 Gb Total Space | 684.31 Gb Free Space | 73.51% Space Free | Partition Type: NTFSComputer Name: NES-PC | User Name: Nolan Scott | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/02/04 08:34:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exePRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exePRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exePRC - [2011/03/03 18:41:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exePRC - [2011/03/03 18:41:26 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exePRC - [2010/09/03 01:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exePRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exePRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exePRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exePRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe========== Modules (No Company Name) ==================== Win32 Services (SafeList) ==========SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)SRV:64bit: - [2011/08/01 10:12:52 | 001,338,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)SRV:64bit: - [2011/08/01 10:12:50 | 001,978,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)SRV:64bit: - [2011/08/01 10:12:46 | 000,317,328 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/01/28 08:41:49 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)DRV:64bit: - [2011/11/23 21:23:47 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symefa64.sys -- (SymEFA)DRV:64bit: - [2011/11/23 20:50:27 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.sys -- (SRTSP)DRV:64bit: - [2011/11/23 20:50:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)DRV:64bit: - [2011/11/16 22:37:59 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symnets.sys -- (SymNetS)DRV:64bit: - [2011/11/16 22:17:49 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ironx64.sys -- (SymIRON)DRV:64bit: - [2011/11/04 18:59:30 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.sys -- (ccSet_NIS)DRV:64bit: - [2011/07/25 21:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symds64.sys -- (SymDS)DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)DRV:64bit: - [2010/05/16 20:09:42 | 000,285,696 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)DRV:64bit: - [2010/05/16 20:09:42 | 000,211,328 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)DRV:64bit: - [2010/05/16 20:09:26 | 000,255,488 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)DRV:64bit: - [2010/03/26 19:08:34 | 000,359,040 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)DRV:64bit: - [2010/03/26 19:04:34 | 000,062,976 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)DRV:64bit: - [2010/03/10 15:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)DRV:64bit: - [2009/07/30 12:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/06/05 10:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)DRV - [2012/02/07 19:56:59 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120207.005\ex64.sys -- (NAVEX15)DRV - [2012/02/07 19:56:59 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120207.005\eng64.sys -- (NAVENG)DRV - [2012/02/05 05:49:51 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)DRV - [2012/02/03 22:02:31 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)DRV - [2011/12/15 18:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120207.005\IDSviA64.sys -- (IDSVia64)DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 File not foundIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "MyStart Search"FF - prefs.js..browser.search.selectedEngine: "MyStart Search"FF - prefs.js..browser.startup.homepage: "http://mystart.incredibar.com/mb110?a=6OypJgPEHA&i=26"FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.6.0.1FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not foundFF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/01/28 08:20:31 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/02/07 19:36:25 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/12 12:28:42 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/17 06:16:16 | 000,000,000 | ---D | M][2010/07/12 18:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Extensions[2012/02/05 05:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions[2010/11/26 13:08:53 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}[2010/11/26 13:08:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\extensions\engine@conduit.com[2012/01/13 22:30:42 | 000,002,203 | ---- | M] () -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\searchplugins\MyStart Search.xml[2012/02/03 19:41:06 | 000,002,470 | ---- | M] () -- C:\Users\Nolan Scott\AppData\Roaming\Mozilla\Firefox\Profiles\tqkght0p.default\searchplugins\safesearch.xml[2011/03/03 18:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2011/03/03 18:42:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}[2012/02/07 19:36:25 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\COFFPLGN[2012/01/28 08:20:31 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPLGN[2011/03/03 18:41:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dllCHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllCHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dllCHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dllCHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLLCHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dllCHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dllCHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dllCHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Default Plug-in (Enabled) = default_pluginCHR - Extension: YouTube = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\CHR - Extension: Google Search = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\CHR - Extension: Norton Identity Protection = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\CHR - Extension: Gmail = C:\Users\Nolan Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\O1 HOSTS File: ([2012/02/03 17:28:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll File not foundO2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll File not foundO2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not foundO3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll File not foundO3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll File not foundO3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6461BF92-C357-4EE9-807F-6745DE002A8D}: NameServer = 66.1.32.132 66.1.32.133O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C553182D-B1D8-4C61-A369-24D891835C5A}: DhcpNameServer = 192.168.1.254O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value foundO18:64bit: - Protocol\Handler\ms-itss - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18:64bit: - Protocol\Filter\text/xml - No CLSID value foundO20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/06/18 16:12:18 | 000,000,088 | ---- | M] () - E:\autorun.inf -- [ UDF ]O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dllActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing PackActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOEActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawExActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer HelpActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup ToolsActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing EnhancementsActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media PlayerActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site AccessActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dllActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettingsActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,InstallActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data BindingActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core FontsActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML HelpActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service InterfaceActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET FrameworkActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET FrameworkActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMPActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfigActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUPActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShowActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dllActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing PackActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOEActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShowActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawExActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer HelpActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup ToolsActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing EnhancementsActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media PlayerActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site AccessActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web FoldersActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET FrameworkActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dllActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettingsActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,InstallActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data BindingActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core FontsActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash PlayerActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML HelpActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service InterfaceActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET FrameworkActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMPActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfigActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUPMsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe - (Hewlett-Packard Company)MsConfig:64bit - StartUpFolder: C:^Users^Nolan Scott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - - File not foundMsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)MsConfig:64bit - StartUpReg: HP Remote Solution - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)MsConfig:64bit - StartUpReg: HPADVISOR - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)MsConfig:64bit - State: "startup" - Reg Error: Key error.CREATERESTOREPOINTRestore point Set: OTL Restore Point========== Files/Folders - Created Within 30 Days ==========[2012/02/04 08:34:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exe[2012/02/03 18:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital[2012/02/03 18:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare[2012/02/03 17:35:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2012/02/03 17:33:07 | 000,000,000 | ---D | C] -- C:\Windows\temp[2012/02/02 18:21:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2012/02/02 18:21:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2012/02/02 18:21:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2012/02/02 18:21:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT[2012/02/02 18:20:07 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/02/02 18:09:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine[2012/02/01 19:19:53 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Nolan Scott\Desktop\aswMBR.exe[2012/02/01 19:15:32 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nolan Scott\Desktop\tdsskiller.exe[2012/01/31 19:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support[2012/01/31 19:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}[2012/01/29 13:17:36 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Roaming\AppClient[2012/01/29 13:17:06 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Local\Deployment[2012/01/29 13:17:06 | 000,000,000 | ---D | C] -- C:\Users\Nolan Scott\AppData\Local\Apps[2012/01/28 15:06:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun[2012/01/13 22:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdlSoft Uncompressor[2012/01/13 22:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ADLSoft UnCompressor[2012/01/11 19:44:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ms-MY[2012/01/09 19:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune========== Files - Modified Within 30 Days ==========[2012/02/07 20:04:16 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/02/07 20:04:14 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/02/07 19:52:36 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/02/07 19:52:36 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/02/07 19:35:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/02/07 19:35:09 | 1945,554,943 | -HS- | M] () -- C:\hiberfil.sys[2012/02/06 21:12:52 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNolan Scott.job[2012/02/05 14:47:20 | 000,237,407 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\berm.jpg[2012/02/05 14:42:42 | 000,092,092 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\jump.jpg[2012/02/04 21:14:00 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol[2012/02/04 08:34:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nolan Scott\Desktop\OTL.exe[2012/02/03 22:10:00 | 001,990,379 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Cat.DB[2012/02/03 18:53:09 | 000,001,161 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk[2012/02/03 17:28:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2012/02/01 19:23:41 | 000,000,022 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\MBR (zipped).zip[2012/02/01 19:22:46 | 000,000,512 | ---- | M] () -- C:\Users\Nolan Scott\Desktop\MBR.dat[2012/02/01 19:20:20 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Nolan Scott\Desktop\aswMBR.exe[2012/02/01 19:15:33 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nolan Scott\Desktop\tdsskiller.exe[2012/01/31 19:24:07 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk[2012/01/30 20:15:18 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/01/28 14:50:34 | 000,002,514 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk[2012/01/28 14:49:53 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\VT20111023.024[2012/01/28 08:41:49 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS[2012/01/28 08:41:49 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT[2012/01/28 08:41:49 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF[2012/01/26 23:26:45 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\isolate.ini[2012/01/26 03:01:40 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2012/01/25 21:52:44 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk[2012/01/22 19:02:28 | 000,002,456 | ---- | M] () -- C:\{0DC75D24-118E-4230-B2EB-FA4EC553AA28}[2012/01/13 22:30:55 | 000,000,451 | ---- | M] () -- C:\user.js[2012/01/11 22:07:23 | 000,739,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/01/11 22:07:23 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/01/11 22:07:23 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/01/09 19:51:15 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk========== Files Created - No Company Name ==========[2012/02/06 20:00:05 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForNolan Scott.job[2012/02/05 14:52:25 | 000,092,092 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\jump.jpg[2012/02/05 14:50:34 | 000,237,407 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\berm.jpg[2012/02/03 18:53:08 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk[2012/02/02 18:21:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2012/02/02 18:21:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2012/02/02 18:21:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2012/02/02 18:21:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2012/02/02 18:21:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2012/02/01 19:23:41 | 000,000,022 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\MBR (zipped).zip[2012/02/01 19:22:46 | 000,000,512 | ---- | C] () -- C:\Users\Nolan Scott\Desktop\MBR.dat[2012/01/31 19:24:04 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk[2012/01/22 19:02:27 | 000,002,456 | ---- | C] () -- C:\{0DC75D24-118E-4230-B2EB-FA4EC553AA28}[2012/01/13 22:30:54 | 000,000,451 | ---- | C] () -- C:\user.js[2012/01/09 19:51:14 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk[2012/01/04 20:12:31 | 000,010,854 | -HS- | C] () -- C:\Users\Nolan Scott\AppData\Local\cxd8o8j8hsar[2012/01/04 20:12:31 | 000,010,854 | -HS- | C] () -- C:\ProgramData\cxd8o8j8hsar[2011/10/09 20:56:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol[2010/11/20 15:29:58 | 000,000,285 | ---- | C] () -- C:\Windows\EReg072.dat[2010/11/20 15:29:46 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll[2010/11/09 16:03:03 | 000,033,134 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Roaming\UserTile.png[2010/09/12 19:04:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI[2010/04/09 14:08:26 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\zmbv.dll[2010/03/21 21:03:57 | 001,354,833 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Local\tmpP3160007.JPG[2010/03/21 16:39:12 | 001,196,978 | ---- | C] () -- C:\Users\Nolan Scott\AppData\Local\tmpP3160011.JPG[2010/03/10 11:39:21 | 000,000,011 | ---- | C] () -- C:\Windows\OSA.INI[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI========== LOP Check ==========[2012/01/29 13:17:43 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\AppClient[2012/01/30 22:14:43 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\BitTorrent[2012/01/31 05:52:18 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Dropbox[2010/03/10 13:42:10 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\GetRightToGo[2010/03/10 11:01:20 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\PictureMover[2010/03/29 11:00:03 | 000,000,000 | ---D | M] -- C:\Users\Nolan Scott\AppData\Roaming\Publish Providers[2011/10/09 20:56:20 | 000,000,000 | ---D | M]
Recommended Posts