Solved Malware detected on every startup

D

david hurd

Posts: 90   +0
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.07.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
dad4 :: DAD4-PC [administrator]

4/7/2014 12:57:38 PM
mbam-log-2014-04-07 (12-57-38).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 605732
Time elapsed: 2 hour(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\AppDataLow\Software\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\dad4\AppData\Local\JollyWallet (PUP.Optional.JollyWallet.A) -> Quarantined and deleted successfully.

Files Detected: 2
C:\ProgramData\Symantec\Symantec Endpoint Protection\00002C75 (Hacktool.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Symantec\Symantec Endpoint Protection\00002D30 (Hacktool.Agent) -> Quarantined and deleted successfully.

(end)
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/20/2011 9:43:49 AM
System Uptime: 4/7/2014 4:49:03 PM (15 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Rampage II Extreme
Processor: Intel(R) Core(TM) i7 CPU 965 @ 3.20GHz | LGA1366 | 3040/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 158.56 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 102.777 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 724.519 GiB free.
F: is CDROM (CDFS)
G: is CDROM ()
H: is CDROM ()
I: is FIXED (NTFS) - 932 GiB total, 387.393 GiB free.
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Help Manager
Adobe Illustrator CC
Adobe Photoshop CS6
Adobe Premiere Elements 10
Adobe Reader X (10.1.9)
Advanced Fix 2013 version 2.1.3.83
Aimersoft Video Converter Ultimate(Build 5.6.0.1)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Art and Stitch
AutoSketch Release 9
BarTender 9.4
Bonjour
Brother HL-2170W
Brother MFL-Pro Suite MFC-9440CN
Carbonite
CCleaner
Cisco Connect
CreativeStudio
CyberLink PhotoNow
CyberLink PowerDirector
DAEMON Tools Pro
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DnsBasic 1.0 build 111
EcoSmart Config Utility
EcoSmart Live Connection Manager
EQ5
Follett Blue Book
Galil DMC .Net API for Visual Studio 2005
GalilTools
Google Chrome
Google Earth
Google Update Helper
HomeBase 3
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
ieSpell
iTunes
Java 7 Update 51
Java Auto Updater
Java(TM) 6 Update 29
LiveUpdate 3.3 (Symantec Corporation)
Machine Quilters Business Manager
Magic ISO Maker v5.4 (build 0239)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Access database engine 2010 (English)
Microsoft Access Runtime 2010
Microsoft Application Error Reporting
Microsoft Camera Codec Pack
Microsoft Mouse and Keyboard Center
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Runtime 2010
Microsoft Office Access Runtime MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (BARTENDER)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Management Objects Collection
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Streets & Trips 2011
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 13.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
No-IP DUC
Norton Ghost
NovaBench 3.0.4
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
PDF Settings CC
PerformanceTest v8.0
PlayReady PC Runtime amd64
ProShow Gold
PSD Viewer
PVM - Pattern Viewer and Manager
QuickTime
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SolidWorks eDrawings 2012
Splashtop Software Updater
Splashtop Streamer
Spybot - Search & Destroy
SUPERAntiSpyware
Symantec Endpoint Protection
Universal Buying Tool
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Vuze
Windows Mobile Device Center
WinRAR 4.00 beta 1 (32-bit)
WinRAR 4.01 (64-bit)
WinZip 15.0
Zebra Font Downloader
Zebra Setup Utilities
.
==== Event Viewer Messages From Past Week ========
.
4/7/2014 7:56:36 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
4/7/2014 4:58:13 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
4/7/2014 4:58:13 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
4/7/2014 4:57:53 PM, Error: Service Control Manager [7022] - The Commander Service service hung on starting.
4/7/2014 4:52:08 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/7/2014 11:23:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Printer Maestro service to connect.
4/7/2014 11:23:48 AM, Error: Service Control Manager [7000] - The Printer Maestro service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/7/2014 11:03:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
4/7/2014 11:03:36 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/6/2014 2:25:39 PM, Error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/5/2014 7:42:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
4/5/2014 7:33:37 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff8000322b595, 0xfffff8800ec6c8c8, 0xfffff8800ec6c120). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040514-44897-01.
4/1/2014 8:56:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
4/1/2014 8:56:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.
4/1/2014 8:56:03 AM, Error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
Run by dad4 at 7:21:35 on 2014-04-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.3061 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\No-IP\ducservice.exe
C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRServer.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\alg.exe
C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRFeature.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
C:\Windows\System32\msdtc.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\ehome\ehsched.exe
C:\Windows\eHome\EhTray.exe
C:\Windows\ehome\mcupdate.EXE
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\eHome\ehshell.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Aimersoft Video Converter Ultimate: {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [GoogleChromeAutoLaunch_37636091923EB0AF9654CD0625A352B8] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [BrowserPlugInHelper] C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\dad4\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
TCP: NameServer = 208.180.42.68 208.180.42.100 192.168.1.1
TCP: Interfaces\{1223660A-A804-48B7-8C3E-90BD0F74C30F} : DHCPNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dad4\AppData\Roaming\Mozilla\Firefox\Profiles\k6pv1e97.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - ExtSQL: !HIDDEN! 2010-01-17 07:54; bzgyksvqin@bzgyksvqin.org; C:\Users\dad4\Application Data\Mozilla\Firefox\Profiles\k6pv1e97.default\extensions\bzgyksvqin@bzgyksvqin.org.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-17 55856]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-15 39768]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-7-21 272448]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-24 137648]
R3 GenericMount;Generic Mount Driver;C:\Windows\System32\drivers\GenericMount.sys [2010-2-12 66608]
R3 hcw89;hcw89 service;C:\Windows\System32\drivers\hcw89.sys [2013-12-18 1542016]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-12 25928]
S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2014-4-6 38328]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-10-26 32768]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-26 19456]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-04-06 14:47:30 -------- d-----w- C:\Users\dad4\AppData\Local\PassMark
2014-04-06 14:47:24 -------- d-----w- C:\ProgramData\Passmark
2014-04-06 14:47:18 -------- d-----w- C:\Program Files\PerformanceTest
2014-03-26 20:39:04 67480 ----a-r- C:\Users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\CreativeStudio.log_A0257E23F5AD4097A09CA7B0B793CAA3.exe
2014-03-26 20:39:04 55192 ----a-r- C:\Users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\_974E1DB6E75641E3957E1B56935956A9.exe
2014-03-26 20:39:04 55192 ----a-r- C:\Users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\_4EFE6B2AFEBA472EAA518254BEAAE011.exe
2014-03-26 20:39:04 47000 ----a-r- C:\Users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\LibGalilRedist_1.6_C3EAD1C186A44126BC0A048067F5B7CA.exe
2014-03-26 20:39:03 59288 ----a-r- C:\Users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\CreativeStudioInst_5D5F060477714CDF95D31E38C92E618D.exe
2014-03-26 20:39:03 55192 ----a-r- C:\Users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\ARPPRODUCTICON.exe
2014-03-26 20:39:03 47000 ----a-r- C:\Users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\GalilTools_1.6.4.5_088A7308834240ABBA98F282EA6B1300.exe
2014-03-18 13:40:54 -------- d-----w- C:\ProgramData\Oracle
2014-03-18 13:39:19 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-15 19:41:35 -------- d-----w- C:\Users\dad4\AppData\Local\CrashDumps
2014-03-13 14:58:29 -------- d-sh--w- C:\$RECYCLE.BIN
2014-03-13 14:49:14 98816 ----a-w- C:\Windows\sed.exe
2014-03-13 14:49:14 256000 ----a-w- C:\Windows\PEV.exe
2014-03-13 14:49:14 208896 ----a-w- C:\Windows\MBR.exe
2014-03-13 14:49:04 -------- d-s---w- C:\ComboFix
2014-03-13 14:09:13 -------- d-----w- C:\Users\dad4\AppData\Roaming\SUPERAntiSpyware.com
2014-03-13 14:08:41 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-03-13 14:08:41 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-03-13 07:14:50 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-13 07:14:50 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-13 07:14:49 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-13 07:14:49 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-12 13:06:34 -------- d-----w- C:\Program Files (x86)\Advanced Fix 2013
.
==================== Find3M ====================
.
2014-03-12 00:15:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 00:15:10 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
.
============= FINISH: 7:23:42.08 ===============
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : dad4 [Admin rights]
Mode : Remove -- Date : 04/08/2014 17:53:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\syswow64\shlwapi.DLL @ 0x751546E9)
[Address] EAT @iexplore.exe (BeginBufferedAnimation) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180DF38)
[Address] EAT @iexplore.exe (BeginBufferedPaint) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180B741)
[Address] EAT @iexplore.exe (BeginPanningFeedback) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718276AF)
[Address] EAT @iexplore.exe (BufferedPaintClear) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180BBDB)
[Address] EAT @iexplore.exe (BufferedPaintInit) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180B8D4)
[Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180DE83)
[Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CE19)
[Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180E428)
[Address] EAT @iexplore.exe (BufferedPaintUnInit) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71817525)
[Address] EAT @iexplore.exe (CloseThemeData) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71801FA1)
[Address] EAT @iexplore.exe (DrawThemeBackground) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180D464)
[Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7181436D)
[Address] EAT @iexplore.exe (DrawThemeEdge) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C01C)
[Address] EAT @iexplore.exe (DrawThemeIcon) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182D123)
[Address] EAT @iexplore.exe (DrawThemeParentBackground) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180E776)
[Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180E5C5)
[Address] EAT @iexplore.exe (DrawThemeText) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180DB21)
[Address] EAT @iexplore.exe (DrawThemeTextEx) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180A70C)
[Address] EAT @iexplore.exe (EnableThemeDialogTexture) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7181786D)
[Address] EAT @iexplore.exe (EnableTheming) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C9FF)
[Address] EAT @iexplore.exe (EndBufferedAnimation) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180ACE8)
[Address] EAT @iexplore.exe (EndBufferedPaint) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180ACE8)
[Address] EAT @iexplore.exe (EndPanningFeedback) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182762C)
[Address] EAT @iexplore.exe (GetBufferedPaintBits) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180CF26)
[Address] EAT @iexplore.exe (GetBufferedPaintDC) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CDCF)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CD86)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C893)
[Address] EAT @iexplore.exe (GetCurrentThemeName) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718163AE)
[Address] EAT @iexplore.exe (GetThemeAppProperties) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180EBD6)
[Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180DA9E)
[Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71817155)
[Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71810190)
[Address] EAT @iexplore.exe (GetThemeBitmap) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71804B9C)
[Address] EAT @iexplore.exe (GetThemeBool) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71806651)
[Address] EAT @iexplore.exe (GetThemeColor) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718027C0)
[Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C346)
[Address] EAT @iexplore.exe (GetThemeEnumValue) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718027C0)
[Address] EAT @iexplore.exe (GetThemeFilename) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B997)
[Address] EAT @iexplore.exe (GetThemeFont) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718176A2)
[Address] EAT @iexplore.exe (GetThemeInt) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718027C0)
[Address] EAT @iexplore.exe (GetThemeIntList) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B86E)
[Address] EAT @iexplore.exe (GetThemeMargins) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71802F97)
[Address] EAT @iexplore.exe (GetThemeMetric) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718155B4)
[Address] EAT @iexplore.exe (GetThemePartSize) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180289F)
[Address] EAT @iexplore.exe (GetThemePosition) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B80D)
[Address] EAT @iexplore.exe (GetThemePropertyOrigin) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71810923)
[Address] EAT @iexplore.exe (GetThemeRect) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B936)
[Address] EAT @iexplore.exe (GetThemeStream) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B8CF)
[Address] EAT @iexplore.exe (GetThemeString) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B7A1)
[Address] EAT @iexplore.exe (GetThemeSysBool) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CB86)
[Address] EAT @iexplore.exe (GetThemeSysColor) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71815530)
[Address] EAT @iexplore.exe (GetThemeSysColorBrush) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CA32)
[Address] EAT @iexplore.exe (GetThemeSysFont) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C3D8)
[Address] EAT @iexplore.exe (GetThemeSysInt) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C5E7)
[Address] EAT @iexplore.exe (GetThemeSysSize) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CC61)
[Address] EAT @iexplore.exe (GetThemeSysString) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C553)
[Address] EAT @iexplore.exe (GetThemeTextExtent) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718089FE)
[Address] EAT @iexplore.exe (GetThemeTextMetrics) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7181778C)
[Address] EAT @iexplore.exe (GetThemeTransitionDuration) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180E1A1)
[Address] EAT @iexplore.exe (GetWindowTheme) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7181535B)
[Address] EAT @iexplore.exe (HitTestThemeBackground) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71812DC1)
[Address] EAT @iexplore.exe (IsAppThemed) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71817009)
[Address] EAT @iexplore.exe (IsCompositionActive) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718065DF)
[Address] EAT @iexplore.exe (IsThemeActive) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71816F36)
[Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180281C)
[Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CB3F)
[Address] EAT @iexplore.exe (IsThemePartDefined) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718030CF)
[Address] EAT @iexplore.exe (OpenThemeData) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71805F29)
[Address] EAT @iexplore.exe (OpenThemeDataEx) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718106FE)
[Address] EAT @iexplore.exe (SetThemeAppProperties) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CCEC)
[Address] EAT @iexplore.exe (SetWindowTheme) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71817AFC)
[Address] EAT @iexplore.exe (SetWindowThemeAttribute) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71809E39)
[Address] EAT @iexplore.exe (ThemeInitApiHook) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71804571)
[Address] EAT @iexplore.exe (UpdatePanningFeedback) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718275ED)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\syswow64\shlwapi.DLL @ 0x751546E9)
[Address] EAT @iexplore.exe (BeginBufferedAnimation) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180DF38)
[Address] EAT @iexplore.exe (BeginBufferedPaint) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180B741)
[Address] EAT @iexplore.exe (BeginPanningFeedback) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718276AF)
[Address] EAT @iexplore.exe (BufferedPaintClear) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180BBDB)
[Address] EAT @iexplore.exe (BufferedPaintInit) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180B8D4)
[Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180DE83)
[Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CE19)
[Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180E428)
[Address] EAT @iexplore.exe (BufferedPaintUnInit) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71817525)
[Address] EAT @iexplore.exe (CloseThemeData) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71801FA1)
[Address] EAT @iexplore.exe (DrawThemeBackground) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180D464)
[Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7181436D)
[Address] EAT @iexplore.exe (DrawThemeEdge) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C01C)
[Address] EAT @iexplore.exe (DrawThemeIcon) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182D123)
[Address] EAT @iexplore.exe (DrawThemeParentBackground) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180E776)
[Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180E5C5)
[Address] EAT @iexplore.exe (DrawThemeText) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180DB21)
[Address] EAT @iexplore.exe (DrawThemeTextEx) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180A70C)
[Address] EAT @iexplore.exe (EnableThemeDialogTexture) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7181786D)
[Address] EAT @iexplore.exe (EnableTheming) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C9FF)
[Address] EAT @iexplore.exe (EndBufferedAnimation) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180ACE8)
[Address] EAT @iexplore.exe (EndBufferedPaint) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180ACE8)
[Address] EAT @iexplore.exe (EndPanningFeedback) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182762C)
[Address] EAT @iexplore.exe (GetBufferedPaintBits) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180CF26)
[Address] EAT @iexplore.exe (GetBufferedPaintDC) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CDCF)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CD86)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C893)
[Address] EAT @iexplore.exe (GetCurrentThemeName) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718163AE)
[Address] EAT @iexplore.exe (GetThemeAppProperties) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180EBD6)
[Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180DA9E)
[Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71817155)
[Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71810190)
[Address] EAT @iexplore.exe (GetThemeBitmap) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71804B9C)
[Address] EAT @iexplore.exe (GetThemeBool) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71806651)
[Address] EAT @iexplore.exe (GetThemeColor) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718027C0)
[Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C346)
[Address] EAT @iexplore.exe (GetThemeEnumValue) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718027C0)
[Address] EAT @iexplore.exe (GetThemeFilename) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B997)
[Address] EAT @iexplore.exe (GetThemeFont) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718176A2)
[Address] EAT @iexplore.exe (GetThemeInt) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718027C0)
[Address] EAT @iexplore.exe (GetThemeIntList) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B86E)
[Address] EAT @iexplore.exe (GetThemeMargins) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71802F97)
[Address] EAT @iexplore.exe (GetThemeMetric) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718155B4)
[Address] EAT @iexplore.exe (GetThemePartSize) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180289F)
[Address] EAT @iexplore.exe (GetThemePosition) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B80D)
[Address] EAT @iexplore.exe (GetThemePropertyOrigin) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71810923)
[Address] EAT @iexplore.exe (GetThemeRect) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B936)
[Address] EAT @iexplore.exe (GetThemeStream) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B8CF)
[Address] EAT @iexplore.exe (GetThemeString) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B7A1)
[Address] EAT @iexplore.exe (GetThemeSysBool) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CB86)
[Address] EAT @iexplore.exe (GetThemeSysColor) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71815530)
[Address] EAT @iexplore.exe (GetThemeSysColorBrush) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CA32)
[Address] EAT @iexplore.exe (GetThemeSysFont) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C3D8)
[Address] EAT @iexplore.exe (GetThemeSysInt) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C5E7)
[Address] EAT @iexplore.exe (GetThemeSysSize) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CC61)
[Address] EAT @iexplore.exe (GetThemeSysString) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C553)
[Address] EAT @iexplore.exe (GetThemeTextExtent) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718089FE)
[Address] EAT @iexplore.exe (GetThemeTextMetrics) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7181778C)
[Address] EAT @iexplore.exe (GetThemeTransitionDuration) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180E1A1)
[Address] EAT @iexplore.exe (GetWindowTheme) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7181535B)
[Address] EAT @iexplore.exe (HitTestThemeBackground) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71812DC1)
[Address] EAT @iexplore.exe (IsAppThemed) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71817009)
[Address] EAT @iexplore.exe (IsCompositionActive) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718065DF)
[Address] EAT @iexplore.exe (IsThemeActive) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71816F36)
[Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180281C)
[Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CB3F)
[Address] EAT @iexplore.exe (IsThemePartDefined) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718030CF)
[Address] EAT @iexplore.exe (OpenThemeData) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71805F29)
[Address] EAT @iexplore.exe (OpenThemeDataEx) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718106FE)
[Address] EAT @iexplore.exe (SetThemeAppProperties) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CCEC)
[Address] EAT @iexplore.exe (SetWindowTheme) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71817AFC)
[Address] EAT @iexplore.exe (SetWindowThemeAttribute) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71809E39)
[Address] EAT @iexplore.exe (ThemeInitApiHook) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71804571)
[Address] EAT @iexplore.exe (UpdatePanningFeedback) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718275ED)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AZRX-00A8LB0 ATA Device +++++
--- User ---
[MBR] be33cbc9cdf6033ac4fa404e47e78ac1
[BSP] 0a33ce88d53b03f69c74aea82928f730 : Windows XP MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) Hitachi HDP725050GLA360 ATA Device +++++
--- User ---
[MBR] 13a679bd258322b2d5894bf171452d1c
[BSP] 9732c3e2b88e74695bd9e09b44acd976 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476944 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) WDC WD10EZRX-00A8LB0 ATA Device +++++
--- User ---
[MBR] f1026ece16818ebd497723ec59b5163a
[BSP] 270886f7abe5e8d1407137c7ed3981ea : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953874 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ IDE) WDC WD10EACS-00D6B0 ATA Device +++++
--- User ---
[MBR] dafd165417067138f84241e413a1fb76
[BSP] f8c7257432e649fb01586ba6315f2a42 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953874 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ IDE) WDC WD10EZRX-00A8LB0 ATA Device +++++
--- User ---
[MBR] 147b753bb797bd2bce906c2ad1f4a42e
[BSP] 62ba7d328ad86fdf22662d5caa1e3b0d : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953874 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_04082014_175316.txt >>
RKreport[0]_S_04082014_172404.txt
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.04.08.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
dad4 :: DAD4-PC [administrator]

4/8/2014 6:34:31 PM
mbar-log-2014-04-08 (18-34-31).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 343953
Time elapsed: 55 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 2
Physical Sector #32 on Drive #0 (Unknown.Rootkit.VBR) -> Replace on reboot.
Master Boot Record on Drive #0 (Unknown.Rootkit.VBR) -> Replace on reboot.

(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16521

Java version: 1.6.0_29

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED
CPU speed: 3.207000 GHz
Memory total: 6433136640, free: 2629189632

Downloaded database version: v2014.04.08.08
Downloaded database version: v2014.03.27.01
Initializing...
======================
------------ Kernel report ------------
04/08/2014 18:03:38
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spvr.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\system32\DRIVERS\symsnap.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\SRTSP64.SYS
\??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20140405.003\EX64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20140405.003\ENG64.SYS
\SystemRoot\System32\Drivers\SRTSPX64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\??\C:\Windows\system32\drivers\wpsdrvnt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk62x64.sys
\SystemRoot\system32\DRIVERS\hcw89.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\GenericMount.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\teefer2.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\WpsHelper.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\v2imount.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\DRIVERS\umpass.sys
\SystemRoot\system32\DRIVERS\WSDPrint.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\MSPQM.sys
\SystemRoot\system32\drivers\MSPCLOCK.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\ws2_32.dll
\Windows\System32\sechost.dll
\Windows\System32\imm32.dll
\Windows\System32\shell32.dll
\Windows\System32\usp10.dll
\Windows\System32\ole32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\urlmon.dll
\Windows\System32\advapi32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\difxapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\user32.dll
\Windows\System32\normaliz.dll
\Windows\System32\psapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\lpk.dll
\Windows\System32\nsi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\setupapi.dll
\Windows\System32\wininet.dll
\Windows\System32\comdlg32.dll
\Windows\System32\kernel32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa80066d3060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-7\
Lower Device Object: 0xfffffa80063f1060
Lower Device Driver Name: \Driver\atapi\
IRP handler 0 of \Driver\atapi points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa80066d3060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-7\
Lower Device Object: 0xfffffa80063f1060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa80066d2060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\
Lower Device Object: 0xfffffa80063df060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa80066d1060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-5\
Lower Device Object: 0xfffffa80063e8060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80066d0060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-4\
Lower Device Object: 0xfffffa80063e3060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006622790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xfffffa80063d8680
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006622790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006622250, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006622790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80063e2580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80063d8680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0029d04f0, 0xfffffa8006622790, 0xfffffa800ab01540
Lower DeviceData: 0xfffff8a0162f9720, 0xfffffa80063d8680, 0xfffffa800981ae40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1AE09

Partition information:

Partition 0 type is Empty (0x0)
Partition is ACTIVE.
Partition starts at LBA: 32 Numsec = 0
Partition is not bootable
Infected: VBR on Empty active partition --> [Unknown.Rootkit.VBR]
Changing partition to empty and not active. New active partition is 0 on drive 0 ...

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 976768450
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

MBR infection found on drive 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-31-976753168-976773168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa80066d0060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80066d0ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80066d0060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80063bc9b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80063e3060, DeviceName: \Device\Ide\IdeDeviceP2T1L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0182e81f0, 0xfffffa80066d0060, 0xfffffa800ae95790
Lower DeviceData: 0xfffff8a0189580d0, 0xfffffa80063e3060, 0xfffffa800a30bb40
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 67F76B81

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 976782082
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa80066d1060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80066d1b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80066d1060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80063e6520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80063e8060, DeviceName: \Device\Ide\IdeDeviceP4T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a008f6d560, 0xfffffa80066d1060, 0xfffffa800ae1e790
Lower DeviceData: 0xfffff8a0074540d0, 0xfffffa80063e8060, 0xfffffa800ab91870
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A944E807

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953534082

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xfffffa80066d2060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80066d2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80066d2060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80063dd520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80063df060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a014de5740, 0xfffffa80066d2060, 0xfffffa800b3a6090
Lower DeviceData: 0xfffff8a0031660f0, 0xfffffa80063df060, 0xfffffa800616c2b0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 83F0F994

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953534082

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 4, DevicePointer: 0xfffffa80066d3060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80066d3b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80066d3060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80063bbe40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80063f1060, DeviceName: \Device\Ide\IdeDeviceP5T0L0-7\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0168a4ac0, 0xfffffa80066d3060, 0xfffffa8009cfe690
Lower DeviceData: 0xfffff8a005fd8150, 0xfffffa80063f1060, 0xfffffa8005cc6520
Drive 4
Scanning MBR on drive 4...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AB17B5FC

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953534082

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Scan Interrupted
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16521

Java version: 1.6.0_29

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED
CPU speed: 3.207000 GHz
Memory total: 6433136640, free: 4028608512

Could not load protection driver
Downloaded database version: v2014.04.08.09
Downloaded database version: v2014.03.27.01
=======================================
Initializing...
------------ Kernel report ------------
04/08/2014 18:34:27
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sphj.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\system32\DRIVERS\symsnap.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\SRTSP64.SYS
\??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20140405.003\EX64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20140405.003\ENG64.SYS
\SystemRoot\System32\Drivers\SRTSPX64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\??\C:\Windows\system32\drivers\wpsdrvnt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk62x64.sys
\SystemRoot\system32\DRIVERS\hcw89.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\GenericMount.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\teefer2.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\??\C:\Windows\system32\drivers\WpsHelper.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\v2imount.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\clbcatq.dll
\Windows\System32\lpk.dll
\Windows\System32\psapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\sechost.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\iertutil.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\advapi32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\nsi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\normaliz.dll
\Windows\System32\usp10.dll
\Windows\System32\msctf.dll
\Windows\System32\user32.dll
\Windows\System32\imm32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\kernel32.dll
\Windows\System32\setupapi.dll
\Windows\System32\wininet.dll
\Windows\System32\imagehlp.dll
\Windows\System32\gdi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ole32.dll
\Windows\System32\shell32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa80066d2060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-7\
Lower Device Object: 0xfffffa80063ef060
Lower Device Driver Name: \Driver\atapi\
IRP handler 0 of \Driver\atapi points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa80066d2060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-7\
Lower Device Object: 0xfffffa80063ef060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa80066d1060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\
Lower Device Object: 0xfffffa80063dd060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa80066d0060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-5\
Lower Device Object: 0xfffffa80063e6060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80066cf060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-4\
Lower Device Object: 0xfffffa80063e1060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006620790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xfffffa80063d6680
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006620790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006528950, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006620790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80063e0580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80063d6680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00790ae90, 0xfffffa8006620790, 0xfffffa8005fe9790
Lower DeviceData: 0xfffff8a0089d4c20, 0xfffffa80063d6680, 0xfffffa8005f0a2d0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1AE09

Partition information:

Partition 0 type is Empty (0x0)
Partition is ACTIVE.
Partition starts at LBA: 32 Numsec = 0
Partition is not bootable
Infected: VBR on Empty active partition --> [Unknown.Rootkit.VBR]
Changing partition to empty and not active. New active partition is 0 on drive 0 ...

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 976768450
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

MBR infection found on drive 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-31-976753168-976773168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa80066cf060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006620070, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80066cf060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80063bc9b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80063e1060, DeviceName: \Device\Ide\IdeDeviceP2T1L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a009cb5770, 0xfffffa80066cf060, 0xfffffa8005fea790
Lower DeviceData: 0xfffff8a01481fdb0, 0xfffffa80063e1060, 0xfffffa8005fefd40
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 67F76B81

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 976782082
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa80066d0060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80066d0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80066d0060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80063e4520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80063e6060, DeviceName: \Device\Ide\IdeDeviceP4T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0068cbb40, 0xfffffa80066d0060, 0xfffffa80060e9690
Lower DeviceData: 0xfffff8a005b475e0, 0xfffffa80063e6060, 0xfffffa8005f80520
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A944E807

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953534082

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xfffffa80066d1060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80066d1b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80066d1060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80063db520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80063dd060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00967a4e0, 0xfffffa80066d1060, 0xfffffa800601e790
Lower DeviceData: 0xfffff8a005377c00, 0xfffffa80063dd060, 0xfffffa8005fde520
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 83F0F994

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953534082

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 4, DevicePointer: 0xfffffa80066d2060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80066d2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80066d2060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80063afe40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80063ef060, DeviceName: \Device\Ide\IdeDeviceP5T0L0-7\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0069cfe80, 0xfffffa80066d2060, 0xfffffa80060d9690
Lower DeviceData: 0xfffff8a007a73620, 0xfffffa80063ef060, 0xfffffa8005fea520
Drive 4
Scanning MBR on drive 4...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AB17B5FC

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953534082

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16521

Java version: 1.6.0_29

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED
CPU speed: 3.207000 GHz
Memory total: 6433136640, free: 3920359424

Could not load protection driver
Downloaded database version: v2014.04.08.09
Downloaded database version: v2014.03.27.01
Initializing...
======================
 
Very good :)
You had infected (rootkited) fake partition.
It looks like MBAR took care of it but I want to double check...

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Tdsskiller found nothing. but this morning symatic listed 40 or so all in tmp files they looked like this dwh83e9.tmp
 
Good.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 14-04-09.02 - dad4 04/09/2014 17:25:10.5.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.2709 [GMT -5:00]
Running from: c:\users\dad4\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-03-09 to 2014-04-09 )))))))))))))))))))))))))))))))
.
.
2014-04-09 22:34 . 2014-04-09 22:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-04-09 22:34 . 2014-04-09 22:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-04-09 22:34 . 2014-04-09 22:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-09 22:34 . 2014-04-09 22:34 -------- d-----w- c:\users\AppData\AppData\Local\temp
2014-04-09 00:52 . 2014-04-09 00:52 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-08 23:03 . 2014-04-09 02:06 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-04-08 23:03 . 2014-04-08 23:03 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-08 12:51 . 2014-04-08 18:12 -------- d-----w- c:\users\dad4\AppData\Roaming\FreeFixer
2014-04-08 12:51 . 2014-04-08 13:07 -------- d-----w- c:\users\dad4\AppData\Local\FreeFixer
2014-04-08 12:50 . 2014-04-08 12:50 -------- d-----w- c:\program files\FreeFixer
2014-04-06 14:47 . 2014-04-06 14:47 -------- d-----w- c:\users\dad4\AppData\Local\PassMark
2014-04-06 14:47 . 2014-04-06 14:47 -------- d-----w- c:\programdata\Passmark
2014-04-06 14:47 . 2014-04-06 14:47 -------- d-----w- c:\program files\PerformanceTest
2014-03-26 20:39 . 2014-03-26 20:39 67480 ----a-r- c:\users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\CreativeStudio.log_A0257E23F5AD4097A09CA7B0B793CAA3.exe
2014-03-26 20:39 . 2014-03-26 20:39 55192 ----a-r- c:\users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\_974E1DB6E75641E3957E1B56935956A9.exe
2014-03-26 20:39 . 2014-03-26 20:39 55192 ----a-r- c:\users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\_4EFE6B2AFEBA472EAA518254BEAAE011.exe
2014-03-26 20:39 . 2014-03-26 20:39 47000 ----a-r- c:\users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\LibGalilRedist_1.6_C3EAD1C186A44126BC0A048067F5B7CA.exe
2014-03-26 20:39 . 2014-03-26 20:39 47000 ----a-r- c:\users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\GalilTools_1.6.4.5_088A7308834240ABBA98F282EA6B1300.exe
2014-03-26 20:39 . 2014-03-26 20:39 59288 ----a-r- c:\users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\CreativeStudioInst_5D5F060477714CDF95D31E38C92E618D.exe
2014-03-26 20:39 . 2014-03-26 20:39 55192 ----a-r- c:\users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\ARPPRODUCTICON.exe
2014-03-18 13:41 . 2014-03-18 13:41 -------- d-----w- c:\users\dad4\AppData\Roaming\Oracle
2014-03-18 13:40 . 2014-03-18 13:40 -------- d-----w- c:\programdata\Oracle
2014-03-18 13:39 . 2014-03-18 13:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-03-18 13:39 . 2014-03-18 13:38 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-15 19:41 . 2014-04-03 23:34 -------- d-----w- c:\users\dad4\AppData\Local\CrashDumps
2014-03-13 14:09 . 2014-03-13 14:09 -------- d-----w- c:\users\dad4\AppData\Roaming\SUPERAntiSpyware.com
2014-03-13 14:08 . 2014-03-13 14:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-03-13 14:08 . 2014-03-13 14:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-03-13 07:14 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-13 07:14 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-13 07:14 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-13 07:14 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-12 13:06 . 2014-03-12 13:06 -------- d-----w- c:\program files (x86)\Advanced Fix 2013
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-19 08:00 . 2011-08-02 19:46 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-12 00:15 . 2012-07-10 15:36 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 00:15 . 2011-07-20 19:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-10-10 21:26 1021448 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-10-10 21:26 1021448 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-10-10 21:26 1021448 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-06 6563608]
"GoogleChromeAutoLaunch_37636091923EB0AF9654CD0625A352B8"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-03-15 859976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-05-06 115560]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"Norton Ghost 15.0"="c:\program files (x86)\Norton Ghost\Agent\VProTray.exe" [2010-03-04 2598760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 43848]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"BrowserPlugInHelper"="c:\program files (x86)\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe" [2013-09-13 1960448]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2013-10-10 1056264]
"AdobeCEPServiceManager"="c:\program files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-05-16 1039240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\dad4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2013-12-20 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe;c:\windows\SYSNATIVE\dllhost.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 BarTender System Service;BarTender System Service;c:\program files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe;c:\program files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe [x]
S2 Commander Service;Commander Service;c:\program files (x86)\Seagull\BarTender Suite\CmdrSrv.exe;c:\program files (x86)\Seagull\BarTender Suite\CmdrSrv.exe [x]
S2 Maestro;Printer Maestro;c:\program files (x86)\Seagull\BarTender Suite\Maestro.Service.exe;c:\program files (x86)\Seagull\BarTender Suite\Maestro.Service.exe [x]
S2 MSSQL$BARTENDER;SQL Server (BARTENDER);c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [x]
S2 NoIPDUCService4;NO-IP DUC v4;c:\program files (x86)\No-IP\ducservice.exe;c:\program files (x86)\No-IP\ducservice.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe [x]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys;c:\windows\SYSNATIVE\DRIVERS\GenericMount.sys [x]
S3 hcw89;hcw89 service;c:\windows\system32\DRIVERS\hcw89.sys;c:\windows\SYSNATIVE\DRIVERS\hcw89.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 74925322
*Deregistered* - 74925322
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 14:06 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 00:15]
.
2014-04-08 c:\windows\Tasks\FreeFixer background scan.job
- c:\program files\FreeFixer\freefixer.exe [2014-03-17 13:22]
.
2014-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 19:35]
.
2014-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 19:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-10-10 21:12 1294344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-10-10 21:12 1294344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-10-10 21:12 1294344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
FF - ProfilePath - c:\users\dad4\AppData\Roaming\Mozilla\Firefox\Profiles\k6pv1e97.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
FF - ExtSQL: !HIDDEN! 2010-01-17 07:54; bzgyksvqin@bzgyksvqin.org; c:\users\dad4\Application Data\Mozilla\Firefox\Profiles\k6pv1e97.default\extensions\bzgyksvqin@bzgyksvqin.org.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - (no file)
Toolbar-Locked - (no file)
AddRemove-DnsBasic - c:\program files (x86)\DnsBasic\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\07\03\14\141%U"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
@SACL=
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-09 17:37:24
ComboFix-quarantined-files.txt 2014-04-09 22:37
.
Pre-Run: 169,733,591,040 bytes free
Post-Run: 169,767,301,120 bytes free
.
- - End Of File - - 37C97DCE8977876449B66E38E6BB500C
671B81004FDD1588FA9ED1331C9CECA9
 
Combofix log looks good.
The above file has been haunting Norton's users for years and there is nothing wrong with that file.
All I can give you is Google search: https://www.google.com/search?num=5...nss=100...0...1.1.40.serp..3.1.37.esd5z8akhu4

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
# AdwCleaner v3.023 - Report created 10/04/2014 at 19:11:38
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : dad4 - DAD4-PC
# Running from : C:\Users\dad4\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\AI_RecycleBin
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
[x] Not Deleted : C:\Program Files (x86)\DnsBasic
[x] Not Deleted : C:\Program Files (x86)\Vuze
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\dad4\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\dad4\AppData\Local\DefineExt
Folder Deleted : C:\Users\dad4\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\dad4\AppData\Local\unitlayers
Folder Deleted : C:\Users\dad4\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\dad4\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\dad4\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\dad4\AppData\Roaming\strongvault
Folder Deleted : C:\Users\dad4\AppData\Roaming\Mozilla\Firefox\Profiles\k6pv1e97.default\CT3289847
Folder Deleted : C:\Users\dad4\AppData\Roaming\Mozilla\Firefox\Profiles\k6pv1e97.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}
Folder Deleted : C:\Users\dad4\AppData\Roaming\Mozilla\Firefox\Profiles\k6pv1e97.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
File Deleted : C:\Users\dad4\AppData\Roaming\Mozilla\Firefox\Profiles\k6pv1e97.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DnsBasic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DnsBasic
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : HKLM\Software\Classes\Installer\Features\49AE5C7BA69B5F14EB59527DB8846687
Key Deleted : HKLM\Software\Classes\Installer\Products\49AE5C7BA69B5F14EB59527DB8846687

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v13.0 (en-US)

[ File : C:\Users\dad4\AppData\Roaming\Mozilla\Firefox\Profiles\k6pv1e97.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [3848 octets] - [10/04/2014 18:51:17]
AdwCleaner[S0].txt - [3753 octets] - [10/04/2014 19:11:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3813 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by dad4 on Thu 04/10/2014 at 19:34:11.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\prompt_installer-conduit_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\prompt_installer-conduit_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0481B5F7-283D-4AA7-9634-7D07F926A6E5}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\Users\dad4\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\dad4\AppData\Roaming\sparktrust"
Successfully deleted: [Folder] "C:\Users\dad4\AppData\Roaming\speedypc software"



~~~ FireFox

Successfully deleted: [File] C:\Users\dad4\AppData\Roaming\mozilla\firefox\profiles\k6pv1e97.default\extensions\bzgyksvqin@bzgyksvqin.org.xpi [Tracur]
Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net"
Successfully deleted: [Folder] C:\Users\dad4\AppData\Roaming\mozilla\firefox\profiles\k6pv1e97.default\extensions\cxfnl@nxazbwxrbgsgfqqp.net



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/10/2014 at 19:38:23.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL logfile created on: 4/10/2014 7:49:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dad4\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.81 Gb Available Physical Memory | 63.52% Memory free
11.98 Gb Paging File | 9.00 Gb Available in Paging File | 75.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 157.97 Gb Free Space | 33.92% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 104.96 Gb Free Space | 11.27% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 724.52 Gb Free Space | 77.78% Space Free | Partition Type: NTFS
Drive F: | 501.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 931.51 Gb Total Space | 387.39 Gb Free Space | 41.59% Space Free | Partition Type: NTFS

Computer Name: DAD4-PC | User Name: dad4 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/10 19:48:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dad4\Desktop\OTL.exe
PRC - [2014/03/30 08:03:01 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2014/03/14 19:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/10 16:25:58 | 001,056,264 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2013/08/07 05:47:26 | 000,609,056 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2013/06/28 15:29:50 | 000,789,856 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2013/06/28 15:29:48 | 003,225,440 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2013/06/28 15:29:44 | 006,951,776 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
PRC - [2013/01/24 13:12:32 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\No-IP\ducservice.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/09/26 21:08:25 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe
PRC - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/06/30 17:18:34 | 002,251,200 | ---- | M] (Seagull Scientific) -- C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe
PRC - [2011/06/29 19:30:56 | 000,034,200 | ---- | M] (Seagull Scientific, Inc.) -- C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe
PRC - [2011/03/17 03:15:46 | 000,382,272 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2010/07/01 17:17:24 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/07/01 17:16:46 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2010/05/06 17:21:54 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/03/03 19:39:40 | 002,598,760 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
PRC - [2010/03/03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
PRC - [2010/02/17 10:53:18 | 000,558,456 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/14 19:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014/03/14 19:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014/03/14 19:50:35 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
MOD - [2014/03/14 19:50:34 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
MOD - [2014/03/14 19:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014/03/14 19:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2014/02/13 04:41:31 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\fe1942c05eda4f9744f80afb4ae76a2d\System.Data.ni.dll
MOD - [2014/02/13 04:41:04 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/13 04:41:00 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/13 04:40:37 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 04:40:33 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/06 01:52:52 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/06 01:52:32 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/04/17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012/04/17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012/04/17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012/04/17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2012/04/17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012/04/17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012/04/17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012/04/17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2010/11/20 22:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/10 18:37:48 | 000,058,208 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\UmOutlookStrings.dll
MOD - [2010/01/10 01:05:06 | 001,040,736 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/02/28 23:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/10 17:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/10/10 16:12:18 | 007,627,784 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/03/11 19:15:12 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (VaultSvc)
SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)
SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (EFS)
SRV - [2013/08/07 05:47:26 | 000,609,056 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2013/06/28 15:29:50 | 000,789,856 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/24 13:12:32 | 000,011,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\No-IP\ducservice.exe -- (NoIPDUCService4)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/06/01 10:39:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/09/26 21:08:25 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/06/30 17:18:34 | 002,251,200 | ---- | M] (Seagull Scientific) [Auto | Running] -- C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe -- (Commander Service)
SRV - [2011/06/29 19:30:56 | 000,034,200 | ---- | M] (Seagull Scientific, Inc.) [Auto | Running] -- C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe -- (BarTender System Service)
SRV - [2011/06/29 19:15:24 | 000,229,784 | ---- | M] (Seagull Scientific, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe -- (Maestro)
SRV - [2010/08/05 19:11:38 | 003,234,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/07/01 17:17:24 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/07/01 16:25:32 | 000,425,800 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/03/03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/02/17 10:53:18 | 000,558,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2010/02/12 07:09:18 | 002,227,216 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe -- (GenericMount Helper Service)
SRV - [2010/02/11 02:34:18 | 002,963,960 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014/04/08 18:03:01 | 000,091,352 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2014/04/03 14:00:58 | 000,038,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PerformanceTest\DirectIo64.sys -- (DIRECTIO)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/15 08:06:37 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/11/26 18:05:24 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/11/02 16:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/10/04 16:21:04 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/21 15:15:24 | 000,272,448 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/07/21 14:44:42 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/07/20 10:07:42 | 000,173,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/08/05 19:11:32 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/03/03 19:59:22 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2010/02/12 07:10:12 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2010/02/11 02:34:46 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap)
DRV:64bit: - [2009/12/28 12:42:26 | 000,064,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2009/10/26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/21 20:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/07/16 18:02:58 | 001,542,016 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw89.sys -- (hcw89)
DRV:64bit: - [2008/01/19 19:45:40 | 000,045,104 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\v2imount.sys -- (v2imount)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2013/11/24 04:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/11/24 04:00:00 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/09/16 03:00:00 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20140408.019\ex64.sys -- (NAVEX15)
DRV - [2013/09/16 03:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20140408.019\eng64.sys -- (NAVENG)
DRV - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [2013/09/14 09:31:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/07 09:37:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/20 11:19:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [2013/09/14 09:31:12 | 000,000,000 | ---D | M]

[2012/09/14 07:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dad4\AppData\Roaming\Mozilla\Extensions
[2014/04/10 19:37:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dad4\AppData\Roaming\Mozilla\Firefox\Profiles\k6pv1e97.default\extensions
[2014/04/10 19:37:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/14 07:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/09/14 07:06:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/01 10:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/01 10:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/01 10:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
FILE OTL.txt was too large here is 2nd half.....






Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [2013/09/14 09:31:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/07 09:37:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/20 11:19:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [2013/09/14 09:31:12 | 000,000,000 | ---D | M]

[2012/09/14 07:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dad4\AppData\Roaming\Mozilla\Extensions
[2014/04/10 19:37:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dad4\AppData\Roaming\Mozilla\Firefox\Profiles\k6pv1e97.default\extensions
[2014/04/10 19:37:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/14 07:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/09/14 07:06:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/01 10:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/01 10:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/01 10:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=826aece1000000000000001e3defc2b9
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - Extension: Google Docs = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.140_0\
CHR - Extension: Gmail = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/04/09 17:34:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Aimersoft Video Converter Ultimate) - {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll (Aimersoft Software Co., Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCEPServiceManager] C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-663409573-2375225237-670408003-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-663409573-2375225237-670408003-1000..\Run: [GoogleChromeAutoLaunch_37636091923EB0AF9654CD0625A352B8] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-663409573-2375225237-670408003-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-663409573-2375225237-670408003-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - Startup: C:\Users\dad4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-663409573-2375225237-670408003-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-663409573-2375225237-670408003-1000\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1223660A-A804-48B7-8C3E-90BD0F74C30F}: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/04/05 06:38:25 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/11/07 12:26:27 | 000,000,027 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/10 19:48:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\dad4\Desktop\OTL.exe
[2014/04/10 19:34:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/10 19:32:05 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\dad4\Desktop\JRT.exe
[2014/04/10 18:50:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/10 08:23:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/04/10 08:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/04/09 17:37:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/04/09 17:37:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/04/09 17:21:00 | 005,196,025 | R--- | C] (Swearware) -- C:\Users\dad4\Desktop\ComboFix.exe
[2014/04/09 07:27:07 | 004,139,872 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\dad4\Desktop\tdsskiller.exe
[2014/04/08 19:52:40 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/08 18:03:01 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/08 18:02:59 | 000,000,000 | ---D | C] -- C:\Users\dad4\Desktop\mbar
[2014/04/08 18:01:47 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Users\dad4\Desktop\mbar-1.07.0.1009.exe
[2014/04/08 07:51:00 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Roaming\FreeFixer
[2014/04/08 07:51:00 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Local\FreeFixer
[2014/04/08 07:50:44 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
[2014/04/08 07:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer
[2014/04/07 16:46:54 | 000,000,000 | ---D | C] -- C:\Users\dad4\Desktop\v scan
[2014/04/06 09:47:38 | 000,000,000 | ---D | C] -- C:\Users\dad4\Documents\PassMark
[2014/04/06 09:47:30 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Local\PassMark
[2014/04/06 09:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest
[2014/04/06 09:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Passmark
[2014/04/06 09:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\PerformanceTest
[2014/03/30 08:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artistitch
[2014/03/30 08:42:07 | 000,000,000 | ---D | C] -- C:\Users\dad4\Documents\Art and Stitch My Designs
[2014/03/30 08:41:44 | 000,000,000 | ---D | C] -- C:\Users\dad4\Documents\Art and Stitch Library
[2014/03/30 08:41:44 | 000,000,000 | ---D | C] -- C:\Users\dad4\Documents\Art and Stitch Backdrops
[2014/03/26 15:39:04 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Statler Stitcher
[2014/03/26 15:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galil
[2014/03/18 08:41:30 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Roaming\Oracle
[2014/03/18 08:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/03/18 08:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/03/18 08:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/15 14:41:35 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Local\CrashDumps
[2014/03/13 18:04:14 | 000,000,000 | ---D | C] -- C:\Users\dad4\Desktop\RK_Quarantine
[2014/03/13 09:49:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/03/13 09:49:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/03/13 09:49:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/03/13 09:13:41 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\dad4\Desktop\TFC.exe
[2014/03/13 09:09:13 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Roaming\SUPERAntiSpyware.com
[2014/03/13 09:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/03/13 09:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/03/13 09:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/03/13 09:07:51 | 018,288,344 | ---- | C] (SUPERAntiSpyware) -- C:\Users\dad4\Desktop\SUPERAntiSpyware.exe
[2014/03/13 07:10:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/12 08:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Fix 2013
[2014/03/12 08:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Fix 2013
[2013/06/23 10:32:18 | 005,401,808 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe

========== Files - Modified Within 30 Days ==========

[2014/04/10 19:48:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dad4\Desktop\OTL.exe
[2014/04/10 19:35:46 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/10 19:35:46 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/10 19:32:08 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\dad4\Desktop\JRT.exe
[2014/04/10 19:28:42 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/10 19:23:33 | 000,000,484 | ---- | M] () -- C:\Windows\Brownie.ini
[2014/04/10 19:21:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/10 19:20:59 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/10 19:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/10 19:08:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/10 08:23:53 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/04/10 03:18:36 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\FreeFixer background scan.job
[2014/04/09 17:34:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/04/09 17:21:13 | 005,196,025 | R--- | M] (Swearware) -- C:\Users\dad4\Desktop\ComboFix.exe
[2014/04/09 07:27:08 | 004,139,872 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\dad4\Desktop\tdsskiller.exe
[2014/04/08 19:52:40 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/08 18:03:01 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/08 18:02:04 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Users\dad4\Desktop\mbar-1.07.0.1009.exe
[2014/04/07 11:04:18 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2014/04/07 09:36:33 | 000,000,467 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2014/04/07 09:33:50 | 002,592,135 | ---- | M] () -- C:\Users\dad4\Desktop\USPS.pdf
[2014/04/06 09:47:26 | 000,000,938 | ---- | M] () -- C:\Users\dad4\Desktop\PerformanceTest.lnk
[2014/04/05 07:33:12 | 425,611,533 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/03/30 08:42:13 | 000,002,052 | ---- | M] () -- C:\Users\Public\Desktop\Art and Stitch.lnk
[2014/03/29 09:05:52 | 149,025,792 | ---- | M] () -- C:\Users\dad4\Desktop\patterns.db.20140329
[2014/03/27 11:34:30 | 000,000,110 | ---- | M] () -- C:\Users\dad4\Desktop\piano key.qli
[2014/03/26 15:39:04 | 000,003,015 | ---- | M] () -- C:\Users\dad4\Desktop\CreativeStudio.lnk
[2014/03/26 15:39:04 | 000,001,863 | ---- | M] () -- C:\Users\dad4\Desktop\CS LOG.lnk
[2014/03/26 15:38:48 | 000,002,113 | ---- | M] () -- C:\Users\Public\Desktop\GalilTools.lnk
[2014/03/21 11:33:43 | 000,925,912 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/21 11:33:43 | 000,762,640 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/21 11:33:43 | 000,161,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/17 06:28:48 | 149,025,792 | ---- | M] () -- C:\Users\dad4\Desktop\patterns.db.20140317
[2014/03/13 11:11:26 | 007,140,650 | ---- | M] () -- C:\Users\dad4\AppData\Local\census.cache
[2014/03/13 11:11:21 | 000,065,983 | ---- | M] () -- C:\Users\dad4\AppData\Local\ars.cache
[2014/03/13 10:23:48 | 000,037,466 | ---- | M] () -- C:\Users\dad4\Documents\cc_20140313_102336.reg
[2014/03/13 10:22:52 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/03/13 10:14:27 | 000,724,952 | ---- | M] () -- C:\Users\dad4\Desktop\avenger.zip
[2014/03/13 09:13:35 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\dad4\Desktop\TFC.exe
[2014/03/13 09:08:44 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2014/03/13 09:08:04 | 018,288,344 | ---- | M] (SUPERAntiSpyware) -- C:\Users\dad4\Desktop\SUPERAntiSpyware.exe
[2014/03/13 07:09:19 | 000,001,449 | ---- | M] () -- C:\Users\dad4\Desktop\ComboFix - Shortcut.lnk
[2014/03/13 06:55:43 | 003,819,008 | ---- | M] () -- C:\Users\dad4\Desktop\RogueKiller (1).exe
[2014/03/13 03:25:20 | 005,214,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/12 08:06:36 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Advanced Fix 2013.lnk

========== Files Created - No Company Name ==========

[2014/04/10 08:23:53 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/04/10 08:23:19 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/04/08 07:51:01 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\FreeFixer background scan.job
[2014/04/07 09:33:49 | 002,592,135 | ---- | C] () -- C:\Users\dad4\Desktop\USPS.pdf
[2014/04/06 09:47:26 | 000,000,938 | ---- | C] () -- C:\Users\dad4\Desktop\PerformanceTest.lnk
[2014/04/05 07:33:12 | 425,611,533 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/03/30 08:42:13 | 000,002,052 | ---- | C] () -- C:\Users\Public\Desktop\Art and Stitch.lnk
[2014/03/29 09:05:48 | 149,025,792 | ---- | C] () -- C:\Users\dad4\Desktop\patterns.db.20140329
[2014/03/29 08:48:42 | 000,497,096 | ---- | C] () -- C:\Users\dad4\Desktop\setup.exe
[2014/03/27 11:17:14 | 000,000,110 | ---- | C] () -- C:\Users\dad4\Desktop\piano key.qli
[2014/03/26 15:39:04 | 000,003,015 | ---- | C] () -- C:\Users\dad4\Desktop\CreativeStudio.lnk
[2014/03/26 15:39:04 | 000,001,863 | ---- | C] () -- C:\Users\dad4\Desktop\CS LOG.lnk
[2014/03/26 15:38:48 | 000,002,113 | ---- | C] () -- C:\Users\Public\Desktop\GalilTools.lnk
[2014/03/17 06:28:45 | 149,025,792 | ---- | C] () -- C:\Users\dad4\Desktop\patterns.db.20140317
[2014/03/13 10:23:42 | 000,037,466 | ---- | C] () -- C:\Users\dad4\Documents\cc_20140313_102336.reg
[2014/03/13 10:14:31 | 000,724,952 | ---- | C] () -- C:\Users\dad4\Desktop\avenger.zip
[2014/03/13 09:49:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/03/13 09:49:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/03/13 09:49:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/03/13 09:49:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/03/13 09:49:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/03/13 09:08:44 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2014/03/13 07:09:19 | 000,001,449 | ---- | C] () -- C:\Users\dad4\Desktop\ComboFix - Shortcut.lnk
[2014/03/13 06:55:39 | 003,819,008 | ---- | C] () -- C:\Users\dad4\Desktop\RogueKiller (1).exe
[2014/03/12 08:06:36 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\Advanced Fix 2013.lnk
[2014/03/01 10:19:45 | 000,001,808 | ---- | C] () -- C:\Windows\wininit.ini
[2014/02/27 17:54:17 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2170W.DAT
[2014/02/27 17:54:06 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2014/02/27 14:45:11 | 000,000,010 | ---- | C] () -- C:\Users\dad4\AppData\Local\sponge.last.runtime.cache
[2013/12/21 10:03:46 | 000,000,132 | ---- | C] () -- C:\Users\dad4\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
[2013/12/12 22:15:00 | 000,000,039 | ---- | C] () -- C:\Windows\Embmake.INI
[2013/11/29 13:53:49 | 000,000,132 | ---- | C] () -- C:\Users\dad4\AppData\Roaming\Adobe BMP Format CS6 Prefs
[2013/10/02 16:50:13 | 000,004,096 | -H-- | C] () -- C:\Users\dad4\AppData\Local\keyfile3.drm
[2013/09/14 09:31:11 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\AiCM64.dll
[2013/09/14 09:31:11 | 000,214,528 | ---- | C] () -- C:\Windows\SysWow64\AiCM32.dll
[2013/09/02 16:59:01 | 000,508,928 | ---- | C] () -- C:\Windows\SysWow64\hidapi-jni.dll
[2013/08/15 13:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winlogon.exe
[2013/08/15 13:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\smss.exe
[2013/08/15 13:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\services.exe
[2013/08/15 13:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe
[2013/08/15 13:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe
[2013/06/23 10:48:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SBRC.dat
[2013/05/21 10:05:02 | 000,000,132 | ---- | C] () -- C:\Users\dad4\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/05/21 08:36:24 | 000,000,132 | ---- | C] () -- C:\Users\dad4\AppData\Roaming\Adobe GIF Format CS6 Prefs
[2013/04/20 16:05:39 | 000,234,544 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2013/04/20 16:05:39 | 000,022,064 | ---- | C] () -- C:\Windows\DCEBoot64.exe
[2013/01/23 07:12:06 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2013/01/17 10:39:27 | 000,247,612 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/01/09 16:34:12 | 000,000,163 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2013/01/09 16:34:12 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2013/01/09 16:33:16 | 000,000,484 | ---- | C] () -- C:\Windows\Brownie.ini
[2012/04/15 09:36:15 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012/03/01 14:10:10 | 000,022,979 | ---- | C] () -- C:\Users\dad4\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/07/20 15:53:13 | 000,008,518 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/07/20 12:53:30 | 007,140,650 | ---- | C] () -- C:\Users\dad4\AppData\Local\census.cache
[2011/07/20 12:53:27 | 000,065,983 | ---- | C] () -- C:\Users\dad4\AppData\Local\ars.cache
[2011/07/20 12:49:04 | 000,000,036 | ---- | C] () -- C:\Users\dad4\AppData\Local\housecall.guid.cache

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/08/03 12:24:05 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\AbeBooks
[2013/05/21 08:47:47 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Autodesk
[2014/03/14 09:25:20 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Azureus
[2013/08/24 08:38:36 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\DAEMON Tools Pro
[2012/04/15 09:41:07 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\DassaultSystemes
[2013/09/02 16:59:37 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\EcoTech Marine
[2012/04/15 09:41:07 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\EDrawings
[2014/04/08 13:12:43 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\FreeFixer
[2012/08/14 08:32:00 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\HTC
[2012/08/14 08:30:17 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2013/09/14 09:18:50 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\iDealshare VideoGo
[2012/05/25 06:36:21 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\ieSpell
[2011/09/26 19:39:13 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Netscape
[2012/01/17 08:38:20 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\No Company Name
[2014/03/18 08:41:30 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Oracle
[2013/02/06 08:00:02 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Outlook
[2012/09/23 09:45:23 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\PC-FAX TX
[2013/12/22 10:09:35 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\PDAppFlex
[2011/09/26 21:06:46 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Photodex
[2014/03/18 11:58:52 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\QuickScan
[2011/08/20 08:51:10 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Seagull
[2013/06/11 18:51:13 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/03/08 18:11:49 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\TeamViewer
[2011/07/20 21:01:47 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Teleca
[2013/09/14 09:31:35 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:373E1720

< End of report >

 
OTL logfile created on: 4/10/2014 8:01:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dad4\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.47 Gb Available Physical Memory | 58.00% Memory free
11.98 Gb Paging File | 8.74 Gb Available in Paging File | 72.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 157.97 Gb Free Space | 33.92% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 104.96 Gb Free Space | 11.27% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 724.52 Gb Free Space | 77.78% Space Free | Partition Type: NTFS
Drive F: | 501.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 931.51 Gb Total Space | 387.39 Gb Free Space | 41.59% Space Free | Partition Type: NTFS

Computer Name: DAD4-PC | User Name: dad4 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/10 19:48:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dad4\Desktop\OTL.exe
PRC - [2014/03/30 08:03:01 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2014/03/14 19:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/10 16:25:58 | 001,056,264 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2013/08/07 05:47:26 | 000,609,056 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2013/06/28 15:29:50 | 000,789,856 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2013/06/28 15:29:48 | 003,225,440 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2013/06/28 15:29:44 | 006,951,776 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
PRC - [2013/01/24 13:12:32 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\No-IP\ducservice.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/09/26 21:08:25 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe
PRC - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/06/30 17:18:34 | 002,251,200 | ---- | M] (Seagull Scientific) -- C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe
PRC - [2011/06/29 19:30:56 | 000,034,200 | ---- | M] (Seagull Scientific, Inc.) -- C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe
PRC - [2011/03/17 03:15:46 | 000,382,272 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2010/07/01 17:17:24 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/07/01 17:16:46 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2010/05/06 17:21:54 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/03/03 19:39:40 | 002,598,760 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
PRC - [2010/03/03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
PRC - [2010/02/17 10:53:18 | 000,558,456 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/14 19:50:40 | 013,637,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
MOD - [2014/03/14 19:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014/03/14 19:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014/03/14 19:50:35 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
MOD - [2014/03/14 19:50:34 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
MOD - [2014/03/14 19:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014/03/14 19:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2014/02/13 04:41:31 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\fe1942c05eda4f9744f80afb4ae76a2d\System.Data.ni.dll
MOD - [2014/02/13 04:41:04 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/13 04:41:00 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/13 04:40:37 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 04:40:33 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/06 01:52:52 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/06 01:52:32 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/04/17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012/04/17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012/04/17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012/04/17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2012/04/17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012/04/17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012/04/17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012/04/17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2010/11/20 22:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/10 18:37:48 | 000,058,208 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\UmOutlookStrings.dll
MOD - [2010/01/10 01:05:06 | 001,040,736 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/02/28 23:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/10 17:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/10/10 16:12:18 | 007,627,784 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/03/11 19:15:12 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (VaultSvc)
SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)
SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (EFS)
SRV - [2013/08/07 05:47:26 | 000,609,056 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2013/06/28 15:29:50 | 000,789,856 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/24 13:12:32 | 000,011,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\No-IP\ducservice.exe -- (NoIPDUCService4)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/06/01 10:39:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/09/26 21:08:25 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/06/30 17:18:34 | 002,251,200 | ---- | M] (Seagull Scientific) [Auto | Running] -- C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe -- (Commander Service)
SRV - [2011/06/29 19:30:56 | 000,034,200 | ---- | M] (Seagull Scientific, Inc.) [Auto | Running] -- C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe -- (BarTender System Service)
SRV - [2011/06/29 19:15:24 | 000,229,784 | ---- | M] (Seagull Scientific, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe -- (Maestro)
SRV - [2010/08/05 19:11:38 | 003,234,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/07/01 17:17:24 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/07/01 16:25:32 | 000,425,800 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/03/03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/02/17 10:53:18 | 000,558,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2010/02/12 07:09:18 | 002,227,216 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe -- (GenericMount Helper Service)
SRV - [2010/02/11 02:34:18 | 002,963,960 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014/04/08 18:03:01 | 000,091,352 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2014/04/03 14:00:58 | 000,038,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PerformanceTest\DirectIo64.sys -- (DIRECTIO)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/15 08:06:37 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/11/26 18:05:24 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/11/02 16:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/10/04 16:21:04 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/21 15:15:24 | 000,272,448 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/07/21 14:44:42 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/07/20 10:07:42 | 000,173,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/08/05 19:11:32 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/03/03 19:59:22 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2010/02/12 07:10:12 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2010/02/11 02:34:46 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap)
DRV:64bit: - [2009/12/28 12:42:26 | 000,064,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2009/10/26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/21 20:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/07/16 18:02:58 | 001,542,016 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw89.sys -- (hcw89)
DRV:64bit: - [2008/01/19 19:45:40 | 000,045,104 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\v2imount.sys -- (v2imount)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2013/11/24 04:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/11/24 04:00:00 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/09/16 03:00:00 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20140408.019\ex64.sys -- (NAVEX15)
DRV - [2013/09/16 03:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20140408.019\eng64.sys -- (NAVENG)
DRV - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [2013/09/14 09:31:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/07 09:37:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/20 11:19:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [2013/09/14 09:31:12 | 000,000,000 | ---D | M]

[2012/09/14 07:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dad4\AppData\Roaming\Mozilla\Extensions
[2014/04/10 19:37:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dad4\AppData\Roaming\Mozilla\Firefox\Profiles\k6pv1e97.default\extensions
[2014/04/10 19:37:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/14 07:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/09/14 07:06:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/01 10:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/01 10:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/01 10:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=826aece1000000000000001e3defc2b9
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - Extension: Google Docs = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.140_0\
CHR - Extension: Gmail = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
2nd half of otl.txt


O1 HOSTS File: ([2014/04/09 17:34:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Aimersoft Video Converter Ultimate) - {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll (Aimersoft Software Co., Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCEPServiceManager] C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-663409573-2375225237-670408003-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-663409573-2375225237-670408003-1000..\Run: [GoogleChromeAutoLaunch_37636091923EB0AF9654CD0625A352B8] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-663409573-2375225237-670408003-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-663409573-2375225237-670408003-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - Startup: C:\Users\dad4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-663409573-2375225237-670408003-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-663409573-2375225237-670408003-1000\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1223660A-A804-48B7-8C3E-90BD0F74C30F}: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/04/05 06:38:25 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/11/07 12:26:27 | 000,000,027 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/10 19:48:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\dad4\Desktop\OTL.exe
[2014/04/10 19:34:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/10 19:32:05 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\dad4\Desktop\JRT.exe
[2014/04/10 18:50:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/10 08:23:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/04/10 08:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/04/09 17:37:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/04/09 17:37:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/04/09 17:21:00 | 005,196,025 | R--- | C] (Swearware) -- C:\Users\dad4\Desktop\ComboFix.exe
[2014/04/09 07:27:07 | 004,139,872 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\dad4\Desktop\tdsskiller.exe
[2014/04/08 19:52:40 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/08 18:03:01 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/08 18:02:59 | 000,000,000 | ---D | C] -- C:\Users\dad4\Desktop\mbar
[2014/04/08 18:01:47 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Users\dad4\Desktop\mbar-1.07.0.1009.exe
[2014/04/08 07:51:00 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Roaming\FreeFixer
[2014/04/08 07:51:00 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Local\FreeFixer
[2014/04/08 07:50:44 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
[2014/04/08 07:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer
[2014/04/07 16:46:54 | 000,000,000 | ---D | C] -- C:\Users\dad4\Desktop\v scan
[2014/04/06 09:47:38 | 000,000,000 | ---D | C] -- C:\Users\dad4\Documents\PassMark
[2014/04/06 09:47:30 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Local\PassMark
[2014/04/06 09:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest
[2014/04/06 09:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Passmark
[2014/04/06 09:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\PerformanceTest
[2014/03/30 08:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artistitch
[2014/03/30 08:42:07 | 000,000,000 | ---D | C] -- C:\Users\dad4\Documents\Art and Stitch My Designs
[2014/03/30 08:41:44 | 000,000,000 | ---D | C] -- C:\Users\dad4\Documents\Art and Stitch Library
[2014/03/30 08:41:44 | 000,000,000 | ---D | C] -- C:\Users\dad4\Documents\Art and Stitch Backdrops
[2014/03/26 15:39:04 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Statler Stitcher
[2014/03/26 15:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galil
[2014/03/18 08:41:30 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Roaming\Oracle
[2014/03/18 08:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/03/18 08:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/03/18 08:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/15 14:41:35 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Local\CrashDumps
[2014/03/13 18:04:14 | 000,000,000 | ---D | C] -- C:\Users\dad4\Desktop\RK_Quarantine
[2014/03/13 09:49:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/03/13 09:49:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/03/13 09:49:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/03/13 09:13:41 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\dad4\Desktop\TFC.exe
[2014/03/13 09:09:13 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Roaming\SUPERAntiSpyware.com
[2014/03/13 09:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/03/13 09:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/03/13 09:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/03/13 09:07:51 | 018,288,344 | ---- | C] (SUPERAntiSpyware) -- C:\Users\dad4\Desktop\SUPERAntiSpyware.exe
[2014/03/13 07:10:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/12 08:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Fix 2013
[2014/03/12 08:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Fix 2013
[2013/06/23 10:32:18 | 005,401,808 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe

========== Files - Modified Within 30 Days ==========

[2014/04/10 19:48:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dad4\Desktop\OTL.exe
[2014/04/10 19:35:46 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/10 19:35:46 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/10 19:32:08 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\dad4\Desktop\JRT.exe
[2014/04/10 19:28:42 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/10 19:23:33 | 000,000,484 | ---- | M] () -- C:\Windows\Brownie.ini
[2014/04/10 19:21:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/10 19:20:59 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/10 19:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/10 19:08:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/10 08:23:53 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/04/10 03:18:36 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\FreeFixer background scan.job
[2014/04/09 17:34:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/04/09 17:21:13 | 005,196,025 | R--- | M] (Swearware) -- C:\Users\dad4\Desktop\ComboFix.exe
[2014/04/09 07:27:08 | 004,139,872 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\dad4\Desktop\tdsskiller.exe
[2014/04/08 19:52:40 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/08 18:03:01 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/08 18:02:04 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Users\dad4\Desktop\mbar-1.07.0.1009.exe
[2014/04/07 11:04:18 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2014/04/07 09:36:33 | 000,000,467 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2014/04/07 09:33:50 | 002,592,135 | ---- | M] () -- C:\Users\dad4\Desktop\USPS.pdf
[2014/04/06 09:47:26 | 000,000,938 | ---- | M] () -- C:\Users\dad4\Desktop\PerformanceTest.lnk
[2014/04/05 07:33:12 | 425,611,533 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/03/30 08:42:13 | 000,002,052 | ---- | M] () -- C:\Users\Public\Desktop\Art and Stitch.lnk
[2014/03/29 09:05:52 | 149,025,792 | ---- | M] () -- C:\Users\dad4\Desktop\patterns.db.20140329
[2014/03/27 11:34:30 | 000,000,110 | ---- | M] () -- C:\Users\dad4\Desktop\piano key.qli
[2014/03/26 15:39:04 | 000,003,015 | ---- | M] () -- C:\Users\dad4\Desktop\CreativeStudio.lnk
[2014/03/26 15:39:04 | 000,001,863 | ---- | M] () -- C:\Users\dad4\Desktop\CS LOG.lnk
[2014/03/26 15:38:48 | 000,002,113 | ---- | M] () -- C:\Users\Public\Desktop\GalilTools.lnk
[2014/03/21 11:33:43 | 000,925,912 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/21 11:33:43 | 000,762,640 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/21 11:33:43 | 000,161,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/17 06:28:48 | 149,025,792 | ---- | M] () -- C:\Users\dad4\Desktop\patterns.db.20140317
[2014/03/13 11:11:26 | 007,140,650 | ---- | M] () -- C:\Users\dad4\AppData\Local\census.cache
[2014/03/13 11:11:21 | 000,065,983 | ---- | M] () -- C:\Users\dad4\AppData\Local\ars.cache
[2014/03/13 10:23:48 | 000,037,466 | ---- | M] () -- C:\Users\dad4\Documents\cc_20140313_102336.reg
[2014/03/13 10:22:52 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/03/13 10:14:27 | 000,724,952 | ---- | M] () -- C:\Users\dad4\Desktop\avenger.zip
[2014/03/13 09:13:35 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\dad4\Desktop\TFC.exe
[2014/03/13 09:08:44 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2014/03/13 09:08:04 | 018,288,344 | ---- | M] (SUPERAntiSpyware) -- C:\Users\dad4\Desktop\SUPERAntiSpyware.exe
[2014/03/13 07:09:19 | 000,001,449 | ---- | M] () -- C:\Users\dad4\Desktop\ComboFix - Shortcut.lnk
[2014/03/13 06:55:43 | 003,819,008 | ---- | M] () -- C:\Users\dad4\Desktop\RogueKiller (1).exe
[2014/03/13 03:25:20 | 005,214,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/12 08:06:36 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Advanced Fix 2013.lnk

========== Files Created - No Company Name ==========

[2014/04/10 08:23:53 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/04/10 08:23:19 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/04/08 07:51:01 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\FreeFixer background scan.job
[2014/04/07 09:33:49 | 002,592,135 | ---- | C] () -- C:\Users\dad4\Desktop\USPS.pdf
[2014/04/06 09:47:26 | 000,000,938 | ---- | C] () -- C:\Users\dad4\Desktop\PerformanceTest.lnk
[2014/04/05 07:33:12 | 425,611,533 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/03/30 08:42:13 | 000,002,052 | ---- | C] () -- C:\Users\Public\Desktop\Art and Stitch.lnk
[2014/03/29 09:05:48 | 149,025,792 | ---- | C] () -- C:\Users\dad4\Desktop\patterns.db.20140329
[2014/03/29 08:48:42 | 000,497,096 | ---- | C] () -- C:\Users\dad4\Desktop\setup.exe
[2014/03/27 11:17:14 | 000,000,110 | ---- | C] () -- C:\Users\dad4\Desktop\piano key.qli
[2014/03/26 15:39:04 | 000,003,015 | ---- | C] () -- C:\Users\dad4\Desktop\CreativeStudio.lnk
[2014/03/26 15:39:04 | 000,001,863 | ---- | C] () -- C:\Users\dad4\Desktop\CS LOG.lnk
[2014/03/26 15:38:48 | 000,002,113 | ---- | C] () -- C:\Users\Public\Desktop\GalilTools.lnk
[2014/03/17 06:28:45 | 149,025,792 | ---- | C] () -- C:\Users\dad4\Desktop\patterns.db.20140317
[2014/03/13 10:23:42 | 000,037,466 | ---- | C] () -- C:\Users\dad4\Documents\cc_20140313_102336.reg
[2014/03/13 10:14:31 | 000,724,952 | ---- | C] () -- C:\Users\dad4\Desktop\avenger.zip
[2014/03/13 09:49:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/03/13 09:49:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/03/13 09:49:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/03/13 09:49:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/03/13 09:49:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/03/13 09:08:44 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2014/03/13 07:09:19 | 000,001,449 | ---- | C] () -- C:\Users\dad4\Desktop\ComboFix - Shortcut.lnk
[2014/03/13 06:55:39 | 003,819,008 | ---- | C] () -- C:\Users\dad4\Desktop\RogueKiller (1).exe
[2014/03/12 08:06:36 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\Advanced Fix 2013.lnk
[2014/03/01 10:19:45 | 000,001,808 | ---- | C] () -- C:\Windows\wininit.ini
[2014/02/27 17:54:17 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2170W.DAT
[2014/02/27 17:54:06 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2014/02/27 14:45:11 | 000,000,010 | ---- | C] () -- C:\Users\dad4\AppData\Local\sponge.last.runtime.cache
[2013/12/21 10:03:46 | 000,000,132 | ---- | C] () -- C:\Users\dad4\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
[2013/12/12 22:15:00 | 000,000,039 | ---- | C] () -- C:\Windows\Embmake.INI
[2013/11/29 13:53:49 | 000,000,132 | ---- | C] () -- C:\Users\dad4\AppData\Roaming\Adobe BMP Format CS6 Prefs
[2013/10/02 16:50:13 | 000,004,096 | -H-- | C] () -- C:\Users\dad4\AppData\Local\keyfile3.drm
[2013/09/14 09:31:11 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\AiCM64.dll
[2013/09/14 09:31:11 | 000,214,528 | ---- | C] () -- C:\Windows\SysWow64\AiCM32.dll
[2013/09/02 16:59:01 | 000,508,928 | ---- | C] () -- C:\Windows\SysWow64\hidapi-jni.dll
[2013/08/15 13:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winlogon.exe
[2013/08/15 13:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\smss.exe
[2013/08/15 13:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\services.exe
[2013/08/15 13:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe
[2013/08/15 13:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe
[2013/06/23 10:48:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SBRC.dat
[2013/05/21 10:05:02 | 000,000,132 | ---- | C] () -- C:\Users\dad4\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/05/21 08:36:24 | 000,000,132 | ---- | C] () -- C:\Users\dad4\AppData\Roaming\Adobe GIF Format CS6 Prefs
[2013/04/20 16:05:39 | 000,234,544 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2013/04/20 16:05:39 | 000,022,064 | ---- | C] () -- C:\Windows\DCEBoot64.exe
[2013/01/23 07:12:06 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2013/01/17 10:39:27 | 000,247,612 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/01/09 16:34:12 | 000,000,163 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2013/01/09 16:34:12 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2013/01/09 16:33:16 | 000,000,484 | ---- | C] () -- C:\Windows\Brownie.ini
[2012/04/15 09:36:15 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012/03/01 14:10:10 | 000,022,979 | ---- | C] () -- C:\Users\dad4\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/07/20 15:53:13 | 000,008,518 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/07/20 12:53:30 | 007,140,650 | ---- | C] () -- C:\Users\dad4\AppData\Local\census.cache
[2011/07/20 12:53:27 | 000,065,983 | ---- | C] () -- C:\Users\dad4\AppData\Local\ars.cache
[2011/07/20 12:49:04 | 000,000,036 | ---- | C] () -- C:\Users\dad4\AppData\Local\housecall.guid.cache

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/08/03 12:24:05 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\AbeBooks
[2013/05/21 08:47:47 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Autodesk
[2014/03/14 09:25:20 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Azureus
[2013/08/24 08:38:36 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\DAEMON Tools Pro
[2012/04/15 09:41:07 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\DassaultSystemes
[2013/09/02 16:59:37 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\EcoTech Marine
[2012/04/15 09:41:07 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\EDrawings
[2014/04/08 13:12:43 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\FreeFixer
[2012/08/14 08:32:00 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\HTC
[2012/08/14 08:30:17 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2013/09/14 09:18:50 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\iDealshare VideoGo
[2012/05/25 06:36:21 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\ieSpell
[2011/09/26 19:39:13 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Netscape
[2012/01/17 08:38:20 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\No Company Name
[2014/03/18 08:41:30 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Oracle
[2013/02/06 08:00:02 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Outlook
[2012/09/23 09:45:23 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\PC-FAX TX
[2013/12/22 10:09:35 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\PDAppFlex
[2011/09/26 21:06:46 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Photodex
[2014/03/18 11:58:52 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\QuickScan
[2011/08/20 08:51:10 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Seagull
[2013/06/11 18:51:13 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/03/08 18:11:49 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\TeamViewer
[2011/07/20 21:01:47 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Teleca
[2013/09/14 09:31:35 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:373E1720

< End of report >
 
OTL Extras logfile created on: 4/10/2014 7:49:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dad4\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.81 Gb Available Physical Memory | 63.52% Memory free
11.98 Gb Paging File | 9.00 Gb Available in Paging File | 75.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 157.97 Gb Free Space | 33.92% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 104.96 Gb Free Space | 11.27% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 724.52 Gb Free Space | 77.78% Space Free | Partition Type: NTFS
Drive F: | 501.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 931.51 Gb Total Space | 387.39 Gb Free Space | 41.59% Space Free | Partition Type: NTFS

Computer Name: DAD4-PC | User Name: dad4 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0306F7AD-ECCE-49BD-8372-04D7AC6B9DC2}" = lport=445 | protocol=6 | dir=in | app=system |
"{070943F3-4B32-4BC1-A529-F5B5EDAF7718}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0BFBF591-9EBA-45F9-B2EE-AEB158E84AE7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0CF76AE1-6353-4B67-8962-ADA6018A17FD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10323E87-8F69-43F1-9D5B-C35860CDFDB5}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{143E4E2D-4619-4BFB-8DC9-DAC3343B03A9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2DB24E4A-5E7B-41CE-BC2F-BE269BA516B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E63B296-A218-4343-A626-F559F0446195}" = lport=139 | protocol=6 | dir=in | app=system |
"{43BB31A9-6C8A-431E-915E-CE008827CBCB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43F0B31C-E2B2-4C9A-A770-82A25C399FFB}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{4814FF45-9162-460B-BFBA-F871612BB050}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5D190AED-92B0-4A8E-AD57-7F0D4CA270E4}" = rport=445 | protocol=6 | dir=out | app=system |
"{6BE7D2FD-6193-4EAB-824F-9588C975ABA7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6E24BB5D-6EC9-4AAE-A4CE-E396F1F1EC50}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{735DFDD6-D0BD-4621-A527-5FA528B3A0BC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{75DC268C-6262-424D-A0BE-2CD8DA6B4149}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8765D59F-CE4D-44CB-92BC-31DD903DF2D1}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8AED105F-2512-47FD-802D-7B28EAE91797}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{8D7CCA87-DA2F-4074-B886-D733165AF6D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8E116AE3-6E5D-4D8E-8FDF-DE0B8130B2C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{909EF230-BA2C-4AB7-85BA-2694DDB814FE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{96B00BAF-522D-4475-8AC0-F015E96586B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2D74A48-3F30-4C07-9A7A-EDDE3D0C1820}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A800B11D-0A4A-48CB-BFFF-8299E99D6EFF}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A95ED6DA-C6A9-4E3B-974B-18FED02813C2}" = rport=138 | protocol=17 | dir=out | app=system |
"{AC93CB5C-7C62-4E16-BB4B-45A91B1FF41C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AD887D48-8DD7-458F-8ED0-3CFC02A5EA0E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3AD78ED-8807-4B68-8B27-7E0B67BB8846}" = lport=137 | protocol=17 | dir=in | app=system |
"{B5D20134-632A-48BA-9FFB-29483CCC3006}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{BDA579A5-2B62-4C81-BC9E-82B8DADFDC08}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE67BDA8-2E17-4EC5-B324-34519B2F2AAF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB74251F-DBAB-4064-8188-497B49E03263}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{CEFA7E98-C1DF-43A7-AFC8-3DFCD116F0E2}" = rport=2869 | protocol=6 | dir=out | app=system |
"{D215F81F-A414-4400-852F-D14668CEF296}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D42EE68E-72FF-43AC-92AA-9531A446F922}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5803997-A8D2-4330-8824-CFA5DDC33F7E}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{DF8FAB5F-B129-4960-B880-4003D70371F2}" = lport=138 | protocol=17 | dir=in | app=system |
"{F00C9612-72D4-4587-849A-D6C736637A2C}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F5C94509-259A-458D-96FD-552D9202B7A6}" = rport=137 | protocol=17 | dir=out | app=system |
"{FD4C028A-B877-4B48-832D-57495E1F73FC}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B67B391-8B79-41E0-AA0F-23A52E60C377}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0B6C46E5-6E2E-4A46-AD9F-E2A9F97D2F77}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{17EFD203-FDD3-4F09-B3FC-3ED806140807}" = protocol=17 | dir=in | app=c:\program files (x86)\carbonite\carbonite backup\carbonitesetup.exe |
"{196F2C07-FAB1-4E92-8A18-8F6269F69FA2}" = protocol=17 | dir=in | app=c:\program files (x86)\seagull\bartender suite\systemdatabasewizard.exe |
"{1C6C8850-3E0E-47A9-85DB-F94AC5403ED8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{208B361D-A59A-4C04-BFC7-1C7C9B86FAD9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{226AA1B3-E47F-47C9-9030-0284D2D2C1D1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{27CFB2BF-FFC0-4C32-A2DF-245EEAF50B05}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A28CE5A-AA55-4151-B1F0-B6AFDEE03854}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2DDD997A-8721-4254-8508-9BDEECC8273B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2F61A0E2-85E9-4367-88C1-82631540BC1C}" = protocol=17 | dir=in | app=c:\program files (x86)\seagull\bartender suite\reprintconsole.exe |
"{3167AB81-5046-4BDD-A695-402215993557}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{318127EE-A1E5-4D4F-81DE-DBC6737D1A92}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{381DA473-5311-4DDA-9035-D45CEF66F957}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3BB02318-A065-49F4-84BA-B89517DE19D6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3D86F89F-8BC1-4FE7-A8DA-B22F64AB3D09}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{3F11A87A-4B19-4730-9F2D-BDAEFD43C0FF}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl06d\faxrx.exe |
"{408DAA59-C147-42F9-B5A5-6C912B543767}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{42506D7A-66B4-4CB0-AFE4-8BE9E675B017}" = protocol=6 | dir=in | app=c:\program files\carbonite\carbonite backup\carboniteservice.exe |
"{42CCCEDF-1F3C-44CE-B5B2-0BB832A77EE1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{45E5AD29-154E-4553-B7E3-0A822A496505}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{45F483C3-26B9-41A5-A693-71CDF183AAC0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4F9B103F-F263-4986-8833-1686F67CF1E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B08CF81-A654-431B-884E-34C00912689B}" = protocol=17 | dir=in | app=c:\program files (x86)\seagull\bartender suite\systemdatabasesetup.exe |
"{6A0BE805-B8F2-4759-A676-C76C483A039F}" = protocol=17 | dir=in | app=c:\program files\carbonite\carbonite backup\carboniteservice.exe |
"{6D306857-417C-4721-B203-C5EDD25C2D4E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6FC682DA-7337-470D-B817-9EDA3E1DA4B8}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl06d\faxrx.exe |
"{70D4EDCD-53E5-4680-86BD-FC89D92B17A1}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srserver.exe |
"{74DB67EE-87F3-40A4-96F3-8911829F1B9D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{79334AEF-40D8-4025-A1D6-594A7A1E7801}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\dataproxy.exe |
"{7BFE5801-31ED-4F25-A82F-8D78D3893F6B}" = protocol=6 | dir=in | app=c:\program files (x86)\seagull\bartender suite\systemdatabasewizard.exe |
"{80FC4A26-5D06-40A3-B510-C4C81A6F3A19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A3C02E5-03FC-43E0-B780-ED26434B61AC}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{8A42D5EF-F6EE-4C63-AD2C-EF6BB893776E}" = protocol=6 | dir=out | app=system |
"{8A60C917-4E2B-4D72-8D5F-FA5C64F271C0}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{8D0162BB-F95C-4E3D-AE95-DF06BEA2D2CC}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{8DE5CD62-763B-413E-8CC6-287798EB32B7}" = protocol=17 | dir=in | app=c:\program files (x86)\carbonite\carbonite backup\carboniteui.exe |
"{9720DEFD-B1CA-4A38-A612-7DE6AF093945}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98866CB8-B3BC-471D-B81E-30AEC11A6D4E}" = protocol=6 | dir=in | app=c:\program files (x86)\carbonite\carbonite backup\carbonitesetup.exe |
"{9BD36F3F-55D0-4C6D-8014-95286A1DBE55}" = protocol=17 | dir=in | app=c:\program files (x86)\seagull\bartender suite\maestro.service.exe |
"{9C25D665-566A-4FBB-917C-23B5998B1A98}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9E74FB9B-B93D-476B-84DB-A752BB90D368}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srfeature.exe |
"{9F41DDC7-DA14-417D-9ADB-551949E3E9A8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A6881F63-8831-4F8C-A509-ABF91629AA74}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A7B6FBD5-E609-4597-BE83-C0342DDE368F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AA04F71F-7977-4FF2-AEE6-8470B4418E3F}" = protocol=6 | dir=in | app=c:\program files (x86)\seagull\bartender suite\systemdatabasesetup.exe |
"{AEAB4DFF-0BA8-4B4C-9FB2-48F9E4489FAD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B719CB1E-CB42-47EC-9AC9-C1D3AED3EAAD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B7ADCA56-80FC-45BA-A26E-F339C3CC7479}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B7C75566-2AC7-4293-8345-4CFC1A2D7FD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8916431-BD79-430F-B71A-4842EFF094E4}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{B9E96F2C-2643-48C2-8B96-EEA8CA7FB134}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{BC92CD54-2652-4DE9-9706-90ECA8A5F324}" = protocol=6 | dir=in | app=c:\program files (x86)\seagull\bartender suite\btsystem.service.exe |
"{BF905E94-F2D7-4E29-B869-97B61B3631E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C013D9D9-F1B2-4F72-A087-3F15C103465C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C138DD4D-32EA-4CDC-8CA9-5B0AB606E602}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CFD4CD16-F419-4B08-BD3D-2E7CE5E3BC79}" = protocol=17 | dir=in | app=c:\program files (x86)\seagull\bartender suite\btsystem.service.exe |
"{DC2A0ABF-2517-4213-9DEA-87AF3CD3AA6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E517153F-3101-48AB-842A-3EFEEA03E798}" = protocol=6 | dir=in | app=c:\program files (x86)\seagull\bartender suite\maestro.service.exe |
"{E7E5C86D-15B5-41D5-B5E7-4F41CF96A062}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{EA93D435-C79D-4D15-B7EB-6F11CB565A90}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{EEB9B1D6-46E6-4570-AD5F-82827E5A7115}" = protocol=6 | dir=in | app=c:\program files (x86)\seagull\bartender suite\reprintconsole.exe |
"{EF66A92B-7CEA-429F-BD06-531D2BB52212}" = protocol=6 | dir=in | app=c:\program files (x86)\carbonite\carbonite backup\carboniteui.exe |
"{F27C1B21-88AF-47F3-A74B-8901FD293418}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F5098039-840F-4874-9DCB-396A632A188B}" = protocol=6 | dir=in | app=c:\program files (x86)\seagull\bartender suite\historyexplorer.exe |
"{F73BED2B-E3D5-414D-A730-DFE769AAB295}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FD39CFCA-DC28-471A-9B41-2C5B0C98CCC7}" = protocol=17 | dir=in | app=c:\program files (x86)\seagull\bartender suite\historyexplorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}" = Adobe Premiere Elements 10
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5677B005-B609-4B5B-9F3C-132BB085D3CF}" = Microsoft SQL Server Management Objects Collection
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{73CA0462-DD49-495D-A6E5-AC4CF6F5FAC1}" = Symantec Endpoint Protection
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}" = iTunes
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D5D8CB90-785A-458E-A5D1-3D084A1B4EE9}" = Microsoft Camera Codec Pack
"{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}" = Apple Mobile Device Support
"CCleaner" = CCleaner
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"PerformanceTest 8_is1" = PerformanceTest v8.0
"PremElem100" = Adobe Premiere Elements 10
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0094D07C-1FFB-4450-8D10-AD7E05A318DF}_is1" = Advanced Fix 2013 version 2.1.3.83
"{0177D0D5-9B23-40ED-83CC-2FEE9EA7AA45}" = Machine Quilters Business Manager
"{072E9B7C-850B-4397-B104-098170742FAF}" = Galil DMC .Net API for Visual Studio 2005
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{18CE9672-2DC4-47C4-BC34-235A1B71AAFE}" = Art and Stitch
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1E926104-8244-4E6E-841E-69D11D138C5C}" = BarTender 9.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}" = PDF Settings CC
"{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}" = Apple Application Support
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{271AC427-45C0-4C4E-9F57-54E666F3833D}" = CreativeStudio
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{43124E9B-3EB5-4BE6-A55B-13E373CF6089}" = EcoSmart Config Utility
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CA6A2DF-A805-4E40-95A9-CC8FE86DC742}" = EQ5
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (BARTENDER)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7EFD5075-EC47-49B6-81D2-D16FCCA4E756}" = Brother HL-2170W
"{88603FC0-6B3C-442D-981E-E3D49F083548}_is1" = NovaBench 3.0.4
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001C-0000-0000-0000000FF1CE}" = Microsoft Office Access Runtime 2010
"{90140000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9207A8EC-3B2D-4A4A-8BF7-957FC19BB3DE}" = Zebra Setup Utilities
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8C164B5-F818-461B-9546-1DAEF1C77ADD}" = Universal Buying Tool
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA70C64F-28D6-4014-8AB0-0C61ECFC7313}" = SolidWorks eDrawings 2012
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B0255743-165B-4BD5-8DA8-37DFB9930015}" = Norton Ghost
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7C5EA94-B96A-41F5-BE95-25D78B486678}" = Splashtop Streamer
"{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}" = Microsoft Streets & Trips 2011
"{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite MFC-9440CN
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D8EEDC94-EE82-46A0-A7DB-812E3C6A0A6E}_is1" = PSD Viewer
"{DB639F99-ED74-49D4-8FFD-5B8C34C00D64}" = AutoSketch Release 9
"{E3F2AB39-35C4-4FC5-806D-B0B2F935B1B0}" = Follett Blue Book
"{ECF43B43-F239-496F-9792-AEEEBF999C6C}" = HomeBase 3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2321021-08A2-44D6-B1DF-BDB415F23EC3}" = Adobe Illustrator CC
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Aimersoft Video Converter Ultimate_is1" = Aimersoft Video Converter Ultimate(Build 5.6.0.1)
"Carbonite Backup" = Carbonite
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Cisco Connect" = Cisco Connect
"DAEMON Tools Pro" = DAEMON Tools Pro
"EcoSmart Live Connection Manager" = EcoSmart Live Connection Manager
"FreeFixer1.10" = FreeFixer
"GalilTools" = GalilTools
"Google Chrome" = Google Chrome
"ieSpell" = ieSpell
"InstallShield_{4CA6A2DF-A805-4E40-95A9-CC8FE86DC742}" = EQ5
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NoIPDUC" = No-IP DUC
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.AccessRT" = Microsoft Access Runtime 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ProShow Gold" = ProShow Gold
"Splashtop Software Updater" = Splashtop Software Updater
"WinRAR archiver" = WinRAR 4.00 beta 1 (32-bit)
"Zebra Font Downloader_is1" = Zebra Font Downloader
"Zebra Setup Utilities" = Zebra Setup Utilities

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0ff39f4248135cd2" = PVM - Pattern Viewer and Manager

< End of report >
 
I didn't do anything but run and post the text files after running OTL. Was I supposed to push clean or wait for you to respond
 
redtarget.gif
Uninstall Advanced Fix.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


redtarget.gif

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
Code: 
:OTL
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/03/15 08:06:37 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O15 - HKU\S-1-5-21-663409573-2375225237-670408003-1000\..Trusted Domains: localhost ([]* in Local intranet)
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:373E1720


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.
Service avgtp stopped successfully!
Service avgtp deleted successfully!
C:\Windows\SysNative\drivers\avgtpx64.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_USERS\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
ADS C:\ProgramData\Temp:373E1720 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: dad4
->Temp folder emptied: 7400463 bytes
->Temporary Internet Files folder emptied: 32323387 bytes
->Java cache emptied: 1991495 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 74368760 bytes
->Flash cache emptied: 2365 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70253 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 2039246961 bytes

Total Files Cleaned = 2,056.00 mb


[EMPTYJAVA]

User: All Users

User: AppData

User: dad4
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: dad4
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04112014_175738

Files\Folders moved on Reboot...
C:\Users\dad4\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\dad4\AppData\Local\Temp\JETF8F5.tmp not found!
File\Folder C:\Users\dad4\AppData\Local\Temp\JETF934.tmp not found!
File\Folder C:\Users\dad4\AppData\Local\Temp\~DF1B970EF3B8AB9237.TMP not found!
File\Folder C:\Users\dad4\AppData\Local\Temp\~DF567E1D4EE997AD0F.TMP not found!
C:\Users\dad4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1AB8E7EE-168F-439D-BF2B-3B24799E7008}.tmp moved successfully.
File\Folder C:\Users\dad4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3A075A9B-3F4E-4F2F-92CC-61C8722964E7}.tmp not found!
C:\Users\dad4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6D731F60-1C05-4FB6-82AB-FBABA051B70D}.tmp moved successfully.
C:\Users\dad4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{86DC796F-E9C1-40AB-A4D0-0DE7443E88B0}.tmp moved successfully.
File\Folder C:\Users\dad4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{CC676BF3-A9EB-43A1-8EAB-3CCCB17262E4}.tmp not found!
C:\Users\dad4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{CF9B006E-F5C1-4FCF-BA64-92F38F633BA8}.tmp moved successfully.
C:\Users\dad4\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.81
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Symantec Endpoint Protection
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Norton Ghost
Malwarebytes Anti-Malware version 1.75.0.1300
Java(TM) 6 Update 29
Java 7 Update 51
Adobe Reader 10.1.9 Adobe Reader out of Date!
Mozilla Firefox 13.0 Firefox out of Date!
Google Chrome 33.0.1750.154
Google Chrome 34.0.1847.116
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 25-02-2014
Ran by dad4 (administrator) on 11-04-2014 at 18:45:32
Running from "C:\Users\dad4\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
821
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni

Latest posts

Back