TechSpot

Malware detected on every startup

Solved
By david hurd
Apr 8, 2014
  1. Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.04.07.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16521
    dad4 :: DAD4-PC [administrator]

    4/7/2014 12:57:38 PM
    mbam-log-2014-04-07 (12-57-38).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 605732
    Time elapsed: 2 hour(s), 31 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\Software\AppDataLow\Software\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\Users\dad4\AppData\Local\JollyWallet (PUP.Optional.JollyWallet.A) -> Quarantined and deleted successfully.

    Files Detected: 2
    C:\ProgramData\Symantec\Symantec Endpoint Protection\00002C75 (Hacktool.Agent) -> Quarantined and deleted successfully.
    C:\ProgramData\Symantec\Symantec Endpoint Protection\00002D30 (Hacktool.Agent) -> Quarantined and deleted successfully.

    (end)
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/20/2011 9:43:49 AM
    System Uptime: 4/7/2014 4:49:03 PM (15 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | Rampage II Extreme
    Processor: Intel(R) Core(TM) i7 CPU 965 @ 3.20GHz | LGA1366 | 3040/133mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 466 GiB total, 158.56 GiB free.
    D: is FIXED (NTFS) - 932 GiB total, 102.777 GiB free.
    E: is FIXED (NTFS) - 932 GiB total, 724.519 GiB free.
    F: is CDROM (CDFS)
    G: is CDROM ()
    H: is CDROM ()
    I: is FIXED (NTFS) - 932 GiB total, 387.393 GiB free.
    J: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 12 ActiveX
    Adobe Help Manager
    Adobe Illustrator CC
    Adobe Photoshop CS6
    Adobe Premiere Elements 10
    Adobe Reader X (10.1.9)
    Advanced Fix 2013 version 2.1.3.83
    Aimersoft Video Converter Ultimate(Build 5.6.0.1)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Art and Stitch
    AutoSketch Release 9
    BarTender 9.4
    Bonjour
    Brother HL-2170W
    Brother MFL-Pro Suite MFC-9440CN
    Carbonite
    CCleaner
    Cisco Connect
    CreativeStudio
    CyberLink PhotoNow
    CyberLink PowerDirector
    DAEMON Tools Pro
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DnsBasic 1.0 build 111
    EcoSmart Config Utility
    EcoSmart Live Connection Manager
    EQ5
    Follett Blue Book
    Galil DMC .Net API for Visual Studio 2005
    GalilTools
    Google Chrome
    Google Earth
    Google Update Helper
    HomeBase 3
    HTC BMP USB Driver
    HTC Driver Installer
    HTC Sync
    ieSpell
    iTunes
    Java 7 Update 51
    Java Auto Updater
    Java(TM) 6 Update 29
    LiveUpdate 3.3 (Symantec Corporation)
    Machine Quilters Business Manager
    Magic ISO Maker v5.4 (build 0239)
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 4.5.1
    Microsoft Access database engine 2010 (English)
    Microsoft Access Runtime 2010
    Microsoft Application Error Reporting
    Microsoft Camera Codec Pack
    Microsoft Mouse and Keyboard Center
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Runtime 2010
    Microsoft Office Access Runtime MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (BARTENDER)
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Management Objects Collection
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Streets & Trips 2011
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_CRT_x86
    Microsoft_VC90_CRT_x86
    Mozilla Firefox 13.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 4.0 SP3 Parser (KB973685)
    No-IP DUC
    Norton Ghost
    NovaBench 3.0.4
    NVIDIA 3D Vision Driver 311.06
    NVIDIA Control Panel 311.06
    NVIDIA Graphics Driver 311.06
    NVIDIA Install Application
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.11.3
    NVIDIA Update Components
    PDF Settings CC
    PerformanceTest v8.0
    PlayReady PC Runtime amd64
    ProShow Gold
    PSD Viewer
    PVM - Pattern Viewer and Manager
    QuickTime
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
    SolidWorks eDrawings 2012
    Splashtop Software Updater
    Splashtop Streamer
    Spybot - Search & Destroy
    SUPERAntiSpyware
    Symantec Endpoint Protection
    Universal Buying Tool
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
    Vuze
    Windows Mobile Device Center
    WinRAR 4.00 beta 1 (32-bit)
    WinRAR 4.01 (64-bit)
    WinZip 15.0
    Zebra Font Downloader
    Zebra Setup Utilities
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/7/2014 7:56:36 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    4/7/2014 4:58:13 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    4/7/2014 4:58:13 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    4/7/2014 4:57:53 PM, Error: Service Control Manager [7022] - The Commander Service service hung on starting.
    4/7/2014 4:52:08 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    4/7/2014 11:23:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Printer Maestro service to connect.
    4/7/2014 11:23:48 AM, Error: Service Control Manager [7000] - The Printer Maestro service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/7/2014 11:03:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
    4/7/2014 11:03:36 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/6/2014 2:25:39 PM, Error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    4/5/2014 7:42:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    4/5/2014 7:33:37 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff8000322b595, 0xfffff8800ec6c8c8, 0xfffff8800ec6c120). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040514-44897-01.
    4/1/2014 8:56:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
    4/1/2014 8:56:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.
    4/1/2014 8:56:03 AM, Error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
    Run by dad4 at 7:21:35 on 2014-04-08
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.3061 [GMT -5:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\No-IP\ducservice.exe
    C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
    C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
    C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe
    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRServer.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\alg.exe
    C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRFeature.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
    C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
    C:\Windows\System32\msdtc.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Windows\ehome\ehRecvr.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\ehome\ehsched.exe
    C:\Windows\eHome\EhTray.exe
    C:\Windows\ehome\mcupdate.EXE
    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\eHome\ehshell.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Aimersoft Video Converter Ultimate: {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [GoogleChromeAutoLaunch_37636091923EB0AF9654CD0625A352B8] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
    mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
    mRun: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [BrowserPlugInHelper] C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    mRun: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\dad4\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
    TCP: NameServer = 208.180.42.68 208.180.42.100 192.168.1.1
    TCP: Interfaces\{1223660A-A804-48B7-8C3E-90BD0F74C30F} : DHCPNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
    x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
    x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\dad4\AppData\Roaming\Mozilla\Firefox\Profiles\k6pv1e97.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - ExtSQL: !HIDDEN! 2010-01-17 07:54; bzgyksvqin@bzgyksvqin.org; C:\Users\dad4\Application Data\Mozilla\Firefox\Profiles\k6pv1e97.default\extensions\bzgyksvqin@bzgyksvqin.org.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-17 55856]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-15 39768]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-7-21 272448]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-24 137648]
    R3 GenericMount;Generic Mount Driver;C:\Windows\System32\drivers\GenericMount.sys [2010-2-12 66608]
    R3 hcw89;hcw89 service;C:\Windows\System32\drivers\hcw89.sys [2013-12-18 1542016]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-12 25928]
    S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2014-4-6 38328]
    S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-10-26 32768]
    S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-26 19456]
    .
    =============== File Associations ===============
    .
    FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2014-04-06 14:47:30 -------- d-----w- C:\Users\dad4\AppData\Local\PassMark
    2014-04-06 14:47:24 -------- d-----w- C:\ProgramData\Passmark
    2014-04-06 14:47:18 -------- d-----w- C:\Program Files\PerformanceTest
    2014-03-26 20:39:04 67480 ----a-r- C:\Users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\CreativeStudio.log_A0257E23F5AD4097A09CA7B0B793CAA3.exe
    2014-03-26 20:39:04 55192 ----a-r- C:\Users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\_974E1DB6E75641E3957E1B56935956A9.exe
    2014-03-26 20:39:04 55192 ----a-r- C:\Users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\_4EFE6B2AFEBA472EAA518254BEAAE011.exe
    2014-03-26 20:39:04 47000 ----a-r- C:\Users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\LibGalilRedist_1.6_C3EAD1C186A44126BC0A048067F5B7CA.exe
    2014-03-26 20:39:03 59288 ----a-r- C:\Users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\CreativeStudioInst_5D5F060477714CDF95D31E38C92E618D.exe
    2014-03-26 20:39:03 55192 ----a-r- C:\Users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\ARPPRODUCTICON.exe
    2014-03-26 20:39:03 47000 ----a-r- C:\Users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\GalilTools_1.6.4.5_088A7308834240ABBA98F282EA6B1300.exe
    2014-03-18 13:40:54 -------- d-----w- C:\ProgramData\Oracle
    2014-03-18 13:39:19 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-03-15 19:41:35 -------- d-----w- C:\Users\dad4\AppData\Local\CrashDumps
    2014-03-13 14:58:29 -------- d-sh--w- C:\$RECYCLE.BIN
    2014-03-13 14:49:14 98816 ----a-w- C:\Windows\sed.exe
    2014-03-13 14:49:14 256000 ----a-w- C:\Windows\PEV.exe
    2014-03-13 14:49:14 208896 ----a-w- C:\Windows\MBR.exe
    2014-03-13 14:49:04 -------- d-s---w- C:\ComboFix
    2014-03-13 14:09:13 -------- d-----w- C:\Users\dad4\AppData\Roaming\SUPERAntiSpyware.com
    2014-03-13 14:08:41 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2014-03-13 14:08:41 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2014-03-13 07:14:50 624128 ----a-w- C:\Windows\System32\qedit.dll
    2014-03-13 07:14:50 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2014-03-13 07:14:49 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2014-03-13 07:14:49 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2014-03-12 13:06:34 -------- d-----w- C:\Program Files (x86)\Advanced Fix 2013
    .
    ==================== Find3M ====================
    .
    2014-03-12 00:15:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-12 00:15:10 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
    2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
    2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
    2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
    2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
    .
    ============= FINISH: 7:23:42.08 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 47,706   +268

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  3. david hurd

    david hurd TS Rookie Topic Starter Posts: 48

    RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : dad4 [Admin rights]
    Mode : Remove -- Date : 04/08/2014 17:53:16
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
    [Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\syswow64\shlwapi.DLL @ 0x751546E9)
    [Address] EAT @iexplore.exe (BeginBufferedAnimation) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180DF38)
    [Address] EAT @iexplore.exe (BeginBufferedPaint) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180B741)
    [Address] EAT @iexplore.exe (BeginPanningFeedback) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718276AF)
    [Address] EAT @iexplore.exe (BufferedPaintClear) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180BBDB)
    [Address] EAT @iexplore.exe (BufferedPaintInit) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180B8D4)
    [Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180DE83)
    [Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CE19)
    [Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180E428)
    [Address] EAT @iexplore.exe (BufferedPaintUnInit) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71817525)
    [Address] EAT @iexplore.exe (CloseThemeData) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71801FA1)
    [Address] EAT @iexplore.exe (DrawThemeBackground) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180D464)
    [Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7181436D)
    [Address] EAT @iexplore.exe (DrawThemeEdge) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C01C)
    [Address] EAT @iexplore.exe (DrawThemeIcon) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182D123)
    [Address] EAT @iexplore.exe (DrawThemeParentBackground) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180E776)
    [Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180E5C5)
    [Address] EAT @iexplore.exe (DrawThemeText) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180DB21)
    [Address] EAT @iexplore.exe (DrawThemeTextEx) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180A70C)
    [Address] EAT @iexplore.exe (EnableThemeDialogTexture) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7181786D)
    [Address] EAT @iexplore.exe (EnableTheming) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C9FF)
    [Address] EAT @iexplore.exe (EndBufferedAnimation) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180ACE8)
    [Address] EAT @iexplore.exe (EndBufferedPaint) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180ACE8)
    [Address] EAT @iexplore.exe (EndPanningFeedback) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182762C)
    [Address] EAT @iexplore.exe (GetBufferedPaintBits) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180CF26)
    [Address] EAT @iexplore.exe (GetBufferedPaintDC) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CDCF)
    [Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CD86)
    [Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C893)
    [Address] EAT @iexplore.exe (GetCurrentThemeName) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718163AE)
    [Address] EAT @iexplore.exe (GetThemeAppProperties) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180EBD6)
    [Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180DA9E)
    [Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71817155)
    [Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71810190)
    [Address] EAT @iexplore.exe (GetThemeBitmap) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71804B9C)
    [Address] EAT @iexplore.exe (GetThemeBool) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71806651)
    [Address] EAT @iexplore.exe (GetThemeColor) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718027C0)
    [Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C346)
    [Address] EAT @iexplore.exe (GetThemeEnumValue) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718027C0)
    [Address] EAT @iexplore.exe (GetThemeFilename) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B997)
    [Address] EAT @iexplore.exe (GetThemeFont) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718176A2)
    [Address] EAT @iexplore.exe (GetThemeInt) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718027C0)
    [Address] EAT @iexplore.exe (GetThemeIntList) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B86E)
    [Address] EAT @iexplore.exe (GetThemeMargins) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71802F97)
    [Address] EAT @iexplore.exe (GetThemeMetric) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718155B4)
    [Address] EAT @iexplore.exe (GetThemePartSize) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180289F)
    [Address] EAT @iexplore.exe (GetThemePosition) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B80D)
    [Address] EAT @iexplore.exe (GetThemePropertyOrigin) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71810923)
    [Address] EAT @iexplore.exe (GetThemeRect) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B936)
    [Address] EAT @iexplore.exe (GetThemeStream) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B8CF)
    [Address] EAT @iexplore.exe (GetThemeString) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B7A1)
    [Address] EAT @iexplore.exe (GetThemeSysBool) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CB86)
    [Address] EAT @iexplore.exe (GetThemeSysColor) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71815530)
    [Address] EAT @iexplore.exe (GetThemeSysColorBrush) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CA32)
    [Address] EAT @iexplore.exe (GetThemeSysFont) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C3D8)
    [Address] EAT @iexplore.exe (GetThemeSysInt) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C5E7)
    [Address] EAT @iexplore.exe (GetThemeSysSize) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CC61)
    [Address] EAT @iexplore.exe (GetThemeSysString) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C553)
    [Address] EAT @iexplore.exe (GetThemeTextExtent) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718089FE)
    [Address] EAT @iexplore.exe (GetThemeTextMetrics) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7181778C)
    [Address] EAT @iexplore.exe (GetThemeTransitionDuration) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180E1A1)
    [Address] EAT @iexplore.exe (GetWindowTheme) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7181535B)
    [Address] EAT @iexplore.exe (HitTestThemeBackground) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71812DC1)
    [Address] EAT @iexplore.exe (IsAppThemed) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71817009)
    [Address] EAT @iexplore.exe (IsCompositionActive) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718065DF)
    [Address] EAT @iexplore.exe (IsThemeActive) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71816F36)
    [Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180281C)
    [Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CB3F)
    [Address] EAT @iexplore.exe (IsThemePartDefined) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718030CF)
    [Address] EAT @iexplore.exe (OpenThemeData) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71805F29)
    [Address] EAT @iexplore.exe (OpenThemeDataEx) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718106FE)
    [Address] EAT @iexplore.exe (SetThemeAppProperties) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CCEC)
    [Address] EAT @iexplore.exe (SetWindowTheme) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71817AFC)
    [Address] EAT @iexplore.exe (SetWindowThemeAttribute) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71809E39)
    [Address] EAT @iexplore.exe (ThemeInitApiHook) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71804571)
    [Address] EAT @iexplore.exe (UpdatePanningFeedback) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718275ED)
    [Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\syswow64\shlwapi.DLL @ 0x751546E9)
    [Address] EAT @iexplore.exe (BeginBufferedAnimation) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180DF38)
    [Address] EAT @iexplore.exe (BeginBufferedPaint) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180B741)
    [Address] EAT @iexplore.exe (BeginPanningFeedback) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718276AF)
    [Address] EAT @iexplore.exe (BufferedPaintClear) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180BBDB)
    [Address] EAT @iexplore.exe (BufferedPaintInit) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180B8D4)
    [Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180DE83)
    [Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CE19)
    [Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180E428)
    [Address] EAT @iexplore.exe (BufferedPaintUnInit) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71817525)
    [Address] EAT @iexplore.exe (CloseThemeData) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71801FA1)
    [Address] EAT @iexplore.exe (DrawThemeBackground) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180D464)
    [Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7181436D)
    [Address] EAT @iexplore.exe (DrawThemeEdge) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C01C)
    [Address] EAT @iexplore.exe (DrawThemeIcon) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182D123)
    [Address] EAT @iexplore.exe (DrawThemeParentBackground) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180E776)
    [Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180E5C5)
    [Address] EAT @iexplore.exe (DrawThemeText) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180DB21)
    [Address] EAT @iexplore.exe (DrawThemeTextEx) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180A70C)
    [Address] EAT @iexplore.exe (EnableThemeDialogTexture) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7181786D)
    [Address] EAT @iexplore.exe (EnableTheming) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C9FF)
    [Address] EAT @iexplore.exe (EndBufferedAnimation) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180ACE8)
    [Address] EAT @iexplore.exe (EndBufferedPaint) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180ACE8)
    [Address] EAT @iexplore.exe (EndPanningFeedback) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182762C)
    [Address] EAT @iexplore.exe (GetBufferedPaintBits) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180CF26)
    [Address] EAT @iexplore.exe (GetBufferedPaintDC) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CDCF)
    [Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CD86)
    [Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C893)
    [Address] EAT @iexplore.exe (GetCurrentThemeName) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718163AE)
    [Address] EAT @iexplore.exe (GetThemeAppProperties) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180EBD6)
    [Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180DA9E)
    [Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71817155)
    [Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71810190)
    [Address] EAT @iexplore.exe (GetThemeBitmap) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71804B9C)
    [Address] EAT @iexplore.exe (GetThemeBool) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71806651)
    [Address] EAT @iexplore.exe (GetThemeColor) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718027C0)
    [Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C346)
    [Address] EAT @iexplore.exe (GetThemeEnumValue) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718027C0)
    [Address] EAT @iexplore.exe (GetThemeFilename) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B997)
    [Address] EAT @iexplore.exe (GetThemeFont) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718176A2)
    [Address] EAT @iexplore.exe (GetThemeInt) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718027C0)
    [Address] EAT @iexplore.exe (GetThemeIntList) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B86E)
    [Address] EAT @iexplore.exe (GetThemeMargins) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71802F97)
    [Address] EAT @iexplore.exe (GetThemeMetric) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718155B4)
    [Address] EAT @iexplore.exe (GetThemePartSize) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180289F)
    [Address] EAT @iexplore.exe (GetThemePosition) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B80D)
    [Address] EAT @iexplore.exe (GetThemePropertyOrigin) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71810923)
    [Address] EAT @iexplore.exe (GetThemeRect) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B936)
    [Address] EAT @iexplore.exe (GetThemeStream) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B8CF)
    [Address] EAT @iexplore.exe (GetThemeString) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182B7A1)
    [Address] EAT @iexplore.exe (GetThemeSysBool) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CB86)
    [Address] EAT @iexplore.exe (GetThemeSysColor) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71815530)
    [Address] EAT @iexplore.exe (GetThemeSysColorBrush) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CA32)
    [Address] EAT @iexplore.exe (GetThemeSysFont) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C3D8)
    [Address] EAT @iexplore.exe (GetThemeSysInt) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C5E7)
    [Address] EAT @iexplore.exe (GetThemeSysSize) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CC61)
    [Address] EAT @iexplore.exe (GetThemeSysString) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182C553)
    [Address] EAT @iexplore.exe (GetThemeTextExtent) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718089FE)
    [Address] EAT @iexplore.exe (GetThemeTextMetrics) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7181778C)
    [Address] EAT @iexplore.exe (GetThemeTransitionDuration) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180E1A1)
    [Address] EAT @iexplore.exe (GetWindowTheme) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7181535B)
    [Address] EAT @iexplore.exe (HitTestThemeBackground) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71812DC1)
    [Address] EAT @iexplore.exe (IsAppThemed) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71817009)
    [Address] EAT @iexplore.exe (IsCompositionActive) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718065DF)
    [Address] EAT @iexplore.exe (IsThemeActive) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71816F36)
    [Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7180281C)
    [Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CB3F)
    [Address] EAT @iexplore.exe (IsThemePartDefined) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718030CF)
    [Address] EAT @iexplore.exe (OpenThemeData) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71805F29)
    [Address] EAT @iexplore.exe (OpenThemeDataEx) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718106FE)
    [Address] EAT @iexplore.exe (SetThemeAppProperties) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7182CCEC)
    [Address] EAT @iexplore.exe (SetWindowTheme) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71817AFC)
    [Address] EAT @iexplore.exe (SetWindowThemeAttribute) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71809E39)
    [Address] EAT @iexplore.exe (ThemeInitApiHook) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x71804571)
    [Address] EAT @iexplore.exe (UpdatePanningFeedback) : msi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x718275ED)

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AZRX-00A8LB0 ATA Device +++++
    --- User ---
    [MBR] be33cbc9cdf6033ac4fa404e47e78ac1
    [BSP] 0a33ce88d53b03f69c74aea82928f730 : Windows XP MBR Code
    Partition table:
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 MB
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) Hitachi HDP725050GLA360 ATA Device +++++
    --- User ---
    [MBR] 13a679bd258322b2d5894bf171452d1c
    [BSP] 9732c3e2b88e74695bd9e09b44acd976 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476944 MB
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) WDC WD10EZRX-00A8LB0 ATA Device +++++
    --- User ---
    [MBR] f1026ece16818ebd497723ec59b5163a
    [BSP] 270886f7abe5e8d1407137c7ed3981ea : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953874 MB
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ IDE) WDC WD10EACS-00D6B0 ATA Device +++++
    --- User ---
    [MBR] dafd165417067138f84241e413a1fb76
    [BSP] f8c7257432e649fb01586ba6315f2a42 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953874 MB
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ IDE) WDC WD10EZRX-00A8LB0 ATA Device +++++
    --- User ---
    [MBR] 147b753bb797bd2bce906c2ad1f4a42e
    [BSP] 62ba7d328ad86fdf22662d5caa1e3b0d : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953874 MB
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_04082014_175316.txt >>
    RKreport[0]_S_04082014_172404.txt
     
  4. david hurd

    david hurd TS Rookie Topic Starter Posts: 48

    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org

    Database version: v2014.04.08.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16521
    dad4 :: DAD4-PC [administrator]

    4/8/2014 6:34:31 PM
    mbar-log-2014-04-08 (18-34-31).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
    Objects scanned: 343953
    Time elapsed: 55 minute(s), 23 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 2
    Physical Sector #32 on Drive #0 (Unknown.Rootkit.VBR) -> Replace on reboot.
    Master Boot Record on Drive #0 (Unknown.Rootkit.VBR) -> Replace on reboot.

    (end)
     
  5. david hurd

    david hurd TS Rookie Topic Starter Posts: 48

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.16521

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED
    CPU speed: 3.207000 GHz
    Memory total: 6433136640, free: 2629189632

    Downloaded database version: v2014.04.08.08
    Downloaded database version: v2014.03.27.01
    Initializing...
    ======================
    ------------ Kernel report ------------
    04/08/2014 18:03:38
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\System32\Drivers\spvr.sys
    \SystemRoot\System32\Drivers\WMILIB.SYS
    \SystemRoot\System32\Drivers\SCSIPORT.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\PxHlpa64.sys
    \SystemRoot\system32\DRIVERS\symsnap.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\SRTSP64.SYS
    \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20140405.003\EX64.SYS
    \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20140405.003\ENG64.SYS
    \SystemRoot\System32\Drivers\SRTSPX64.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\Windows\system32\drivers\avgtpx64.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \??\C:\Windows\system32\drivers\wpsdrvnt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\Drivers\nvBridge.kmd
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\yk62x64.sys
    \SystemRoot\system32\DRIVERS\hcw89.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\BdaSup.SYS
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\1394ohci.sys
    \SystemRoot\system32\DRIVERS\fdc.sys
    \SystemRoot\system32\DRIVERS\ASACPI.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\GenericMount.sys
    \SystemRoot\system32\DRIVERS\serscan.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mcdbus.sys
    \SystemRoot\system32\DRIVERS\teefer2.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\flpydisk.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\HdAudio.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\dc3d.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\point64.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Windows\system32\drivers\WpsHelper.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\v2imount.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\drivers\ipnat.sys
    \SystemRoot\system32\DRIVERS\umpass.sys
    \SystemRoot\system32\DRIVERS\WSDPrint.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\system32\drivers\MSPQM.sys
    \SystemRoot\system32\drivers\MSPCLOCK.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\ws2_32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\imm32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\ole32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\user32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\psapi.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\msctf.dll
    \Windows\System32\lpk.dll
    \Windows\System32\nsi.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\wininet.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\devobj.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\msasn1.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR4
    Upper Device Object: 0xfffffa80066d3060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-7\
    Lower Device Object: 0xfffffa80063f1060
    Lower Device Driver Name: \Driver\atapi\
    IRP handler 0 of \Driver\atapi points to an unknown module
    Unhooking enabled.
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR4
    Upper Device Object: 0xfffffa80066d3060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-7\
    Lower Device Object: 0xfffffa80063f1060
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR3
    Upper Device Object: 0xfffffa80066d2060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\
    Lower Device Object: 0xfffffa80063df060
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xfffffa80066d1060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-5\
    Lower Device Object: 0xfffffa80063e8060
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa80066d0060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-4\
    Lower Device Object: 0xfffffa80063e3060
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8006622790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
    Lower Device Object: 0xfffffa80063d8680
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8006622790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006622250, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8006622790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80063e2580, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa80063d8680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a0029d04f0, 0xfffffa8006622790, 0xfffffa800ab01540
    Lower DeviceData: 0xfffff8a0162f9720, 0xfffffa80063d8680, 0xfffffa800981ae40
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 1AE09

    Partition information:

    Partition 0 type is Empty (0x0)
    Partition is ACTIVE.
    Partition starts at LBA: 32 Numsec = 0
    Partition is not bootable
    Infected: VBR on Empty active partition --> [Unknown.Rootkit.VBR]
    Changing partition to empty and not active. New active partition is 0 on drive 0 ...

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 976768450
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    MBR infection found on drive 0
    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-31-976753168-976773168)...
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa80066d0060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80066d0ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80066d0060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80063bc9b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa80063e3060, DeviceName: \Device\Ide\IdeDeviceP2T1L0-4\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a0182e81f0, 0xfffffa80066d0060, 0xfffffa800ae95790
    Lower DeviceData: 0xfffff8a0189580d0, 0xfffffa80063e3060, 0xfffffa800a30bb40
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 67F76B81

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 976782082
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xfffffa80066d1060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80066d1b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80066d1060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80063e6520, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa80063e8060, DeviceName: \Device\Ide\IdeDeviceP4T0L0-5\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a008f6d560, 0xfffffa80066d1060, 0xfffffa800ae1e790
    Lower DeviceData: 0xfffff8a0074540d0, 0xfffffa80063e8060, 0xfffffa800ab91870
    Drive 2
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A944E807

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 1953534082

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 3, DevicePointer: 0xfffffa80066d2060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80066d2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80066d2060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80063dd520, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa80063df060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a014de5740, 0xfffffa80066d2060, 0xfffffa800b3a6090
    Lower DeviceData: 0xfffff8a0031660f0, 0xfffffa80063df060, 0xfffffa800616c2b0
    Drive 3
    Scanning MBR on drive 3...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 83F0F994

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 1953534082

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 4, DevicePointer: 0xfffffa80066d3060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80066d3b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80066d3060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80063bbe40, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa80063f1060, DeviceName: \Device\Ide\IdeDeviceP5T0L0-7\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a0168a4ac0, 0xfffffa80066d3060, 0xfffffa8009cfe690
    Lower DeviceData: 0xfffff8a005fd8150, 0xfffffa80063f1060, 0xfffffa8005cc6520
    Drive 4
    Scanning MBR on drive 4...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: AB17B5FC

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 1953534082

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Scan Interrupted
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.16521

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED
    CPU speed: 3.207000 GHz
    Memory total: 6433136640, free: 4028608512

    Could not load protection driver
    Downloaded database version: v2014.04.08.09
    Downloaded database version: v2014.03.27.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    04/08/2014 18:34:27
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\System32\Drivers\sphj.sys
    \SystemRoot\System32\Drivers\WMILIB.SYS
    \SystemRoot\System32\Drivers\SCSIPORT.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\PxHlpa64.sys
    \SystemRoot\system32\DRIVERS\symsnap.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\SRTSP64.SYS
    \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20140405.003\EX64.SYS
    \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20140405.003\ENG64.SYS
    \SystemRoot\System32\Drivers\SRTSPX64.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\Windows\system32\drivers\avgtpx64.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \??\C:\Windows\system32\drivers\wpsdrvnt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\Drivers\nvBridge.kmd
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\yk62x64.sys
    \SystemRoot\system32\DRIVERS\hcw89.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\BdaSup.SYS
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\1394ohci.sys
    \SystemRoot\system32\DRIVERS\fdc.sys
    \SystemRoot\system32\DRIVERS\ASACPI.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\GenericMount.sys
    \SystemRoot\system32\DRIVERS\serscan.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mcdbus.sys
    \SystemRoot\system32\DRIVERS\teefer2.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\flpydisk.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\HdAudio.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\dc3d.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\point64.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \??\C:\Windows\system32\drivers\WpsHelper.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\v2imount.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\drivers\ipnat.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\clbcatq.dll
    \Windows\System32\lpk.dll
    \Windows\System32\psapi.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\usp10.dll
    \Windows\System32\msctf.dll
    \Windows\System32\user32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\wininet.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\ole32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\devobj.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR4
    Upper Device Object: 0xfffffa80066d2060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-7\
    Lower Device Object: 0xfffffa80063ef060
    Lower Device Driver Name: \Driver\atapi\
    IRP handler 0 of \Driver\atapi points to an unknown module
    Unhooking enabled.
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR4
    Upper Device Object: 0xfffffa80066d2060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-7\
    Lower Device Object: 0xfffffa80063ef060
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR3
    Upper Device Object: 0xfffffa80066d1060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\
    Lower Device Object: 0xfffffa80063dd060
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xfffffa80066d0060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-5\
    Lower Device Object: 0xfffffa80063e6060
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa80066cf060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-4\
    Lower Device Object: 0xfffffa80063e1060
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8006620790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
    Lower Device Object: 0xfffffa80063d6680
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8006620790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006528950, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8006620790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80063e0580, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa80063d6680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a00790ae90, 0xfffffa8006620790, 0xfffffa8005fe9790
    Lower DeviceData: 0xfffff8a0089d4c20, 0xfffffa80063d6680, 0xfffffa8005f0a2d0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 1AE09

    Partition information:

    Partition 0 type is Empty (0x0)
    Partition is ACTIVE.
    Partition starts at LBA: 32 Numsec = 0
    Partition is not bootable
    Infected: VBR on Empty active partition --> [Unknown.Rootkit.VBR]
    Changing partition to empty and not active. New active partition is 0 on drive 0 ...

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 976768450
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    MBR infection found on drive 0
    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-31-976753168-976773168)...
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa80066cf060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006620070, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80066cf060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80063bc9b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa80063e1060, DeviceName: \Device\Ide\IdeDeviceP2T1L0-4\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a009cb5770, 0xfffffa80066cf060, 0xfffffa8005fea790
    Lower DeviceData: 0xfffff8a01481fdb0, 0xfffffa80063e1060, 0xfffffa8005fefd40
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 67F76B81

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 976782082
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xfffffa80066d0060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80066d0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80066d0060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80063e4520, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa80063e6060, DeviceName: \Device\Ide\IdeDeviceP4T0L0-5\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a0068cbb40, 0xfffffa80066d0060, 0xfffffa80060e9690
    Lower DeviceData: 0xfffff8a005b475e0, 0xfffffa80063e6060, 0xfffffa8005f80520
    Drive 2
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A944E807

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 1953534082

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 3, DevicePointer: 0xfffffa80066d1060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80066d1b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80066d1060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80063db520, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa80063dd060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a00967a4e0, 0xfffffa80066d1060, 0xfffffa800601e790
    Lower DeviceData: 0xfffff8a005377c00, 0xfffffa80063dd060, 0xfffffa8005fde520
    Drive 3
    Scanning MBR on drive 3...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 83F0F994

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 1953534082

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 4, DevicePointer: 0xfffffa80066d2060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80066d2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80066d2060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80063afe40, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa80063ef060, DeviceName: \Device\Ide\IdeDeviceP5T0L0-7\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a0069cfe80, 0xfffffa80066d2060, 0xfffffa80060d9690
    Lower DeviceData: 0xfffff8a007a73620, 0xfffffa80063ef060, 0xfffffa8005fea520
    Drive 4
    Scanning MBR on drive 4...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: AB17B5FC

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 1953534082

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    Creating System Restore point...
    Could not create restore point...
    Cleaning up...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.16521

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED
    CPU speed: 3.207000 GHz
    Memory total: 6433136640, free: 3920359424

    Could not load protection driver
    Downloaded database version: v2014.04.08.09
    Downloaded database version: v2014.03.27.01
    Initializing...
    ======================
     
  6. Broni

    Broni Malware Annihilator Posts: 47,706   +268

    Very good :)
    You had infected (rootkited) fake partition.
    It looks like MBAR took care of it but I want to double check...

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  7. david hurd

    david hurd TS Rookie Topic Starter Posts: 48

    Tdsskiller found nothing. but this morning symatic listed 40 or so all in tmp files they looked like this dwh83e9.tmp
     
  8. Broni

    Broni Malware Annihilator Posts: 47,706   +268

    Good.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  9. david hurd

    david hurd TS Rookie Topic Starter Posts: 48

    ComboFix 14-04-09.02 - dad4 04/09/2014 17:25:10.5.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.2709 [GMT -5:00]
    Running from: c:\users\dad4\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    E:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-03-09 to 2014-04-09 )))))))))))))))))))))))))))))))
    .
    .
    2014-04-09 22:34 . 2014-04-09 22:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2014-04-09 22:34 . 2014-04-09 22:34 -------- d-----w- c:\users\Public\AppData\Local\temp
    2014-04-09 22:34 . 2014-04-09 22:34 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-04-09 22:34 . 2014-04-09 22:34 -------- d-----w- c:\users\AppData\AppData\Local\temp
    2014-04-09 00:52 . 2014-04-09 00:52 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-04-08 23:03 . 2014-04-09 02:06 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-04-08 23:03 . 2014-04-08 23:03 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-04-08 12:51 . 2014-04-08 18:12 -------- d-----w- c:\users\dad4\AppData\Roaming\FreeFixer
    2014-04-08 12:51 . 2014-04-08 13:07 -------- d-----w- c:\users\dad4\AppData\Local\FreeFixer
    2014-04-08 12:50 . 2014-04-08 12:50 -------- d-----w- c:\program files\FreeFixer
    2014-04-06 14:47 . 2014-04-06 14:47 -------- d-----w- c:\users\dad4\AppData\Local\PassMark
    2014-04-06 14:47 . 2014-04-06 14:47 -------- d-----w- c:\programdata\Passmark
    2014-04-06 14:47 . 2014-04-06 14:47 -------- d-----w- c:\program files\PerformanceTest
    2014-03-26 20:39 . 2014-03-26 20:39 67480 ----a-r- c:\users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\CreativeStudio.log_A0257E23F5AD4097A09CA7B0B793CAA3.exe
    2014-03-26 20:39 . 2014-03-26 20:39 55192 ----a-r- c:\users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\_974E1DB6E75641E3957E1B56935956A9.exe
    2014-03-26 20:39 . 2014-03-26 20:39 55192 ----a-r- c:\users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\_4EFE6B2AFEBA472EAA518254BEAAE011.exe
    2014-03-26 20:39 . 2014-03-26 20:39 47000 ----a-r- c:\users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\LibGalilRedist_1.6_C3EAD1C186A44126BC0A048067F5B7CA.exe
    2014-03-26 20:39 . 2014-03-26 20:39 47000 ----a-r- c:\users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\GalilTools_1.6.4.5_088A7308834240ABBA98F282EA6B1300.exe
    2014-03-26 20:39 . 2014-03-26 20:39 59288 ----a-r- c:\users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\CreativeStudioInst_5D5F060477714CDF95D31E38C92E618D.exe
    2014-03-26 20:39 . 2014-03-26 20:39 55192 ----a-r- c:\users\dad4\AppData\Roaming\Microsoft\Installer\{271AC427-45C0-4C4E-9F57-54E666F3833D}\ARPPRODUCTICON.exe
    2014-03-18 13:41 . 2014-03-18 13:41 -------- d-----w- c:\users\dad4\AppData\Roaming\Oracle
    2014-03-18 13:40 . 2014-03-18 13:40 -------- d-----w- c:\programdata\Oracle
    2014-03-18 13:39 . 2014-03-18 13:39 -------- d-----w- c:\program files (x86)\Common Files\Java
    2014-03-18 13:39 . 2014-03-18 13:38 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-03-15 19:41 . 2014-04-03 23:34 -------- d-----w- c:\users\dad4\AppData\Local\CrashDumps
    2014-03-13 14:09 . 2014-03-13 14:09 -------- d-----w- c:\users\dad4\AppData\Roaming\SUPERAntiSpyware.com
    2014-03-13 14:08 . 2014-03-13 14:09 -------- d-----w- c:\program files\SUPERAntiSpyware
    2014-03-13 14:08 . 2014-03-13 14:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2014-03-13 07:14 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
    2014-03-13 07:14 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
    2014-03-13 07:14 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2014-03-13 07:14 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2014-03-12 13:06 . 2014-03-12 13:06 -------- d-----w- c:\program files (x86)\Advanced Fix 2013
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-03-19 08:00 . 2011-08-02 19:46 90015360 ----a-w- c:\windows\system32\MRT.exe
    2014-03-12 00:15 . 2012-07-10 15:36 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-03-12 00:15 . 2011-07-20 19:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2013-10-10 21:26 1021448 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2013-10-10 21:26 1021448 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2013-10-10 21:26 1021448 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-06 6563608]
    "GoogleChromeAutoLaunch_37636091923EB0AF9654CD0625A352B8"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-03-15 859976]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-05-06 115560]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "Norton Ghost 15.0"="c:\program files (x86)\Norton Ghost\Agent\VProTray.exe" [2010-03-04 2598760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
    "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 43848]
    "UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
    "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
    "BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "BrowserPlugInHelper"="c:\program files (x86)\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe" [2013-09-13 1960448]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
    "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2013-10-10 1056264]
    "AdobeCEPServiceManager"="c:\program files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-05-16 1039240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    .
    c:\users\dad4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2013-12-20 576000]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [x]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe;c:\windows\SYSNATIVE\dllhost.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 BarTender System Service;BarTender System Service;c:\program files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe;c:\program files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe [x]
    S2 Commander Service;Commander Service;c:\program files (x86)\Seagull\BarTender Suite\CmdrSrv.exe;c:\program files (x86)\Seagull\BarTender Suite\CmdrSrv.exe [x]
    S2 Maestro;Printer Maestro;c:\program files (x86)\Seagull\BarTender Suite\Maestro.Service.exe;c:\program files (x86)\Seagull\BarTender Suite\Maestro.Service.exe [x]
    S2 MSSQL$BARTENDER;SQL Server (BARTENDER);c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [x]
    S2 NoIPDUCService4;NO-IP DUC v4;c:\program files (x86)\No-IP\ducservice.exe;c:\program files (x86)\No-IP\ducservice.exe [x]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
    S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe [x]
    S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
    S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys;c:\windows\SYSNATIVE\DRIVERS\GenericMount.sys [x]
    S3 hcw89;hcw89 service;c:\windows\system32\DRIVERS\hcw89.sys;c:\windows\SYSNATIVE\DRIVERS\hcw89.sys [x]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 74925322
    *Deregistered* - 74925322
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-03-15 14:06 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 00:15]
    .
    2014-04-08 c:\windows\Tasks\FreeFixer background scan.job
    - c:\program files\FreeFixer\freefixer.exe [2014-03-17 13:22]
    .
    2014-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 19:35]
    .
    2014-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 19:35]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2013-10-10 21:12 1294344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2013-10-10 21:12 1294344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2013-10-10 21:12 1294344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
    "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
    FF - ProfilePath - c:\users\dad4\AppData\Roaming\Mozilla\Firefox\Profiles\k6pv1e97.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
    FF - ExtSQL: !HIDDEN! 2010-01-17 07:54; bzgyksvqin@bzgyksvqin.org; c:\users\dad4\Application Data\Mozilla\Firefox\Profiles\k6pv1e97.default\extensions\bzgyksvqin@bzgyksvqin.org.xpi
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - (no file)
    Toolbar-Locked - (no file)
    AddRemove-DnsBasic - c:\program files (x86)\DnsBasic\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.12"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\07\03\14\141%U"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    @SACL=
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-04-09 17:37:24
    ComboFix-quarantined-files.txt 2014-04-09 22:37
    .
    Pre-Run: 169,733,591,040 bytes free
    Post-Run: 169,767,301,120 bytes free
    .
    - - End Of File - - 37C97DCE8977876449B66E38E6BB500C
    671B81004FDD1588FA9ED1331C9CECA9
     
  10. david hurd

    david hurd TS Rookie Topic Starter Posts: 48

    Symantec still detects thids virus DWH78C8.tmp and others
     
  11. Broni

    Broni Malware Annihilator Posts: 47,706   +268

    Combofix log looks good.
    The above file has been haunting Norton's users for years and there is nothing wrong with that file.
    All I can give you is Google search: https://www.google.com/search?num=5...nss=100...0...1.1.40.serp..3.1.37.esd5z8akhu4

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
     
  12. david hurd

    david hurd TS Rookie Topic Starter Posts: 48

    # AdwCleaner v3.023 - Report created 10/04/2014 at 19:11:38
    # Updated 01/04/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : dad4 - DAD4-PC
    # Running from : C:\Users\dad4\Downloads\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\AI_RecycleBin
    Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
    Folder Deleted : C:\Program Files (x86)\Conduit
    [x] Not Deleted : C:\Program Files (x86)\DnsBasic
    [x] Not Deleted : C:\Program Files (x86)\Vuze
    Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
    Folder Deleted : C:\Users\dad4\AppData\Local\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\dad4\AppData\Local\DefineExt
    Folder Deleted : C:\Users\dad4\AppData\Local\SwvUpdater
    Folder Deleted : C:\Users\dad4\AppData\Local\unitlayers
    Folder Deleted : C:\Users\dad4\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\dad4\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\dad4\AppData\Roaming\DriverCure
    Folder Deleted : C:\Users\dad4\AppData\Roaming\strongvault
    Folder Deleted : C:\Users\dad4\AppData\Roaming\Mozilla\Firefox\Profiles\k6pv1e97.default\CT3289847
    Folder Deleted : C:\Users\dad4\AppData\Roaming\Mozilla\Firefox\Profiles\k6pv1e97.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}
    Folder Deleted : C:\Users\dad4\AppData\Roaming\Mozilla\Firefox\Profiles\k6pv1e97.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
    File Deleted : C:\Users\dad4\AppData\Roaming\Mozilla\Firefox\Profiles\k6pv1e97.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
    Key Deleted : HKCU\Software\AVG SafeGuard toolbar
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKLM\Software\AVG SafeGuard toolbar
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DnsBasic
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DnsBasic
    Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
    Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
    Key Deleted : HKLM\Software\Classes\Installer\Features\49AE5C7BA69B5F14EB59527DB8846687
    Key Deleted : HKLM\Software\Classes\Installer\Products\49AE5C7BA69B5F14EB59527DB8846687

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16521


    -\\ Mozilla Firefox v13.0 (en-US)

    [ File : C:\Users\dad4\AppData\Roaming\Mozilla\Firefox\Profiles\k6pv1e97.default\prefs.js ]


    -\\ Google Chrome v33.0.1750.154

    [ File : C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : homepage

    *************************

    AdwCleaner[R0].txt - [3848 octets] - [10/04/2014 18:51:17]
    AdwCleaner[S0].txt - [3753 octets] - [10/04/2014 19:11:38]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3813 octets] ##########
     
  13. david hurd

    david hurd TS Rookie Topic Starter Posts: 48

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by dad4 on Thu 04/10/2014 at 19:34:11.00
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper
    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sparktrust
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\prompt_installer-conduit_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\prompt_installer-conduit_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASMANCS
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0481B5F7-283D-4AA7-9634-7D07F926A6E5}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\pc1data"
    Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
    Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
    Successfully deleted: [Folder] "C:\Users\dad4\AppData\Roaming\getrighttogo"
    Successfully deleted: [Folder] "C:\Users\dad4\AppData\Roaming\sparktrust"
    Successfully deleted: [Folder] "C:\Users\dad4\AppData\Roaming\speedypc software"



    ~~~ FireFox

    Successfully deleted: [File] C:\Users\dad4\AppData\Roaming\mozilla\firefox\profiles\k6pv1e97.default\extensions\bzgyksvqin@bzgyksvqin.org.xpi [Tracur]
    Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net"
    Successfully deleted: [Folder] C:\Users\dad4\AppData\Roaming\mozilla\firefox\profiles\k6pv1e97.default\extensions\cxfnl@nxazbwxrbgsgfqqp.net



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 04/10/2014 at 19:38:23.80
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  14. david hurd

    david hurd TS Rookie Topic Starter Posts: 48

    OTL logfile created on: 4/10/2014 7:49:56 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dad4\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16521)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.99 Gb Total Physical Memory | 3.81 Gb Available Physical Memory | 63.52% Memory free
    11.98 Gb Paging File | 9.00 Gb Available in Paging File | 75.11% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.76 Gb Total Space | 157.97 Gb Free Space | 33.92% Space Free | Partition Type: NTFS
    Drive D: | 931.51 Gb Total Space | 104.96 Gb Free Space | 11.27% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 724.52 Gb Free Space | 77.78% Space Free | Partition Type: NTFS
    Drive F: | 501.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive I: | 931.51 Gb Total Space | 387.39 Gb Free Space | 41.59% Space Free | Partition Type: NTFS

    Computer Name: DAD4-PC | User Name: dad4 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/04/10 19:48:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dad4\Desktop\OTL.exe
    PRC - [2014/03/30 08:03:01 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
    PRC - [2014/03/14 19:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/10/10 16:25:58 | 001,056,264 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    PRC - [2013/08/07 05:47:26 | 000,609,056 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    PRC - [2013/06/28 15:29:50 | 000,789,856 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
    PRC - [2013/06/28 15:29:48 | 003,225,440 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
    PRC - [2013/06/28 15:29:44 | 006,951,776 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
    PRC - [2013/01/24 13:12:32 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\No-IP\ducservice.exe
    PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    PRC - [2011/09/26 21:08:25 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe
    PRC - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2011/06/30 17:18:34 | 002,251,200 | ---- | M] (Seagull Scientific) -- C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe
    PRC - [2011/06/29 19:30:56 | 000,034,200 | ---- | M] (Seagull Scientific, Inc.) -- C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe
    PRC - [2011/03/17 03:15:46 | 000,382,272 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    PRC - [2010/07/01 17:17:24 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2010/07/01 17:16:46 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    PRC - [2010/05/06 17:21:54 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    PRC - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2010/03/03 19:39:40 | 002,598,760 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
    PRC - [2010/03/03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
    PRC - [2010/02/17 10:53:18 | 000,558,456 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
    PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/03/14 19:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
    MOD - [2014/03/14 19:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
    MOD - [2014/03/14 19:50:35 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
    MOD - [2014/03/14 19:50:34 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
    MOD - [2014/03/14 19:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
    MOD - [2014/03/14 19:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
    MOD - [2014/02/13 04:41:31 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\fe1942c05eda4f9744f80afb4ae76a2d\System.Data.ni.dll
    MOD - [2014/02/13 04:41:04 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
    MOD - [2014/02/13 04:41:00 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
    MOD - [2014/02/13 04:40:37 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
    MOD - [2014/02/13 04:40:33 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
    MOD - [2014/02/06 01:52:52 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2014/02/06 01:52:32 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2012/04/17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
    MOD - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    MOD - [2012/04/17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
    MOD - [2012/04/17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
    MOD - [2012/04/17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
    MOD - [2012/04/17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
    MOD - [2012/04/17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
    MOD - [2012/04/17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
    MOD - [2012/04/17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
    MOD - [2010/11/20 22:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/01/10 18:37:48 | 000,058,208 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\UmOutlookStrings.dll
    MOD - [2010/01/10 01:05:06 | 001,040,736 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
    MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2014/02/28 23:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013/10/10 17:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2013/10/10 16:12:18 | 007,627,784 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
    SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2014/03/11 19:15:12 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (VaultSvc)
    SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
    SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
    SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)
    SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
    SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (EFS)
    SRV - [2013/08/07 05:47:26 | 000,609,056 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
    SRV - [2013/06/28 15:29:50 | 000,789,856 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013/01/24 13:12:32 | 000,011,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\No-IP\ducservice.exe -- (NoIPDUCService4)
    SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/06/01 10:39:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2011/09/26 21:08:25 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
    SRV - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2011/06/30 17:18:34 | 002,251,200 | ---- | M] (Seagull Scientific) [Auto | Running] -- C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe -- (Commander Service)
    SRV - [2011/06/29 19:30:56 | 000,034,200 | ---- | M] (Seagull Scientific, Inc.) [Auto | Running] -- C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe -- (BarTender System Service)
    SRV - [2011/06/29 19:15:24 | 000,229,784 | ---- | M] (Seagull Scientific, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe -- (Maestro)
    SRV - [2010/08/05 19:11:38 | 003,234,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2010/07/01 17:17:24 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2010/07/01 16:25:32 | 000,425,800 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
    SRV - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2010/03/03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2010/02/17 10:53:18 | 000,558,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2010/02/12 07:09:18 | 002,227,216 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe -- (GenericMount Helper Service)
    SRV - [2010/02/11 02:34:18 | 002,963,960 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV:64bit: - [2014/04/08 18:03:01 | 000,091,352 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
    DRV:64bit: - [2014/04/03 14:00:58 | 000,038,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PerformanceTest\DirectIo64.sys -- (DIRECTIO)
    DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2013/03/15 08:06:37 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2012/11/26 18:05:24 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2012/11/02 16:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2012/10/04 16:21:04 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
    DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/21 15:15:24 | 000,272,448 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2011/07/21 14:44:42 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2011/07/20 10:07:42 | 000,173,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/08/05 19:11:32 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
    DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
    DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
    DRV:64bit: - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2010/03/03 19:59:22 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV:64bit: - [2010/02/12 07:10:12 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
    DRV:64bit: - [2010/02/11 02:34:46 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap)
    DRV:64bit: - [2009/12/28 12:42:26 | 000,064,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
    DRV:64bit: - [2009/10/26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/09/21 20:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2008/07/16 18:02:58 | 001,542,016 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw89.sys -- (hcw89)
    DRV:64bit: - [2008/01/19 19:45:40 | 000,045,104 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\v2imount.sys -- (v2imount)
    DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2013/11/24 04:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2013/11/24 04:00:00 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2013/09/16 03:00:00 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20140408.019\ex64.sys -- (NAVEX15)
    DRV - [2013/09/16 03:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20140408.019\eng64.sys -- (NAVENG)
    DRV - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
    DRV - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
    DRV - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [2013/09/14 09:31:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/07 09:37:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/20 11:19:43 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [2013/09/14 09:31:12 | 000,000,000 | ---D | M]

    [2012/09/14 07:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dad4\AppData\Roaming\Mozilla\Extensions
    [2014/04/10 19:37:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dad4\AppData\Roaming\Mozilla\Firefox\Profiles\k6pv1e97.default\extensions
    [2014/04/10 19:37:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/14 07:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
    [2012/09/14 07:06:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/06/01 10:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/06/01 10:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/01 10:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
     
  15. david hurd

    david hurd TS Rookie Topic Starter Posts: 48

    FILE OTL.txt was too large here is 2nd half.....






    Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
    DRV - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
    DRV - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [2013/09/14 09:31:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/07 09:37:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/20 11:19:43 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [2013/09/14 09:31:12 | 000,000,000 | ---D | M]

    [2012/09/14 07:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dad4\AppData\Roaming\Mozilla\Extensions
    [2014/04/10 19:37:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dad4\AppData\Roaming\Mozilla\Firefox\Profiles\k6pv1e97.default\extensions
    [2014/04/10 19:37:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/14 07:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
    [2012/09/14 07:06:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/06/01 10:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/06/01 10:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/01 10:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=826aece1000000000000001e3defc2b9
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - Extension: Google Docs = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Google Wallet = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: Bitdefender QuickScan = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.140_0\
    CHR - Extension: Gmail = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2014/04/09 17:34:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Aimersoft Video Converter Ultimate) - {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll (Aimersoft Software Co., Ltd.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [AdobeCEPServiceManager] C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
    O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
    O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-663409573-2375225237-670408003-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-663409573-2375225237-670408003-1000..\Run: [GoogleChromeAutoLaunch_37636091923EB0AF9654CD0625A352B8] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    O4 - HKU\S-1-5-21-663409573-2375225237-670408003-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-663409573-2375225237-670408003-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
    O4 - Startup: C:\Users\dad4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-663409573-2375225237-670408003-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-663409573-2375225237-670408003-1000\..Trusted Domains: localhost ([]* in Local intranet)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.51.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.51.2)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1223660A-A804-48B7-8C3E-90BD0F74C30F}: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/04/05 06:38:25 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2012/11/07 12:26:27 | 000,000,027 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/04/10 19:48:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\dad4\Desktop\OTL.exe
    [2014/04/10 19:34:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/04/10 19:32:05 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\dad4\Desktop\JRT.exe
    [2014/04/10 18:50:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/04/10 08:23:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2014/04/10 08:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2014/04/09 17:37:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/04/09 17:37:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014/04/09 17:21:00 | 005,196,025 | R--- | C] (Swearware) -- C:\Users\dad4\Desktop\ComboFix.exe
    [2014/04/09 07:27:07 | 004,139,872 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\dad4\Desktop\tdsskiller.exe
    [2014/04/08 19:52:40 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/04/08 18:03:01 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/04/08 18:02:59 | 000,000,000 | ---D | C] -- C:\Users\dad4\Desktop\mbar
    [2014/04/08 18:01:47 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Users\dad4\Desktop\mbar-1.07.0.1009.exe
    [2014/04/08 07:51:00 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Roaming\FreeFixer
    [2014/04/08 07:51:00 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Local\FreeFixer
    [2014/04/08 07:50:44 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
    [2014/04/08 07:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer
    [2014/04/07 16:46:54 | 000,000,000 | ---D | C] -- C:\Users\dad4\Desktop\v scan
    [2014/04/06 09:47:38 | 000,000,000 | ---D | C] -- C:\Users\dad4\Documents\PassMark
    [2014/04/06 09:47:30 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Local\PassMark
    [2014/04/06 09:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest
    [2014/04/06 09:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Passmark
    [2014/04/06 09:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\PerformanceTest
    [2014/03/30 08:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artistitch
    [2014/03/30 08:42:07 | 000,000,000 | ---D | C] -- C:\Users\dad4\Documents\Art and Stitch My Designs
    [2014/03/30 08:41:44 | 000,000,000 | ---D | C] -- C:\Users\dad4\Documents\Art and Stitch Library
    [2014/03/30 08:41:44 | 000,000,000 | ---D | C] -- C:\Users\dad4\Documents\Art and Stitch Backdrops
    [2014/03/26 15:39:04 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Statler Stitcher
    [2014/03/26 15:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galil
    [2014/03/18 08:41:30 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Roaming\Oracle
    [2014/03/18 08:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2014/03/18 08:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2014/03/18 08:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    [2014/03/15 14:41:35 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Local\CrashDumps
    [2014/03/13 18:04:14 | 000,000,000 | ---D | C] -- C:\Users\dad4\Desktop\RK_Quarantine
    [2014/03/13 09:49:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/03/13 09:49:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/03/13 09:49:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/03/13 09:13:41 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\dad4\Desktop\TFC.exe
    [2014/03/13 09:09:13 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Roaming\SUPERAntiSpyware.com
    [2014/03/13 09:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2014/03/13 09:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2014/03/13 09:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2014/03/13 09:07:51 | 018,288,344 | ---- | C] (SUPERAntiSpyware) -- C:\Users\dad4\Desktop\SUPERAntiSpyware.exe
    [2014/03/13 07:10:06 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/03/12 08:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Fix 2013
    [2014/03/12 08:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Fix 2013
    [2013/06/23 10:32:18 | 005,401,808 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe

    ========== Files - Modified Within 30 Days ==========

    [2014/04/10 19:48:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dad4\Desktop\OTL.exe
    [2014/04/10 19:35:46 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/04/10 19:35:46 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/04/10 19:32:08 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\dad4\Desktop\JRT.exe
    [2014/04/10 19:28:42 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/04/10 19:23:33 | 000,000,484 | ---- | M] () -- C:\Windows\Brownie.ini
    [2014/04/10 19:21:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/04/10 19:20:59 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
    [2014/04/10 19:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/04/10 19:08:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/04/10 08:23:53 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2014/04/10 03:18:36 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\FreeFixer background scan.job
    [2014/04/09 17:34:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2014/04/09 17:21:13 | 005,196,025 | R--- | M] (Swearware) -- C:\Users\dad4\Desktop\ComboFix.exe
    [2014/04/09 07:27:08 | 004,139,872 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\dad4\Desktop\tdsskiller.exe
    [2014/04/08 19:52:40 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/04/08 18:03:01 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/04/08 18:02:04 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Users\dad4\Desktop\mbar-1.07.0.1009.exe
    [2014/04/07 11:04:18 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
    [2014/04/07 09:36:33 | 000,000,467 | ---- | M] () -- C:\Windows\BRWMARK.INI
    [2014/04/07 09:33:50 | 002,592,135 | ---- | M] () -- C:\Users\dad4\Desktop\USPS.pdf
    [2014/04/06 09:47:26 | 000,000,938 | ---- | M] () -- C:\Users\dad4\Desktop\PerformanceTest.lnk
    [2014/04/05 07:33:12 | 425,611,533 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2014/03/30 08:42:13 | 000,002,052 | ---- | M] () -- C:\Users\Public\Desktop\Art and Stitch.lnk
    [2014/03/29 09:05:52 | 149,025,792 | ---- | M] () -- C:\Users\dad4\Desktop\patterns.db.20140329
    [2014/03/27 11:34:30 | 000,000,110 | ---- | M] () -- C:\Users\dad4\Desktop\piano key.qli
    [2014/03/26 15:39:04 | 000,003,015 | ---- | M] () -- C:\Users\dad4\Desktop\CreativeStudio.lnk
    [2014/03/26 15:39:04 | 000,001,863 | ---- | M] () -- C:\Users\dad4\Desktop\CS LOG.lnk
    [2014/03/26 15:38:48 | 000,002,113 | ---- | M] () -- C:\Users\Public\Desktop\GalilTools.lnk
    [2014/03/21 11:33:43 | 000,925,912 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/03/21 11:33:43 | 000,762,640 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/03/21 11:33:43 | 000,161,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/03/17 06:28:48 | 149,025,792 | ---- | M] () -- C:\Users\dad4\Desktop\patterns.db.20140317
    [2014/03/13 11:11:26 | 007,140,650 | ---- | M] () -- C:\Users\dad4\AppData\Local\census.cache
    [2014/03/13 11:11:21 | 000,065,983 | ---- | M] () -- C:\Users\dad4\AppData\Local\ars.cache
    [2014/03/13 10:23:48 | 000,037,466 | ---- | M] () -- C:\Users\dad4\Documents\cc_20140313_102336.reg
    [2014/03/13 10:22:52 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/03/13 10:14:27 | 000,724,952 | ---- | M] () -- C:\Users\dad4\Desktop\avenger.zip
    [2014/03/13 09:13:35 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\dad4\Desktop\TFC.exe
    [2014/03/13 09:08:44 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    [2014/03/13 09:08:04 | 018,288,344 | ---- | M] (SUPERAntiSpyware) -- C:\Users\dad4\Desktop\SUPERAntiSpyware.exe
    [2014/03/13 07:09:19 | 000,001,449 | ---- | M] () -- C:\Users\dad4\Desktop\ComboFix - Shortcut.lnk
    [2014/03/13 06:55:43 | 003,819,008 | ---- | M] () -- C:\Users\dad4\Desktop\RogueKiller (1).exe
    [2014/03/13 03:25:20 | 005,214,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/03/12 08:06:36 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Advanced Fix 2013.lnk

    ========== Files Created - No Company Name ==========

    [2014/04/10 08:23:53 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2014/04/10 08:23:19 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2014/04/08 07:51:01 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\FreeFixer background scan.job
    [2014/04/07 09:33:49 | 002,592,135 | ---- | C] () -- C:\Users\dad4\Desktop\USPS.pdf
    [2014/04/06 09:47:26 | 000,000,938 | ---- | C] () -- C:\Users\dad4\Desktop\PerformanceTest.lnk
    [2014/04/05 07:33:12 | 425,611,533 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2014/03/30 08:42:13 | 000,002,052 | ---- | C] () -- C:\Users\Public\Desktop\Art and Stitch.lnk
    [2014/03/29 09:05:48 | 149,025,792 | ---- | C] () -- C:\Users\dad4\Desktop\patterns.db.20140329
    [2014/03/29 08:48:42 | 000,497,096 | ---- | C] () -- C:\Users\dad4\Desktop\setup.exe
    [2014/03/27 11:17:14 | 000,000,110 | ---- | C] () -- C:\Users\dad4\Desktop\piano key.qli
    [2014/03/26 15:39:04 | 000,003,015 | ---- | C] () -- C:\Users\dad4\Desktop\CreativeStudio.lnk
    [2014/03/26 15:39:04 | 000,001,863 | ---- | C] () -- C:\Users\dad4\Desktop\CS LOG.lnk
    [2014/03/26 15:38:48 | 000,002,113 | ---- | C] () -- C:\Users\Public\Desktop\GalilTools.lnk
    [2014/03/17 06:28:45 | 149,025,792 | ---- | C] () -- C:\Users\dad4\Desktop\patterns.db.20140317
    [2014/03/13 10:23:42 | 000,037,466 | ---- | C] () -- C:\Users\dad4\Documents\cc_20140313_102336.reg
    [2014/03/13 10:14:31 | 000,724,952 | ---- | C] () -- C:\Users\dad4\Desktop\avenger.zip
    [2014/03/13 09:49:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/03/13 09:49:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/03/13 09:49:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/03/13 09:49:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/03/13 09:49:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/03/13 09:08:44 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    [2014/03/13 07:09:19 | 000,001,449 | ---- | C] () -- C:\Users\dad4\Desktop\ComboFix - Shortcut.lnk
    [2014/03/13 06:55:39 | 003,819,008 | ---- | C] () -- C:\Users\dad4\Desktop\RogueKiller (1).exe
    [2014/03/12 08:06:36 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\Advanced Fix 2013.lnk
    [2014/03/01 10:19:45 | 000,001,808 | ---- | C] () -- C:\Windows\wininit.ini
    [2014/02/27 17:54:17 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2170W.DAT
    [2014/02/27 17:54:06 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2170W.INI
    [2014/02/27 14:45:11 | 000,000,010 | ---- | C] () -- C:\Users\dad4\AppData\Local\sponge.last.runtime.cache
    [2013/12/21 10:03:46 | 000,000,132 | ---- | C] () -- C:\Users\dad4\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
    [2013/12/12 22:15:00 | 000,000,039 | ---- | C] () -- C:\Windows\Embmake.INI
    [2013/11/29 13:53:49 | 000,000,132 | ---- | C] () -- C:\Users\dad4\AppData\Roaming\Adobe BMP Format CS6 Prefs
    [2013/10/02 16:50:13 | 000,004,096 | -H-- | C] () -- C:\Users\dad4\AppData\Local\keyfile3.drm
    [2013/09/14 09:31:11 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\AiCM64.dll
    [2013/09/14 09:31:11 | 000,214,528 | ---- | C] () -- C:\Windows\SysWow64\AiCM32.dll
    [2013/09/02 16:59:01 | 000,508,928 | ---- | C] () -- C:\Windows\SysWow64\hidapi-jni.dll
    [2013/08/15 13:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winlogon.exe
    [2013/08/15 13:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\smss.exe
    [2013/08/15 13:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\services.exe
    [2013/08/15 13:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe
    [2013/08/15 13:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe
    [2013/06/23 10:48:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SBRC.dat
    [2013/05/21 10:05:02 | 000,000,132 | ---- | C] () -- C:\Users\dad4\AppData\Roaming\Adobe PNG Format CS6 Prefs
    [2013/05/21 08:36:24 | 000,000,132 | ---- | C] () -- C:\Users\dad4\AppData\Roaming\Adobe GIF Format CS6 Prefs
    [2013/04/20 16:05:39 | 000,234,544 | ---- | C] () -- C:\Windows\RegBootClean64.exe
    [2013/04/20 16:05:39 | 000,022,064 | ---- | C] () -- C:\Windows\DCEBoot64.exe
    [2013/01/23 07:12:06 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
    [2013/01/17 10:39:27 | 000,247,612 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2013/01/09 16:34:12 | 000,000,163 | ---- | C] () -- C:\Windows\BRVIDEO.INI
    [2013/01/09 16:34:12 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
    [2013/01/09 16:33:16 | 000,000,484 | ---- | C] () -- C:\Windows\Brownie.ini
    [2012/04/15 09:36:15 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
    [2012/03/01 14:10:10 | 000,022,979 | ---- | C] () -- C:\Users\dad4\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2011/07/20 15:53:13 | 000,008,518 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
    [2011/07/20 12:53:30 | 007,140,650 | ---- | C] () -- C:\Users\dad4\AppData\Local\census.cache
    [2011/07/20 12:53:27 | 000,065,983 | ---- | C] () -- C:\Users\dad4\AppData\Local\ars.cache
    [2011/07/20 12:49:04 | 000,000,036 | ---- | C] () -- C:\Users\dad4\AppData\Local\housecall.guid.cache

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/08/03 12:24:05 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\AbeBooks
    [2013/05/21 08:47:47 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Autodesk
    [2014/03/14 09:25:20 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Azureus
    [2013/08/24 08:38:36 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\DAEMON Tools Pro
    [2012/04/15 09:41:07 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\DassaultSystemes
    [2013/09/02 16:59:37 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\EcoTech Marine
    [2012/04/15 09:41:07 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\EDrawings
    [2014/04/08 13:12:43 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\FreeFixer
    [2012/08/14 08:32:00 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\HTC
    [2012/08/14 08:30:17 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    [2013/09/14 09:18:50 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\iDealshare VideoGo
    [2012/05/25 06:36:21 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\ieSpell
    [2011/09/26 19:39:13 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Netscape
    [2012/01/17 08:38:20 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\No Company Name
    [2014/03/18 08:41:30 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Oracle
    [2013/02/06 08:00:02 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Outlook
    [2012/09/23 09:45:23 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\PC-FAX TX
    [2013/12/22 10:09:35 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\PDAppFlex
    [2011/09/26 21:06:46 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Photodex
    [2014/03/18 11:58:52 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\QuickScan
    [2011/08/20 08:51:10 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Seagull
    [2013/06/11 18:51:13 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2013/03/08 18:11:49 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\TeamViewer
    [2011/07/20 21:01:47 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Teleca
    [2013/09/14 09:31:35 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:373E1720

    < End of report >

     
  16. david hurd

    david hurd TS Rookie Topic Starter Posts: 48

    I messed up splitting up the last file I am re posting it sorry
     
  17. david hurd

    david hurd TS Rookie Topic Starter Posts: 48

    OTL logfile created on: 4/10/2014 8:01:30 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dad4\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16521)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.99 Gb Total Physical Memory | 3.47 Gb Available Physical Memory | 58.00% Memory free
    11.98 Gb Paging File | 8.74 Gb Available in Paging File | 72.95% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.76 Gb Total Space | 157.97 Gb Free Space | 33.92% Space Free | Partition Type: NTFS
    Drive D: | 931.51 Gb Total Space | 104.96 Gb Free Space | 11.27% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 724.52 Gb Free Space | 77.78% Space Free | Partition Type: NTFS
    Drive F: | 501.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive I: | 931.51 Gb Total Space | 387.39 Gb Free Space | 41.59% Space Free | Partition Type: NTFS

    Computer Name: DAD4-PC | User Name: dad4 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/04/10 19:48:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dad4\Desktop\OTL.exe
    PRC - [2014/03/30 08:03:01 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
    PRC - [2014/03/14 19:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/10/10 16:25:58 | 001,056,264 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    PRC - [2013/08/07 05:47:26 | 000,609,056 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    PRC - [2013/06/28 15:29:50 | 000,789,856 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
    PRC - [2013/06/28 15:29:48 | 003,225,440 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
    PRC - [2013/06/28 15:29:44 | 006,951,776 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
    PRC - [2013/01/24 13:12:32 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\No-IP\ducservice.exe
    PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    PRC - [2011/09/26 21:08:25 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe
    PRC - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2011/06/30 17:18:34 | 002,251,200 | ---- | M] (Seagull Scientific) -- C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe
    PRC - [2011/06/29 19:30:56 | 000,034,200 | ---- | M] (Seagull Scientific, Inc.) -- C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe
    PRC - [2011/03/17 03:15:46 | 000,382,272 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    PRC - [2010/07/01 17:17:24 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2010/07/01 17:16:46 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    PRC - [2010/05/06 17:21:54 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    PRC - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2010/03/03 19:39:40 | 002,598,760 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
    PRC - [2010/03/03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
    PRC - [2010/02/17 10:53:18 | 000,558,456 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
    PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/03/14 19:50:40 | 013,637,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
    MOD - [2014/03/14 19:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
    MOD - [2014/03/14 19:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
    MOD - [2014/03/14 19:50:35 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
    MOD - [2014/03/14 19:50:34 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
    MOD - [2014/03/14 19:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
    MOD - [2014/03/14 19:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
    MOD - [2014/02/13 04:41:31 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\fe1942c05eda4f9744f80afb4ae76a2d\System.Data.ni.dll
    MOD - [2014/02/13 04:41:04 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
    MOD - [2014/02/13 04:41:00 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
    MOD - [2014/02/13 04:40:37 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
    MOD - [2014/02/13 04:40:33 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
    MOD - [2014/02/06 01:52:52 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2014/02/06 01:52:32 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2012/04/17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
    MOD - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    MOD - [2012/04/17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
    MOD - [2012/04/17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
    MOD - [2012/04/17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
    MOD - [2012/04/17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
    MOD - [2012/04/17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
    MOD - [2012/04/17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
    MOD - [2012/04/17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
    MOD - [2010/11/20 22:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/01/10 18:37:48 | 000,058,208 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\UmOutlookStrings.dll
    MOD - [2010/01/10 01:05:06 | 001,040,736 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
    MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2014/02/28 23:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013/10/10 17:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2013/10/10 16:12:18 | 007,627,784 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
    SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2014/03/11 19:15:12 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (VaultSvc)
    SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
    SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
    SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)
    SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
    SRV - [2013/08/15 13:34:42 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (EFS)
    SRV - [2013/08/07 05:47:26 | 000,609,056 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
    SRV - [2013/06/28 15:29:50 | 000,789,856 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013/01/24 13:12:32 | 000,011,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\No-IP\ducservice.exe -- (NoIPDUCService4)
    SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/06/01 10:39:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2011/09/26 21:08:25 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
    SRV - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2011/06/30 17:18:34 | 002,251,200 | ---- | M] (Seagull Scientific) [Auto | Running] -- C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe -- (Commander Service)
    SRV - [2011/06/29 19:30:56 | 000,034,200 | ---- | M] (Seagull Scientific, Inc.) [Auto | Running] -- C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe -- (BarTender System Service)
    SRV - [2011/06/29 19:15:24 | 000,229,784 | ---- | M] (Seagull Scientific, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe -- (Maestro)
    SRV - [2010/08/05 19:11:38 | 003,234,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2010/07/01 17:17:24 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2010/07/01 16:25:32 | 000,425,800 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
    SRV - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2010/03/03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2010/02/17 10:53:18 | 000,558,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2010/02/12 07:09:18 | 002,227,216 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe -- (GenericMount Helper Service)
    SRV - [2010/02/11 02:34:18 | 002,963,960 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV:64bit: - [2014/04/08 18:03:01 | 000,091,352 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
    DRV:64bit: - [2014/04/03 14:00:58 | 000,038,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PerformanceTest\DirectIo64.sys -- (DIRECTIO)
    DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2013/03/15 08:06:37 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2012/11/26 18:05:24 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2012/11/02 16:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2012/10/04 16:21:04 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
    DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/21 15:15:24 | 000,272,448 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2011/07/21 14:44:42 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2011/07/20 10:07:42 | 000,173,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/08/05 19:11:32 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
    DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
    DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
    DRV:64bit: - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2010/03/03 19:59:22 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV:64bit: - [2010/02/12 07:10:12 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
    DRV:64bit: - [2010/02/11 02:34:46 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap)
    DRV:64bit: - [2009/12/28 12:42:26 | 000,064,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
    DRV:64bit: - [2009/10/26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/09/21 20:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2008/07/16 18:02:58 | 001,542,016 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw89.sys -- (hcw89)
    DRV:64bit: - [2008/01/19 19:45:40 | 000,045,104 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\v2imount.sys -- (v2imount)
    DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2013/11/24 04:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2013/11/24 04:00:00 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2013/09/16 03:00:00 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20140408.019\ex64.sys -- (NAVEX15)
    DRV - [2013/09/16 03:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20140408.019\eng64.sys -- (NAVENG)
    DRV - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
    DRV - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
    DRV - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-663409573-2375225237-670408003-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search"
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [2013/09/14 09:31:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/07 09:37:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/20 11:19:43 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [2013/09/14 09:31:12 | 000,000,000 | ---D | M]

    [2012/09/14 07:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dad4\AppData\Roaming\Mozilla\Extensions
    [2014/04/10 19:37:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dad4\AppData\Roaming\Mozilla\Firefox\Profiles\k6pv1e97.default\extensions
    [2014/04/10 19:37:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/14 07:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
    [2012/09/14 07:06:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/06/01 10:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/06/01 10:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/01 10:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=826aece1000000000000001e3defc2b9
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - Extension: Google Docs = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Google Wallet = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: Bitdefender QuickScan = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.140_0\
    CHR - Extension: Gmail = C:\Users\dad4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
     
  18. david hurd

    david hurd TS Rookie Topic Starter Posts: 48

    2nd half of otl.txt


    O1 HOSTS File: ([2014/04/09 17:34:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Aimersoft Video Converter Ultimate) - {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll (Aimersoft Software Co., Ltd.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [AdobeCEPServiceManager] C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
    O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
    O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-663409573-2375225237-670408003-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-663409573-2375225237-670408003-1000..\Run: [GoogleChromeAutoLaunch_37636091923EB0AF9654CD0625A352B8] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    O4 - HKU\S-1-5-21-663409573-2375225237-670408003-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-663409573-2375225237-670408003-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
    O4 - Startup: C:\Users\dad4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-663409573-2375225237-670408003-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-663409573-2375225237-670408003-1000\..Trusted Domains: localhost ([]* in Local intranet)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.51.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.51.2)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1223660A-A804-48B7-8C3E-90BD0F74C30F}: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/04/05 06:38:25 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2012/11/07 12:26:27 | 000,000,027 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/04/10 19:48:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\dad4\Desktop\OTL.exe
    [2014/04/10 19:34:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/04/10 19:32:05 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\dad4\Desktop\JRT.exe
    [2014/04/10 18:50:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/04/10 08:23:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2014/04/10 08:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2014/04/09 17:37:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/04/09 17:37:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014/04/09 17:21:00 | 005,196,025 | R--- | C] (Swearware) -- C:\Users\dad4\Desktop\ComboFix.exe
    [2014/04/09 07:27:07 | 004,139,872 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\dad4\Desktop\tdsskiller.exe
    [2014/04/08 19:52:40 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/04/08 18:03:01 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/04/08 18:02:59 | 000,000,000 | ---D | C] -- C:\Users\dad4\Desktop\mbar
    [2014/04/08 18:01:47 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Users\dad4\Desktop\mbar-1.07.0.1009.exe
    [2014/04/08 07:51:00 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Roaming\FreeFixer
    [2014/04/08 07:51:00 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Local\FreeFixer
    [2014/04/08 07:50:44 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
    [2014/04/08 07:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer
    [2014/04/07 16:46:54 | 000,000,000 | ---D | C] -- C:\Users\dad4\Desktop\v scan
    [2014/04/06 09:47:38 | 000,000,000 | ---D | C] -- C:\Users\dad4\Documents\PassMark
    [2014/04/06 09:47:30 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Local\PassMark
    [2014/04/06 09:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest
    [2014/04/06 09:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Passmark
    [2014/04/06 09:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\PerformanceTest
    [2014/03/30 08:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artistitch
    [2014/03/30 08:42:07 | 000,000,000 | ---D | C] -- C:\Users\dad4\Documents\Art and Stitch My Designs
    [2014/03/30 08:41:44 | 000,000,000 | ---D | C] -- C:\Users\dad4\Documents\Art and Stitch Library
    [2014/03/30 08:41:44 | 000,000,000 | ---D | C] -- C:\Users\dad4\Documents\Art and Stitch Backdrops
    [2014/03/26 15:39:04 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Statler Stitcher
    [2014/03/26 15:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galil
    [2014/03/18 08:41:30 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Roaming\Oracle
    [2014/03/18 08:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2014/03/18 08:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2014/03/18 08:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    [2014/03/15 14:41:35 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Local\CrashDumps
    [2014/03/13 18:04:14 | 000,000,000 | ---D | C] -- C:\Users\dad4\Desktop\RK_Quarantine
    [2014/03/13 09:49:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/03/13 09:49:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/03/13 09:49:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/03/13 09:13:41 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\dad4\Desktop\TFC.exe
    [2014/03/13 09:09:13 | 000,000,000 | ---D | C] -- C:\Users\dad4\AppData\Roaming\SUPERAntiSpyware.com
    [2014/03/13 09:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2014/03/13 09:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2014/03/13 09:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2014/03/13 09:07:51 | 018,288,344 | ---- | C] (SUPERAntiSpyware) -- C:\Users\dad4\Desktop\SUPERAntiSpyware.exe
    [2014/03/13 07:10:06 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/03/12 08:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Fix 2013
    [2014/03/12 08:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Fix 2013
    [2013/06/23 10:32:18 | 005,401,808 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe

    ========== Files - Modified Within 30 Days ==========

    [2014/04/10 19:48:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dad4\Desktop\OTL.exe
    [2014/04/10 19:35:46 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/04/10 19:35:46 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/04/10 19:32:08 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\dad4\Desktop\JRT.exe
    [2014/04/10 19:28:42 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/04/10 19:23:33 | 000,000,484 | ---- | M] () -- C:\Windows\Brownie.ini
    [2014/04/10 19:21:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/04/10 19:20:59 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
    [2014/04/10 19:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/04/10 19:08:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/04/10 08:23:53 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2014/04/10 03:18:36 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\FreeFixer background scan.job
    [2014/04/09 17:34:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2014/04/09 17:21:13 | 005,196,025 | R--- | M] (Swearware) -- C:\Users\dad4\Desktop\ComboFix.exe
    [2014/04/09 07:27:08 | 004,139,872 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\dad4\Desktop\tdsskiller.exe
    [2014/04/08 19:52:40 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/04/08 18:03:01 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/04/08 18:02:04 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Users\dad4\Desktop\mbar-1.07.0.1009.exe
    [2014/04/07 11:04:18 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
    [2014/04/07 09:36:33 | 000,000,467 | ---- | M] () -- C:\Windows\BRWMARK.INI
    [2014/04/07 09:33:50 | 002,592,135 | ---- | M] () -- C:\Users\dad4\Desktop\USPS.pdf
    [2014/04/06 09:47:26 | 000,000,938 | ---- | M] () -- C:\Users\dad4\Desktop\PerformanceTest.lnk
    [2014/04/05 07:33:12 | 425,611,533 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2014/03/30 08:42:13 | 000,002,052 | ---- | M] () -- C:\Users\Public\Desktop\Art and Stitch.lnk
    [2014/03/29 09:05:52 | 149,025,792 | ---- | M] () -- C:\Users\dad4\Desktop\patterns.db.20140329
    [2014/03/27 11:34:30 | 000,000,110 | ---- | M] () -- C:\Users\dad4\Desktop\piano key.qli
    [2014/03/26 15:39:04 | 000,003,015 | ---- | M] () -- C:\Users\dad4\Desktop\CreativeStudio.lnk
    [2014/03/26 15:39:04 | 000,001,863 | ---- | M] () -- C:\Users\dad4\Desktop\CS LOG.lnk
    [2014/03/26 15:38:48 | 000,002,113 | ---- | M] () -- C:\Users\Public\Desktop\GalilTools.lnk
    [2014/03/21 11:33:43 | 000,925,912 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/03/21 11:33:43 | 000,762,640 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/03/21 11:33:43 | 000,161,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/03/17 06:28:48 | 149,025,792 | ---- | M] () -- C:\Users\dad4\Desktop\patterns.db.20140317
    [2014/03/13 11:11:26 | 007,140,650 | ---- | M] () -- C:\Users\dad4\AppData\Local\census.cache
    [2014/03/13 11:11:21 | 000,065,983 | ---- | M] () -- C:\Users\dad4\AppData\Local\ars.cache
    [2014/03/13 10:23:48 | 000,037,466 | ---- | M] () -- C:\Users\dad4\Documents\cc_20140313_102336.reg
    [2014/03/13 10:22:52 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/03/13 10:14:27 | 000,724,952 | ---- | M] () -- C:\Users\dad4\Desktop\avenger.zip
    [2014/03/13 09:13:35 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\dad4\Desktop\TFC.exe
    [2014/03/13 09:08:44 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    [2014/03/13 09:08:04 | 018,288,344 | ---- | M] (SUPERAntiSpyware) -- C:\Users\dad4\Desktop\SUPERAntiSpyware.exe
    [2014/03/13 07:09:19 | 000,001,449 | ---- | M] () -- C:\Users\dad4\Desktop\ComboFix - Shortcut.lnk
    [2014/03/13 06:55:43 | 003,819,008 | ---- | M] () -- C:\Users\dad4\Desktop\RogueKiller (1).exe
    [2014/03/13 03:25:20 | 005,214,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/03/12 08:06:36 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Advanced Fix 2013.lnk

    ========== Files Created - No Company Name ==========

    [2014/04/10 08:23:53 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2014/04/10 08:23:19 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2014/04/08 07:51:01 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\FreeFixer background scan.job
    [2014/04/07 09:33:49 | 002,592,135 | ---- | C] () -- C:\Users\dad4\Desktop\USPS.pdf
    [2014/04/06 09:47:26 | 000,000,938 | ---- | C] () -- C:\Users\dad4\Desktop\PerformanceTest.lnk
    [2014/04/05 07:33:12 | 425,611,533 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2014/03/30 08:42:13 | 000,002,052 | ---- | C] () -- C:\Users\Public\Desktop\Art and Stitch.lnk
    [2014/03/29 09:05:48 | 149,025,792 | ---- | C] () -- C:\Users\dad4\Desktop\patterns.db.20140329
    [2014/03/29 08:48:42 | 000,497,096 | ---- | C] () -- C:\Users\dad4\Desktop\setup.exe
    [2014/03/27 11:17:14 | 000,000,110 | ---- | C] () -- C:\Users\dad4\Desktop\piano key.qli
    [2014/03/26 15:39:04 | 000,003,015 | ---- | C] () -- C:\Users\dad4\Desktop\CreativeStudio.lnk
    [2014/03/26 15:39:04 | 000,001,863 | ---- | C] () -- C:\Users\dad4\Desktop\CS LOG.lnk
    [2014/03/26 15:38:48 | 000,002,113 | ---- | C] () -- C:\Users\Public\Desktop\GalilTools.lnk
    [2014/03/17 06:28:45 | 149,025,792 | ---- | C] () -- C:\Users\dad4\Desktop\patterns.db.20140317
    [2014/03/13 10:23:42 | 000,037,466 | ---- | C] () -- C:\Users\dad4\Documents\cc_20140313_102336.reg
    [2014/03/13 10:14:31 | 000,724,952 | ---- | C] () -- C:\Users\dad4\Desktop\avenger.zip
    [2014/03/13 09:49:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/03/13 09:49:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/03/13 09:49:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/03/13 09:49:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/03/13 09:49:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/03/13 09:08:44 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    [2014/03/13 07:09:19 | 000,001,449 | ---- | C] () -- C:\Users\dad4\Desktop\ComboFix - Shortcut.lnk
    [2014/03/13 06:55:39 | 003,819,008 | ---- | C] () -- C:\Users\dad4\Desktop\RogueKiller (1).exe
    [2014/03/12 08:06:36 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\Advanced Fix 2013.lnk
    [2014/03/01 10:19:45 | 000,001,808 | ---- | C] () -- C:\Windows\wininit.ini
    [2014/02/27 17:54:17 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2170W.DAT
    [2014/02/27 17:54:06 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2170W.INI
    [2014/02/27 14:45:11 | 000,000,010 | ---- | C] () -- C:\Users\dad4\AppData\Local\sponge.last.runtime.cache
    [2013/12/21 10:03:46 | 000,000,132 | ---- | C] () -- C:\Users\dad4\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
    [2013/12/12 22:15:00 | 000,000,039 | ---- | C] () -- C:\Windows\Embmake.INI
    [2013/11/29 13:53:49 | 000,000,132 | ---- | C] () -- C:\Users\dad4\AppData\Roaming\Adobe BMP Format CS6 Prefs
    [2013/10/02 16:50:13 | 000,004,096 | -H-- | C] () -- C:\Users\dad4\AppData\Local\keyfile3.drm
    [2013/09/14 09:31:11 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\AiCM64.dll
    [2013/09/14 09:31:11 | 000,214,528 | ---- | C] () -- C:\Windows\SysWow64\AiCM32.dll
    [2013/09/02 16:59:01 | 000,508,928 | ---- | C] () -- C:\Windows\SysWow64\hidapi-jni.dll
    [2013/08/15 13:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winlogon.exe
    [2013/08/15 13:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\smss.exe
    [2013/08/15 13:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\services.exe
    [2013/08/15 13:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe
    [2013/08/15 13:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe
    [2013/06/23 10:48:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SBRC.dat
    [2013/05/21 10:05:02 | 000,000,132 | ---- | C] () -- C:\Users\dad4\AppData\Roaming\Adobe PNG Format CS6 Prefs
    [2013/05/21 08:36:24 | 000,000,132 | ---- | C] () -- C:\Users\dad4\AppData\Roaming\Adobe GIF Format CS6 Prefs
    [2013/04/20 16:05:39 | 000,234,544 | ---- | C] () -- C:\Windows\RegBootClean64.exe
    [2013/04/20 16:05:39 | 000,022,064 | ---- | C] () -- C:\Windows\DCEBoot64.exe
    [2013/01/23 07:12:06 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
    [2013/01/17 10:39:27 | 000,247,612 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2013/01/09 16:34:12 | 000,000,163 | ---- | C] () -- C:\Windows\BRVIDEO.INI
    [2013/01/09 16:34:12 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
    [2013/01/09 16:33:16 | 000,000,484 | ---- | C] () -- C:\Windows\Brownie.ini
    [2012/04/15 09:36:15 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
    [2012/03/01 14:10:10 | 000,022,979 | ---- | C] () -- C:\Users\dad4\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2011/07/20 15:53:13 | 000,008,518 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
    [2011/07/20 12:53:30 | 007,140,650 | ---- | C] () -- C:\Users\dad4\AppData\Local\census.cache
    [2011/07/20 12:53:27 | 000,065,983 | ---- | C] () -- C:\Users\dad4\AppData\Local\ars.cache
    [2011/07/20 12:49:04 | 000,000,036 | ---- | C] () -- C:\Users\dad4\AppData\Local\housecall.guid.cache

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/08/03 12:24:05 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\AbeBooks
    [2013/05/21 08:47:47 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Autodesk
    [2014/03/14 09:25:20 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Azureus
    [2013/08/24 08:38:36 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\DAEMON Tools Pro
    [2012/04/15 09:41:07 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\DassaultSystemes
    [2013/09/02 16:59:37 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\EcoTech Marine
    [2012/04/15 09:41:07 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\EDrawings
    [2014/04/08 13:12:43 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\FreeFixer
    [2012/08/14 08:32:00 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\HTC
    [2012/08/14 08:30:17 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    [2013/09/14 09:18:50 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\iDealshare VideoGo
    [2012/05/25 06:36:21 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\ieSpell
    [2011/09/26 19:39:13 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Netscape
    [2012/01/17 08:38:20 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\No Company Name
    [2014/03/18 08:41:30 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Oracle
    [2013/02/06 08:00:02 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Outlook
    [2012/09/23 09:45:23 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\PC-FAX TX
    [2013/12/22 10:09:35 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\PDAppFlex
    [2011/09/26 21:06:46 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Photodex
    [2014/03/18 11:58:52 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\QuickScan
    [2011/08/20 08:51:10 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Seagull
    [2013/06/11 18:51:13 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2013/03/08 18:11:49 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\TeamViewer
    [2011/07/20 21:01:47 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\Teleca
    [2013/09/14 09:31:35 | 000,000,000 | ---D | M] -- C:\Users\dad4\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:373E1720

    < End of report >
     
  19. david hurd

    david hurd TS Rookie Topic Starter Posts: 48

    OTL Extras logfile created on: 4/10/2014 7:49:56 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dad4\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16521)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.99 Gb Total Physical Memory | 3.81 Gb Available Physical Memory | 63.52% Memory free
    11.98 Gb Paging File | 9.00 Gb Available in Paging File | 75.11% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.76 Gb Total Space | 157.97 Gb Free Space | 33.92% Space Free | Partition Type: NTFS
    Drive D: | 931.51 Gb Total Space | 104.96 Gb Free Space | 11.27% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 724.52 Gb Free Space | 77.78% Space Free | Partition Type: NTFS
    Drive F: | 501.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive I: | 931.51 Gb Total Space | 387.39 Gb Free Space | 41.59% Space Free | Partition Type: NTFS

    Computer Name: DAD4-PC | User Name: dad4 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0306F7AD-ECCE-49BD-8372-04D7AC6B9DC2}" = lport=445 | protocol=6 | dir=in | app=system |
    "{070943F3-4B32-4BC1-A529-F5B5EDAF7718}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{0BFBF591-9EBA-45F9-B2EE-AEB158E84AE7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{0CF76AE1-6353-4B67-8962-ADA6018A17FD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{10323E87-8F69-43F1-9D5B-C35860CDFDB5}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{143E4E2D-4619-4BFB-8DC9-DAC3343B03A9}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{2DB24E4A-5E7B-41CE-BC2F-BE269BA516B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{2E63B296-A218-4343-A626-F559F0446195}" = lport=139 | protocol=6 | dir=in | app=system |
    "{43BB31A9-6C8A-431E-915E-CE008827CBCB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{43F0B31C-E2B2-4C9A-A770-82A25C399FFB}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{4814FF45-9162-460B-BFBA-F871612BB050}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{5D190AED-92B0-4A8E-AD57-7F0D4CA270E4}" = rport=445 | protocol=6 | dir=out | app=system |
    "{6BE7D2FD-6193-4EAB-824F-9588C975ABA7}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{6E24BB5D-6EC9-4AAE-A4CE-E396F1F1EC50}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{735DFDD6-D0BD-4621-A527-5FA528B3A0BC}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{75DC268C-6262-424D-A0BE-2CD8DA6B4149}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8765D59F-CE4D-44CB-92BC-31DD903DF2D1}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{8AED105F-2512-47FD-802D-7B28EAE91797}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
    "{8D7CCA87-DA2F-4074-B886-D733165AF6D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8E116AE3-6E5D-4D8E-8FDF-DE0B8130B2C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{909EF230-BA2C-4AB7-85BA-2694DDB814FE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{96B00BAF-522D-4475-8AC0-F015E96586B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A2D74A48-3F30-4C07-9A7A-EDDE3D0C1820}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{A800B11D-0A4A-48CB-BFFF-8299E99D6EFF}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{A95ED6DA-C6A9-4E3B-974B-18FED02813C2}" = rport=138 | protocol=17 | dir=out | app=system |
    "{AC93CB5C-7C62-4E16-BB4B-45A91B1FF41C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{AD887D48-8DD7-458F-8ED0-3CFC02A5EA0E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B3AD78ED-8807-4B68-8B27-7E0B67BB8846}" = lport=137 | protocol=17 | dir=in | app=system |
    "{B5D20134-632A-48BA-9FFB-29483CCC3006}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{BDA579A5-2B62-4C81-BC9E-82B8DADFDC08}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE67BDA8-2E17-4EC5-B324-34519B2F2AAF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CB74251F-DBAB-4064-8188-497B49E03263}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{CEFA7E98-C1DF-43A7-AFC8-3DFCD116F0E2}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{D215F81F-A414-4400-852F-D14668CEF296}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{D42EE68E-72FF-43AC-92AA-9531A446F922}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D5803997-A8D2-4330-8824-CFA5DDC33F7E}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{DF8FAB5F-B129-4960-B880-4003D70371F2}" = lport=138 | protocol=17 | dir=in | app=system |
    "{F00C9612-72D4-4587-849A-D6C736637A2C}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{F5C94509-259A-458D-96FD-552D9202B7A6}" = rport=137 | protocol=17 | dir=out | app=system |
    "{FD4C028A-B877-4B48-832D-57495E1F73FC}" = rport=139 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0B67B391-8B79-41E0-AA0F-23A52E60C377}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{0B6C46E5-6E2E-4A46-AD9F-E2A9F97D2F77}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{17EFD203-FDD3-4F09-B3FC-3ED806140807}" = protocol=17 | dir=in | app=c:\program files (x86)\carbonite\carbonite backup\carbonitesetup.exe |
    "{196F2C07-FAB1-4E92-8A18-8F6269F69FA2}" = protocol=17 | dir=in | app=c:\program files (x86)\seagull\bartender suite\systemdatabasewizard.exe |
    "{1C6C8850-3E0E-47A9-85DB-F94AC5403ED8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{208B361D-A59A-4C04-BFC7-1C7C9B86FAD9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{226AA1B3-E47F-47C9-9030-0284D2D2C1D1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{27CFB2BF-FFC0-4C32-A2DF-245EEAF50B05}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{2A28CE5A-AA55-4151-B1F0-B6AFDEE03854}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{2DDD997A-8721-4254-8508-9BDEECC8273B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{2F61A0E2-85E9-4367-88C1-82631540BC1C}" = protocol=17 | dir=in | app=c:\program files (x86)\seagull\bartender suite\reprintconsole.exe |
    "{3167AB81-5046-4BDD-A695-402215993557}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{318127EE-A1E5-4D4F-81DE-DBC6737D1A92}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{381DA473-5311-4DDA-9035-D45CEF66F957}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{3BB02318-A065-49F4-84BA-B89517DE19D6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{3D86F89F-8BC1-4FE7-A8DA-B22F64AB3D09}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
    "{3F11A87A-4B19-4730-9F2D-BDAEFD43C0FF}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl06d\faxrx.exe |
    "{408DAA59-C147-42F9-B5A5-6C912B543767}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
    "{42506D7A-66B4-4CB0-AFE4-8BE9E675B017}" = protocol=6 | dir=in | app=c:\program files\carbonite\carbonite backup\carboniteservice.exe |
    "{42CCCEDF-1F3C-44CE-B5B2-0BB832A77EE1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{45E5AD29-154E-4553-B7E3-0A822A496505}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{45F483C3-26B9-41A5-A693-71CDF183AAC0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{4F9B103F-F263-4986-8833-1686F67CF1E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5B08CF81-A654-431B-884E-34C00912689B}" = protocol=17 | dir=in | app=c:\program files (x86)\seagull\bartender suite\systemdatabasesetup.exe |
    "{6A0BE805-B8F2-4759-A676-C76C483A039F}" = protocol=17 | dir=in | app=c:\program files\carbonite\carbonite backup\carboniteservice.exe |
    "{6D306857-417C-4721-B203-C5EDD25C2D4E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{6FC682DA-7337-470D-B817-9EDA3E1DA4B8}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl06d\faxrx.exe |
    "{70D4EDCD-53E5-4680-86BD-FC89D92B17A1}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srserver.exe |
    "{74DB67EE-87F3-40A4-96F3-8911829F1B9D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{79334AEF-40D8-4025-A1D6-594A7A1E7801}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\dataproxy.exe |
    "{7BFE5801-31ED-4F25-A82F-8D78D3893F6B}" = protocol=6 | dir=in | app=c:\program files (x86)\seagull\bartender suite\systemdatabasewizard.exe |
    "{80FC4A26-5D06-40A3-B510-C4C81A6F3A19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8A3C02E5-03FC-43E0-B780-ED26434B61AC}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{8A42D5EF-F6EE-4C63-AD2C-EF6BB893776E}" = protocol=6 | dir=out | app=system |
    "{8A60C917-4E2B-4D72-8D5F-FA5C64F271C0}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
    "{8D0162BB-F95C-4E3D-AE95-DF06BEA2D2CC}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
    "{8DE5CD62-763B-413E-8CC6-287798EB32B7}" = protocol=17 | dir=in | app=c:\program files (x86)\carbonite\carbonite backup\carboniteui.exe |
    "{9720DEFD-B1CA-4A38-A612-7DE6AF093945}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{98866CB8-B3BC-471D-B81E-30AEC11A6D4E}" = protocol=6 | dir=in | app=c:\program files (x86)\carbonite\carbonite backup\carbonitesetup.exe |
    "{9BD36F3F-55D0-4C6D-8014-95286A1DBE55}" = protocol=17 | dir=in | app=c:\program files (x86)\seagull\bartender suite\maestro.service.exe |
    "{9C25D665-566A-4FBB-917C-23B5998B1A98}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{9E74FB9B-B93D-476B-84DB-A752BB90D368}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srfeature.exe |
    "{9F41DDC7-DA14-417D-9ADB-551949E3E9A8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{A6881F63-8831-4F8C-A509-ABF91629AA74}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{A7B6FBD5-E609-4597-BE83-C0342DDE368F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{AA04F71F-7977-4FF2-AEE6-8470B4418E3F}" = protocol=6 | dir=in | app=c:\program files (x86)\seagull\bartender suite\systemdatabasesetup.exe |
    "{AEAB4DFF-0BA8-4B4C-9FB2-48F9E4489FAD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B719CB1E-CB42-47EC-9AC9-C1D3AED3EAAD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{B7ADCA56-80FC-45BA-A26E-F339C3CC7479}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{B7C75566-2AC7-4293-8345-4CFC1A2D7FD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B8916431-BD79-430F-B71A-4842EFF094E4}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
    "{B9E96F2C-2643-48C2-8B96-EEA8CA7FB134}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
    "{BC92CD54-2652-4DE9-9706-90ECA8A5F324}" = protocol=6 | dir=in | app=c:\program files (x86)\seagull\bartender suite\btsystem.service.exe |
    "{BF905E94-F2D7-4E29-B869-97B61B3631E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{C013D9D9-F1B2-4F72-A087-3F15C103465C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{C138DD4D-32EA-4CDC-8CA9-5B0AB606E602}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{CFD4CD16-F419-4B08-BD3D-2E7CE5E3BC79}" = protocol=17 | dir=in | app=c:\program files (x86)\seagull\bartender suite\btsystem.service.exe |
    "{DC2A0ABF-2517-4213-9DEA-87AF3CD3AA6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E517153F-3101-48AB-842A-3EFEEA03E798}" = protocol=6 | dir=in | app=c:\program files (x86)\seagull\bartender suite\maestro.service.exe |
    "{E7E5C86D-15B5-41D5-B5E7-4F41CF96A062}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{EA93D435-C79D-4D15-B7EB-6F11CB565A90}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{EEB9B1D6-46E6-4570-AD5F-82827E5A7115}" = protocol=6 | dir=in | app=c:\program files (x86)\seagull\bartender suite\reprintconsole.exe |
    "{EF66A92B-7CEA-429F-BD06-531D2BB52212}" = protocol=6 | dir=in | app=c:\program files (x86)\carbonite\carbonite backup\carboniteui.exe |
    "{F27C1B21-88AF-47F3-A74B-8901FD293418}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F5098039-840F-4874-9DCB-396A632A188B}" = protocol=6 | dir=in | app=c:\program files (x86)\seagull\bartender suite\historyexplorer.exe |
    "{F73BED2B-E3D5-414D-A730-DFE769AAB295}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{FD39CFCA-DC28-471A-9B41-2C5B0C98CCC7}" = protocol=17 | dir=in | app=c:\program files (x86)\seagull\bartender suite\historyexplorer.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}" = Adobe Premiere Elements 10
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5677B005-B609-4B5B-9F3C-132BB085D3CF}" = Microsoft SQL Server Management Objects Collection
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{73CA0462-DD49-495D-A6E5-AC4CF6F5FAC1}" = Symantec Endpoint Protection
    "{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
    "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}" = iTunes
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D5D8CB90-785A-458E-A5D1-3D084A1B4EE9}" = Microsoft Camera Codec Pack
    "{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}" = Apple Mobile Device Support
    "CCleaner" = CCleaner
    "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
    "Microsoft Security Client" = Microsoft Security Essentials
    "PerformanceTest 8_is1" = PerformanceTest v8.0
    "PremElem100" = Adobe Premiere Elements 10
    "WinRAR archiver" = WinRAR 4.01 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0094D07C-1FFB-4450-8D10-AD7E05A318DF}_is1" = Advanced Fix 2013 version 2.1.3.83
    "{0177D0D5-9B23-40ED-83CC-2FEE9EA7AA45}" = Machine Quilters Business Manager
    "{072E9B7C-850B-4397-B104-098170742FAF}" = Galil DMC .Net API for Visual Studio 2005
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{18CE9672-2DC4-47C4-BC34-235A1B71AAFE}" = Art and Stitch
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1E926104-8244-4E6E-841E-69D11D138C5C}" = BarTender 9.4
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}" = PDF Settings CC
    "{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}" = Apple Application Support
    "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
    "{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
    "{271AC427-45C0-4C4E-9F57-54E666F3833D}" = CreativeStudio
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
    "{43124E9B-3EB5-4BE6-A55B-13E373CF6089}" = EcoSmart Config Utility
    "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CA6A2DF-A805-4E40-95A9-CC8FE86DC742}" = EQ5
    "{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
    "{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (BARTENDER)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7EFD5075-EC47-49B6-81D2-D16FCCA4E756}" = Brother HL-2170W
    "{88603FC0-6B3C-442D-981E-E3D49F083548}_is1" = NovaBench 3.0.4
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001C-0000-0000-0000000FF1CE}" = Microsoft Office Access Runtime 2010
    "{90140000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{9207A8EC-3B2D-4A4A-8BF7-957FC19BB3DE}" = Zebra Setup Utilities
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A8C164B5-F818-461B-9546-1DAEF1C77ADD}" = Universal Buying Tool
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA70C64F-28D6-4014-8AB0-0C61ECFC7313}" = SolidWorks eDrawings 2012
    "{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
    "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
    "{B0255743-165B-4BD5-8DA8-37DFB9930015}" = Norton Ghost
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{B7C5EA94-B96A-41F5-BE95-25D78B486678}" = Splashtop Streamer
    "{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}" = Microsoft Streets & Trips 2011
    "{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite MFC-9440CN
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
    "{D8EEDC94-EE82-46A0-A7DB-812E3C6A0A6E}_is1" = PSD Viewer
    "{DB639F99-ED74-49D4-8FFD-5B8C34C00D64}" = AutoSketch Release 9
    "{E3F2AB39-35C4-4FC5-806D-B0B2F935B1B0}" = Follett Blue Book
    "{ECF43B43-F239-496F-9792-AEEEBF999C6C}" = HomeBase 3
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F2321021-08A2-44D6-B1DF-BDB415F23EC3}" = Adobe Illustrator CC
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
    "Aimersoft Video Converter Ultimate_is1" = Aimersoft Video Converter Ultimate(Build 5.6.0.1)
    "Carbonite Backup" = Carbonite
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
    "Cisco Connect" = Cisco Connect
    "DAEMON Tools Pro" = DAEMON Tools Pro
    "EcoSmart Live Connection Manager" = EcoSmart Live Connection Manager
    "FreeFixer1.10" = FreeFixer
    "GalilTools" = GalilTools
    "Google Chrome" = Google Chrome
    "ieSpell" = ieSpell
    "InstallShield_{4CA6A2DF-A805-4E40-95A9-CC8FE86DC742}" = EQ5
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NoIPDUC" = No-IP DUC
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.AccessRT" = Microsoft Access Runtime 2010
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "ProShow Gold" = ProShow Gold
    "Splashtop Software Updater" = Splashtop Software Updater
    "WinRAR archiver" = WinRAR 4.00 beta 1 (32-bit)
    "Zebra Font Downloader_is1" = Zebra Font Downloader
    "Zebra Setup Utilities" = Zebra Setup Utilities

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "0ff39f4248135cd2" = PVM - Pattern Viewer and Manager

    < End of report >
     
  20. david hurd

    david hurd TS Rookie Topic Starter Posts: 48

    I didn't do anything but run and post the text files after running OTL. Was I supposed to push clean or wait for you to respond
     
  21. Broni

    Broni Malware Annihilator Posts: 47,706   +268

    [​IMG] Uninstall Advanced Fix.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    [​IMG]
    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV:64bit: - [2013/03/15 08:06:37 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O15 - HKU\S-1-5-21-663409573-2375225237-670408003-1000\..Trusted Domains: localhost ([]* in Local intranet)
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:373E1720
    
    
    :Services
    
    :Reg
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  22. david hurd

    david hurd TS Rookie Topic Starter Posts: 48

    All processes killed
    ========== OTL ==========
    Service esgiguard stopped successfully!
    Service esgiguard deleted successfully!
    File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.
    Service avgtp stopped successfully!
    Service avgtp deleted successfully!
    C:\Windows\SysNative\drivers\avgtpx64.sys moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-663409573-2375225237-670408003-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
    ADS C:\ProgramData\Temp:373E1720 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\FRST not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData
    ->Temp folder emptied: 0 bytes

    User: dad4
    ->Temp folder emptied: 7400463 bytes
    ->Temporary Internet Files folder emptied: 32323387 bytes
    ->Java cache emptied: 1991495 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 74368760 bytes
    ->Flash cache emptied: 2365 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 70253 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    RecycleBin emptied: 2039246961 bytes

    Total Files Cleaned = 2,056.00 mb


    [EMPTYJAVA]

    User: All Users

    User: AppData

    User: dad4
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: dad4
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 04112014_175738

    Files\Folders moved on Reboot...
    C:\Users\dad4\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\dad4\AppData\Local\Temp\JETF8F5.tmp not found!
    File\Folder C:\Users\dad4\AppData\Local\Temp\JETF934.tmp not found!
    File\Folder C:\Users\dad4\AppData\Local\Temp\~DF1B970EF3B8AB9237.TMP not found!
    File\Folder C:\Users\dad4\AppData\Local\Temp\~DF567E1D4EE997AD0F.TMP not found!
    C:\Users\dad4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1AB8E7EE-168F-439D-BF2B-3B24799E7008}.tmp moved successfully.
    File\Folder C:\Users\dad4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3A075A9B-3F4E-4F2F-92CC-61C8722964E7}.tmp not found!
    C:\Users\dad4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6D731F60-1C05-4FB6-82AB-FBABA051B70D}.tmp moved successfully.
    C:\Users\dad4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{86DC796F-E9C1-40AB-A4D0-0DE7443E88B0}.tmp moved successfully.
    File\Folder C:\Users\dad4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{CC676BF3-A9EB-43A1-8EAB-3CCCB17262E4}.tmp not found!
    C:\Users\dad4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{CF9B006E-F5C1-4FCF-BA64-92F38F633BA8}.tmp moved successfully.
    C:\Users\dad4\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  23. david hurd

    david hurd TS Rookie Topic Starter Posts: 48

    Results of screen317's Security Check version 0.99.81
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Symantec Endpoint Protection
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Norton Ghost
    Malwarebytes Anti-Malware version 1.75.0.1300
    Java(TM) 6 Update 29
    Java 7 Update 51
    Adobe Reader 10.1.9 Adobe Reader out of Date!
    Mozilla Firefox 13.0 Firefox out of Date!
    Google Chrome 33.0.1750.154
    Google Chrome 34.0.1847.116
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    Microsoft Security Essentials msseces.exe
    Windows Defender MSMpEng.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:
    ````````````````````End of Log``````````````````````
     
  24. david hurd

    david hurd TS Rookie Topic Starter Posts: 48

    Farbar Service Scanner Version: 25-02-2014
    Ran by dad4 (administrator) on 11-04-2014 at 18:45:32
    Running from "C:\Users\dad4\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  25. david hurd

    david hurd TS Rookie Topic Starter Posts: 48

    Double post
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.