Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Google redirect, cannot reinstall antivirus

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
valyasokol
Newbie


Joined: 11 Oct 2011
Last Visit: 12 Oct 2012
Posts: 2

PostPosted: Tue Oct 11, 2011 3:06 am    Post subject: Google redirect, cannot reinstall antivirus Reply with quote

Hi,
I started to receive Google search redirects to famoussearchsystem.com and different strange pop-ups. Like Navcancl from ieframe.ddl and Windoes Security allerts ("To help protect your computer Windows firewall has blocked some features of this program"; the names of the programs looked familier, but the publisher was Unknown). I decided to reinstall my anti-virus (Semantec Endpoint Protection) - the installation finished sucessfully, but SEP was not installed.
I was not able to run TrendMicro scan.
I was able to run Malwarebytes in SafeMode. It said I have Backdoor.0Access and cleaned it, second full scan was clean, but the problem persists.

I cannot run DDS in either of three forms, but was able to run OTL.

Your help will be greatly appreciated!
Valentina
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 27 Nov 2014
Posts: 9983
Location: Yorkshire

PostPosted: Wed Oct 12, 2011 5:26 am    Post subject: Reply with quote

Sounds like you have the Zero Access rootkit on your computer.

If you have an OTL log, please post it.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
valyasokol
Newbie


Joined: 11 Oct 2011
Last Visit: 12 Oct 2012
Posts: 2

PostPosted: Wed Oct 12, 2011 8:41 pm    Post subject: Reply with quote

Thanks for your reply. Here's an update.
I do not see any search redirects any more (probably after Malwarebytes cleaned Backdoor.0Access). I still not able to install Semantic Endpoint Protection - it starts installing, but rolls back. Somebody was able to install a trial version of Norton Anti-Virus on my computer and cleaned 2 threats (one connected to .NET Runtime Optimization pop up I had before). After that I didn't have any pop-up messages from strange programs. And computer seems to work OK. But while I was reinstalling QuickBooks Norton showed a message that in order to fix a security program the computer needs to be restarted. After restart it found en error 8504, 104 and doesn't work any more. So I'm completely without any anti-virus now.
Windows update are not working too.
I can see several disk errors in my Event log (starting at least in April - can it be connected?)
Also, while I was doing a partial back-up it skipped one file:
WriteReparsePoint(File)(Access is denied.5):M:\Backup Files\1\1\TP\49

I DO NOT have drive M!

I can update and run Malwarebytes (says computer is clean), but cannot run dds.
OTL run, but produced only OTL.txt, but no Extra.txt (I still have previous OTL and Extra on a flash drive). Here's the OTL log:

OTL logfile created on: 10/13/2011 12:00:48 AM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Mama\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 42.43% Memory free
6.68 Gb Paging File | 4.65 Gb Available in Paging File | 69.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 688.57 Gb Total Space | 461.40 Gb Free Space | 67.01% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.23 Gb Free Space | 32.34% Space Free | Partition Type: NTFS
Drive F: | 152.66 Gb Total Space | 146.66 Gb Free Space | 96.07% Space Free | Partition Type: NTFS
Drive I: | 930.86 Gb Total Space | 654.67 Gb Free Space | 70.33% Space Free | Partition Type: NTFS
Drive Z: | 446.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MAMA | User Name: Mama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/12 18:16:22 | 001,195,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\A5E82D02\19.1.1.3\inststub.exe
PRC - [2011/10/11 21:59:18 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2011/10/10 13:37:52 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Mama\Desktop\OTL.exe
PRC - [2011/09/23 15:31:12 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10x_ActiveX.exe
PRC - [2011/09/06 21:20:40 | 001,155,432 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/09/06 20:12:06 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/08/10 16:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\19.1.1.3\ccsvchst.exe
PRC - [2011/08/04 15:15:28 | 003,674,904 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2011/07/29 06:55:25 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/18 18:03:47 | 000,116,536 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\System32\atashost.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\Mama\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2009/08/11 10:19:48 | 006,798,714 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/08/18 20:01:52 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2008/01/15 14:31:58 | 000,155,648 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2008/01/15 07:00:34 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/03 11:25:46 | 000,053,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\LBTWiz.exe
PRC - [2007/12/03 11:24:52 | 000,110,592 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
PRC - [2007/12/03 11:03:54 | 000,679,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2007/10/09 09:09:06 | 000,100,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/18 07:17:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
MOD - [2011/08/18 07:17:39 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
MOD - [2011/08/18 07:17:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll
MOD - [2011/08/18 07:17:25 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c8750ecd71abac98fb26b2f4bf3a031a\Accessibility.ni.dll
MOD - [2011/08/18 07:08:55 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/18 07:08:29 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011/08/18 07:08:18 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011/08/18 07:05:51 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/17 22:13:20 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/03/21 14:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/11 10:19:48 | 006,798,714 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
MOD - [2009/08/11 10:19:48 | 000,897,024 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\RBScript.dll
MOD - [2009/08/11 10:19:48 | 000,762,368 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\XML.dll
MOD - [2009/08/11 10:19:48 | 000,335,872 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\CGamma.dll
MOD - [2009/08/11 10:19:48 | 000,147,456 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\RegEx.dll
MOD - [2009/08/11 10:19:48 | 000,135,168 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\Appearance Pak.dll
MOD - [2009/08/11 10:19:48 | 000,131,072 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\CSensor.dll
MOD - [2009/08/11 10:19:48 | 000,098,304 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\Shell.dll
MOD - [2009/08/11 10:19:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll
MOD - [2009/08/11 10:19:48 | 000,025,600 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll
MOD - [2009/04/13 13:13:24 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3182.4560__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009/04/13 13:13:24 | 000,692,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3182.4630__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2009/04/13 13:13:24 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3182.4647__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2009/04/13 13:13:24 | 000,266,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3182.4544__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/04/13 13:13:24 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3182.4562__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/04/13 13:13:24 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3182.4641__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009/04/13 13:13:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3182.4556__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/04/13 13:13:24 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3182.4601__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009/04/13 13:13:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3182.4551__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009/04/13 13:13:23 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3182.4665__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/04/13 13:13:23 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3182.4619__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009/04/13 13:13:20 | 000,471,040 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3182.4684__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2009/04/13 13:13:20 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3182.4624__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009/04/13 13:13:20 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3182.4666__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/04/13 13:13:20 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3182.4625__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/04/13 13:13:20 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3182.4551__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/04/13 13:13:20 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3182.4684__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2009/04/13 13:13:20 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3182.4624__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009/04/13 13:13:20 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3182.4664__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009/04/13 13:13:19 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3182.4604__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009/04/13 13:13:19 | 000,798,720 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3182.4642__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2009/04/13 13:13:19 | 000,675,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3182.4620__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2009/04/13 13:13:19 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3182.4563__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009/04/13 13:13:19 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3182.4597__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009/04/13 13:13:19 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3182.4552__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009/04/13 13:13:19 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3182.4602__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009/04/13 13:13:19 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3182.4634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009/04/13 13:13:19 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3182.4563__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/04/13 13:13:19 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3182.4615__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009/04/13 13:13:19 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3182.4603__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009/04/13 13:13:19 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3182.4601__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009/04/13 13:13:19 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3182.4567__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009/04/13 13:13:19 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3182.4602__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009/04/13 13:13:19 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3182.4615__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009/04/13 13:13:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3182.4617__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009/04/13 13:13:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3127.31122__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/04/13 13:13:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3127.31117__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/04/13 13:13:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3127.31128__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009/04/13 13:13:18 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3127.31159__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2009/04/13 13:13:18 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3127.31111__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/04/13 13:13:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3127.31124__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/04/13 13:13:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3127.31143__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/04/13 13:13:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3127.31140__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009/04/13 13:13:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009/04/13 13:13:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3127.31156__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/04/13 13:13:18 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3127.31108__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/04/13 13:13:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3127.31110__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/04/13 13:13:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3127.31186__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/04/13 13:13:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3127.31155__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009/04/13 13:13:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3127.31134__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009/04/13 13:13:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2009/04/13 13:13:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3127.31124__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/04/13 13:13:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3127.31121__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/04/13 13:13:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3127.31118__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/04/13 13:13:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3127.31130__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/04/13 13:13:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3127.31156__90ba9c70f846762e\DEM.OS.dll
MOD - [2009/04/13 13:13:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009/04/13 13:13:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3127.31135__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009/04/13 13:13:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009/04/13 13:13:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3127.31123__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/04/13 13:13:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3127.31137__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/04/13 13:13:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3127.31135__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/04/13 13:13:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3127.31160__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/04/13 13:13:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3127.31131__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/04/13 13:13:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3127.31160__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/04/13 13:13:18 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009/04/13 13:13:17 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3127.31143__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009/04/13 13:13:17 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3127.31140__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009/04/13 13:13:17 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3127.31139__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009/04/13 13:13:17 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3127.31142__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009/04/13 13:13:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3127.31130__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009/04/13 13:13:17 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3127.31137__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009/04/13 13:13:17 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3127.31136__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009/04/13 13:13:17 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3127.31131__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009/04/13 13:13:17 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3127.31141__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009/04/13 13:13:17 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009/04/13 13:13:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3127.31136__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009/04/13 13:13:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3127.31130__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009/04/13 13:13:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3127.31123__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009/04/13 13:13:16 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3182.4677__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/04/13 13:13:16 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3182.4687__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2009/04/13 13:13:15 | 001,028,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3182.4548__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/04/13 13:13:15 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3182.4556__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009/04/13 13:13:15 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3182.4658__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/04/13 13:13:15 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3182.4542__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009/04/13 13:13:15 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3182.4542__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009/04/13 13:13:15 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3182.4656__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/04/13 13:13:15 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3182.4540__90ba9c70f846762e\APM.Server.dll
MOD - [2009/04/13 13:13:15 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3182.4543__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009/04/13 13:13:15 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3127.31133__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/04/13 13:13:15 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3182.4541__90ba9c70f846762e\AEM.Server.dll
MOD - [2009/04/13 13:13:15 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3127.31115__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009/04/13 13:13:15 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3127.31126__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/04/13 13:13:15 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3127.31119__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/04/13 13:13:15 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009/04/13 13:13:15 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3182.4657__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/04/13 13:13:15 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3127.31132__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/04/13 13:13:15 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3127.31132__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/04/13 13:13:15 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3127.31129__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/04/13 13:13:15 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3127.31144__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/04/13 13:13:15 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3127.31114__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2009/04/13 13:13:15 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009/04/13 13:13:15 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009/04/13 13:13:15 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3182.4541__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008/10/17 06:24:50 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/09/10 11:46:48 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (WPFFontCache_v0400)
SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - [2011/10/11 21:59:18 | 000,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2011/09/06 20:12:06 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/08/10 16:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe -- (NAV)
SRV - [2011/01/18 18:03:47 | 000,116,536 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\Mama\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2009/09/29 16:41:00 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/15 14:31:58 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007/12/03 11:24:52 | 000,110,592 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE -- (LBTServ)


========== Driver Services (SafeList) ==========

DRV - [2011/10/12 14:08:11 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.0.0.128\Definitions\VirusDefs\20111012.001\navex15.sys -- (NAVEX15)
DRV - [2011/10/12 14:08:11 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/10/12 14:08:11 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/12 14:08:11 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.0.0.128\Definitions\VirusDefs\20111012.001\naveng.sys -- (NAVENG)
DRV - [2011/10/12 13:06:35 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/10/11 00:23:24 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.0.0.128\Definitions\IPSDefs\20111011.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/09/29 21:38:50 | 000,816,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.0.0.128\Definitions\BASHDefs\20110929.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/08 19:38:11 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1301010.003\ccSetx86.sys -- (ccSet_NAV)
DRV - [2011/08/02 22:22:10 | 000,566,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NAV\1301010.003\SRTSP.SYS -- (SRTSP)
DRV - [2011/08/02 22:22:10 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1301010.003\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/07/28 23:20:02 | 000,897,656 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1301010.003\SYMEFA.SYS -- (SymEFA)
DRV - [2011/07/25 22:18:39 | 000,344,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1301010.003\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/07/25 22:15:51 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1301010.003\Ironx86.SYS -- (SymIRON)
DRV - [2011/05/16 16:03:26 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1301010.003\SYMDS.SYS -- (SymDS)
DRV - [2009/04/11 00:43:07 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BTHPRINT.SYS -- (BTHprint)
DRV - [2008/10/17 06:24:48 | 003,930,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/10/17 06:24:48 | 003,930,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/09/08 17:26:22 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Spyder3.sys -- (Spyder3)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/25 23:41:02 | 000,042,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/20 22:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/15 14:34:04 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2008/01/15 07:16:22 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/01/15 07:16:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/09 09:09:02 | 000,032,280 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/10/09 09:09:00 | 000,032,152 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1868329044-366293990-1701874703-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1868329044-366293990-1701874703-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1868329044-366293990-1701874703-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1868329044-366293990-1701874703-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.8013

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/12/20 11:30:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/23 15:59:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/22 13:38:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.0.0.128\IPSFFPlgn\ [2011/10/12 13:37:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/05 16:27:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/05 16:27:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.18\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/07/27 17:26:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.18\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/06/18 12:51:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/07/27 17:26:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/06/18 12:51:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/22 13:38:30 | 000,000,000 | ---D | M]

[2010/08/27 06:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\Mozilla\Extensions
[2010/08/27 06:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/08/23 22:16:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/10/05 20:58:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\b2whdftq.default\extensions
[2009/10/05 20:07:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\b2whdftq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/27 13:30:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\b2whdftq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/08/18 07:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/21 09:53:27 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/05/23 15:59:30 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/11/06 11:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/06 11:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2011/10/12 07:47:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\19.1.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll File not found
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1868329044-366293990-1701874703-1003\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll File not found
O3 - HKU\S-1-5-21-1868329044-366293990-1701874703-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech BT Wizard] LBTWiz.exe -silent File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk = C:\Users\Mama\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1868329044-366293990-1701874703-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1868329044-366293990-1701874703-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://ritzpix.lifepics.com/net/Uploader/LPUploader57.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.69.188.185 207.69.188.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{332A431B-DC85-49DB-AC75-7A7CE5F6ED3B}: DhcpNameServer = 207.69.188.185 207.69.188.186
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 17:12:18 | 000,000,088 | ---- | M] () - Z:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/12 18:16:21 | 000,897,656 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1301010.003\symefa.sys
[2011/10/12 18:16:21 | 000,344,184 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1301010.003\symtdiv.sys
[2011/10/12 18:16:21 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1301010.003\symds.sys
[2011/10/12 18:16:21 | 000,314,488 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1301010.003\symnets.sys
[2011/10/12 18:16:21 | 000,031,864 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1301010.003\srtspx.sys
[2011/10/12 18:16:20 | 000,566,904 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1301010.003\srtsp.sys
[2011/10/12 18:16:20 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1301010.003\ironx86.sys
[2011/10/12 18:16:20 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1301010.003\ccsetx86.sys
[2011/10/12 17:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
[2011/10/12 17:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2011/10/12 13:06:35 | 000,127,096 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/10/12 13:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/10/12 13:05:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2011/10/12 12:39:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1301010.003
[2011/10/12 12:35:58 | 000,897,656 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1300000.080\SymEFA.sys
[2011/10/12 12:35:58 | 000,561,272 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1300000.080\srtsp.sys
[2011/10/12 12:35:58 | 000,344,184 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1300000.080\symtdiv.sys
[2011/10/12 12:35:58 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1300000.080\SymDS.sys
[2011/10/12 12:35:58 | 000,310,392 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1300000.080\symnets.sys
[2011/10/12 12:35:58 | 000,031,864 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1300000.080\srtspx.sys
[2011/10/12 12:35:57 | 000,149,624 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1300000.080\Ironx86.sys
[2011/10/12 12:35:57 | 000,131,208 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1300000.080\ccSetx86.sys
[2011/10/12 12:35:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2011/10/12 12:35:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1300000.080
[2011/10/12 12:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2011/10/12 11:45:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2011/10/12 11:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/10/12 10:48:44 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/10/12 10:39:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\oldcatroot2
[2011/10/12 08:43:56 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/10/12 07:53:52 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Local\temp
[2011/10/12 07:47:02 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/10/12 07:22:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/11 22:01:20 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2011/10/11 22:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2011/10/11 22:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2011/10/11 16:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/10/11 16:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/10/11 08:11:07 | 000,000,000 | ---D | C] -- C:\Malware
[2011/10/11 06:33:52 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mama\Desktop\secondDD.scr
[2011/10/10 13:39:57 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Mama\Desktop\OTL.exe
[2011/10/09 23:20:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/09 23:20:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/09 23:20:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/09 23:20:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/09 23:20:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/09 21:27:33 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/10/09 17:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Mama\AppData\Local\3ca7e7ec
[2011/10/03 16:31:16 | 000,000,000 | ---D | C] -- C:\Users\Mama\Desktop\Adobe
[2011/09/16 17:24:33 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll

========== Files - Modified Within 30 Days ==========

[2011/10/13 00:05:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{26FB40CD-3C4D-423A-AA7D-5AAFA048B379}.job
[2011/10/13 00:04:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/12 23:18:56 | 000,629,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/12 23:18:56 | 000,118,324 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/12 23:08:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 23:08:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 21:48:29 | 000,056,662 | ---- | M] () -- C:\Windows\PeachWLog.XML
[2011/10/12 21:28:48 | 000,000,023 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2011/10/12 19:08:43 | 000,002,369 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011/10/12 19:08:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/12 18:55:35 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BBE3BA4B-D815-41D9-94FB-97AF2AF44EE6}.job
[2011/10/12 18:48:18 | 002,230,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/12 18:10:34 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/10/12 17:58:22 | 000,002,293 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/10/12 15:14:05 | 000,000,945 | ---- | M] () -- C:\Users\Mama\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/12 15:13:14 | 000,001,981 | ---- | M] () -- C:\Users\Mama\Desktop\Adobe Photoshop Lightroom 3.5.lnk
[2011/10/12 15:11:00 | 000,001,878 | ---- | M] () -- C:\Users\Mama\Desktop\Skype.lnk
[2011/10/12 15:09:19 | 000,002,103 | ---- | M] () -- C:\Users\Mama\Desktop\Roxio Creator.lnk
[2011/10/12 15:09:06 | 000,001,095 | ---- | M] () -- C:\Users\Mama\Desktop\RealPlayer.lnk
[2011/10/12 15:08:39 | 000,001,089 | ---- | M] () -- C:\Users\Mama\Desktop\Zuma's Revenge!.lnk
[2011/10/12 15:08:29 | 000,001,831 | ---- | M] () -- C:\Users\Mama\Desktop\Peachtree Pro Accounting 2010.lnk
[2011/10/12 15:05:57 | 000,001,184 | ---- | M] () -- C:\Users\Mama\Desktop\HP Solution Center.lnk
[2011/10/12 15:01:22 | 000,000,926 | ---- | M] () -- C:\Users\Mama\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/12 15:00:55 | 000,002,034 | ---- | M] () -- C:\Users\Mama\Desktop\QuickBooks Pro 2010.lnk
[2011/10/12 14:49:03 | 000,001,513 | ---- | M] () -- C:\Users\Mama\Desktop\Eudora.lnk
[2011/10/12 14:48:03 | 000,001,737 | ---- | M] () -- C:\Users\Mama\Desktop\Quicken 2010.lnk
[2011/10/12 13:06:35 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/10/12 13:06:35 | 000,007,510 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/10/12 13:06:35 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/10/12 12:43:40 | 002,189,732 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1301010.003\Cat.DB
[2011/10/12 12:39:38 | 000,004,349 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1301010.003\VT20110921.017
[2011/10/12 12:37:49 | 002,189,732 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1300000.080\Cat.DB
[2011/10/12 11:57:26 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/10/12 07:47:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/12 07:15:14 | 204,577,574 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/11 21:59:18 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
[2011/10/11 07:41:07 | 000,000,680 | ---- | M] () -- C:\Users\Mama\AppData\Local\d3d9caps.dat
[2011/10/11 06:32:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mama\Desktop\secondDD.scr
[2011/10/10 13:37:52 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Mama\Desktop\OTL.exe
[2011/10/10 11:53:09 | 000,000,000 | ---- | M] () -- C:\Users\Mama\defogger_reenable
[2011/10/09 09:42:32 | 000,005,604 | ---- | M] () -- C:\Windows\mozy.blk
[2011/10/09 09:42:32 | 000,004,856 | ---- | M] () -- C:\Windows\mozy.flt
[2011/10/06 11:00:20 | 000,002,321 | ---- | M] () -- C:\Users\Mama\Desktop\FileZilla 2.2.32.lnk
[2011/09/23 18:54:56 | 000,035,840 | ---- | M] () -- C:\Users\Mama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/23 15:31:12 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/20 13:30:52 | 000,000,541 | ---- | M] () -- C:\Users\Mama\.fotki-uploader300-settings.xml
[2011/09/20 13:26:25 | 000,000,208 | ---- | M] () -- C:\Users\Mama\.lastFolder
[2011/09/19 18:00:24 | 002,440,206 | ---- | M] () -- C:\Users\Mama\AppData\Local\[j0027]-[p08].bmp
[2011/09/19 18:00:24 | 000,456,390 | ---- | M] () -- C:\Users\Mama\AppData\Local\[j0027]-[p09].bmp
[2011/09/19 18:00:22 | 002,440,206 | ---- | M] () -- C:\Users\Mama\AppData\Local\[j0027]-[p07].bmp
[2011/09/19 18:00:20 | 002,440,206 | ---- | M] () -- C:\Users\Mama\AppData\Local\[j0027]-[p06].bmp
[2011/09/19 18:00:18 | 002,440,206 | ---- | M] () -- C:\Users\Mama\AppData\Local\[j0027]-[p05].bmp
[2011/09/19 18:00:16 | 002,440,206 | ---- | M] () -- C:\Users\Mama\AppData\Local\[j0027]-[p04].bmp
[2011/09/19 18:00:14 | 002,440,206 | ---- | M] () -- C:\Users\Mama\AppData\Local\[j0027]-[p03].bmp
[2011/09/19 18:00:12 | 002,440,206 | ---- | M] () -- C:\Users\Mama\AppData\Local\[j0027]-[p02].bmp
[2011/09/17 12:26:20 | 000,007,070 | ---- | M] () -- C:\Users\Mama\Documents\Pass.kdbx

========== Files Created - No Company Name ==========

[2011/10/12 18:16:21 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1301010.003\symnetv.cat
[2011/10/12 18:16:21 | 000,007,498 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1301010.003\symefa.cat
[2011/10/12 18:16:21 | 000,007,496 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1301010.003\srtspx.cat
[2011/10/12 18:16:21 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1301010.003\symds.cat
[2011/10/12 18:16:21 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1301010.003\symnet.cat
[2011/10/12 18:16:21 | 000,003,433 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1301010.003\symefa.inf
[2011/10/12 18:16:21 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1301010.003\symds.inf
[2011/10/12 18:16:21 | 000,001,468 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1301010.003\symnetv.inf
[2011/10/12 18:16:21 | 000,001,440 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1301010.003\symnet.inf
[2011/10/12 18:16:21 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1301010.003\srtspx.inf
[2011/10/12 18:16:20 | 000,007,510 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1301010.003\ccsetx86.cat
[2011/10/12 18:16:20 | 000,007,492 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1301010.003\srtsp.cat
[2011/10/12 18:16:20 | 000,007,492 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1301010.003\iron.cat
[2011/10/12 18:16:20 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1301010.003\srtsp.inf
[2011/10/12 18:16:20 | 000,000,828 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1301010.003\ccsetx86.inf
[2011/10/12 18:16:20 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1301010.003\iron.inf
[2011/10/12 18:16:01 | 000,002,801 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1301010.003\symvtcer.dat
[2011/10/12 18:16:01 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1301010.003\isolate.ini
[2011/10/12 17:58:22 | 000,002,293 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/10/12 15:14:05 | 000,000,945 | ---- | C] () -- C:\Users\Mama\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/12 15:13:14 | 000,001,981 | ---- | C] () -- C:\Users\Mama\Desktop\Adobe Photoshop Lightroom 3.5.lnk
[2011/10/12 15:11:00 | 000,001,878 | ---- | C] () -- C:\Users\Mama\Desktop\Skype.lnk
[2011/10/12 15:09:19 | 000,002,103 | ---- | C] () -- C:\Users\Mama\Desktop\Roxio Creator.lnk
[2011/10/12 15:09:06 | 000,001,095 | ---- | C] () -- C:\Users\Mama\Desktop\R
Back to top
View user's profile Send private message
valyasokol
Newbie


Joined: 11 Oct 2011
Last Visit: 12 Oct 2012
Posts: 2

PostPosted: Wed Oct 12, 2011 8:45 pm    Post subject: Reply with quote

Here's the end of OTL. txt

[2011/10/12 15:09:19 | 000,002,103 | ---- | C] () -- C:\Users\Mama\Desktop\Roxio Creator.lnk
[2011/10/12 15:09:06 | 000,001,095 | ---- | C] () -- C:\Users\Mama\Desktop\RealPlayer.lnk
[2011/10/12 15:08:39 | 000,001,089 | ---- | C] () -- C:\Users\Mama\Desktop\Zuma's Revenge!.lnk
[2011/10/12 15:08:29 | 000,001,831 | ---- | C] () -- C:\Users\Mama\Desktop\Peachtree Pro Accounting 2010.lnk
[2011/10/12 15:05:57 | 000,001,184 | ---- | C] () -- C:\Users\Mama\Desktop\HP Solution Center.lnk
[2011/10/12 15:01:22 | 000,000,926 | ---- | C] () -- C:\Users\Mama\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/12 15:00:55 | 000,002,034 | ---- | C] () -- C:\Users\Mama\Desktop\QuickBooks Pro 2010.lnk
[2011/10/12 14:49:03 | 000,001,513 | ---- | C] () -- C:\Users\Mama\Desktop\Eudora.lnk
[2011/10/12 14:48:03 | 000,001,737 | ---- | C] () -- C:\Users\Mama\Desktop\Quicken 2010.lnk
[2011/10/12 13:06:35 | 000,007,510 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/10/12 13:06:35 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/10/12 13:06:26 | 000,002,369 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011/10/12 12:42:11 | 002,189,732 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1301010.003\Cat.DB
[2011/10/12 12:40:07 | 000,004,349 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1301010.003\VT20110921.017
[2011/10/12 12:36:29 | 002,189,732 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1300000.080\Cat.DB
[2011/10/12 12:35:36 | 000,003,435 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1300000.080\SymEFA.inf
[2011/10/12 12:35:36 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1300000.080\SymDS.inf
[2011/10/12 12:35:36 | 000,001,469 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1300000.080\SymNetV.inf
[2011/10/12 12:35:36 | 000,001,441 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1300000.080\SymNet.inf
[2011/10/12 12:35:36 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1300000.080\srtspx.inf
[2011/10/12 12:35:36 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1300000.080\srtsp.inf
[2011/10/12 12:35:36 | 000,000,784 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1300000.080\ccSetx86.inf
[2011/10/12 12:35:36 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1300000.080\Iron.inf
[2011/10/12 12:35:27 | 000,002,801 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1300000.080\SymVTcer.dat
[2011/10/12 12:35:23 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1300000.080\symnetv.cat
[2011/10/12 12:35:23 | 000,007,510 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1300000.080\ccSetx86.cat
[2011/10/12 12:35:23 | 000,007,498 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1300000.080\SymEFA.cat
[2011/10/12 12:35:23 | 000,007,496 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1300000.080\srtspx.cat
[2011/10/12 12:35:23 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1300000.080\SymDS.cat
[2011/10/12 12:35:23 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1300000.080\srtsp.cat
[2011/10/12 12:35:23 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1300000.080\iron.cat
[2011/10/12 12:35:23 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1300000.080\SymNet.cat
[2011/10/12 12:35:22 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1300000.080\isolate.ini
[2011/10/12 08:04:15 | 000,002,074 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Spyder3Utility.lnk
[2011/10/12 08:04:15 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/10/12 08:04:15 | 000,001,844 | ---- | C] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
[2011/10/12 08:04:15 | 000,001,451 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPoint.lnk
[2011/10/12 08:04:15 | 000,000,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2011/10/10 11:53:09 | 000,000,000 | ---- | C] () -- C:\Users\Mama\defogger_reenable
[2011/10/09 23:20:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/09 23:20:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/09 23:20:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/09 23:20:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/09 23:20:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/03 16:52:41 | 000,001,981 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.5.lnk
[2011/09/19 18:00:24 | 000,456,390 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0027]-[p09].bmp
[2011/09/19 18:00:22 | 002,440,206 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0027]-[p08].bmp
[2011/09/19 18:00:20 | 002,440,206 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0027]-[p07].bmp
[2011/09/19 18:00:18 | 002,440,206 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0027]-[p06].bmp
[2011/09/19 18:00:16 | 002,440,206 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0027]-[p05].bmp
[2011/09/19 18:00:14 | 002,440,206 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0027]-[p04].bmp
[2011/09/19 18:00:12 | 002,440,206 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0027]-[p03].bmp
[2011/09/19 18:00:10 | 002,440,206 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0027]-[p02].bmp
[2011/09/15 07:29:30 | 204,577,574 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/07/02 21:01:38 | 002,440,206 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0002]-[p02].bmp
[2011/07/02 20:27:45 | 000,219,934 | ---- | C] () -- C:\Windows\hpoins35.dat
[2011/07/02 20:27:45 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat
[2011/06/18 21:48:41 | 000,220,708 | ---- | C] () -- C:\Windows\hpoins35.dat.temp
[2011/05/17 22:16:27 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2011/04/07 13:25:07 | 000,000,036 | ---- | C] () -- C:\Users\Mama\AppData\Local\housecall.guid.cache
[2011/01/29 11:57:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/07 22:19:16 | 002,447,334 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0055]-[p06].bmp
[2010/12/07 22:19:15 | 002,447,334 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0055]-[p05].bmp
[2010/12/07 22:19:14 | 002,447,334 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0055]-[p04].bmp
[2010/12/07 22:19:13 | 002,447,334 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0055]-[p03].bmp
[2010/11/09 22:31:39 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/10/18 15:24:46 | 002,440,206 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0034]-[p04].bmp
[2010/10/18 15:24:42 | 002,440,206 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0034]-[p03].bmp
[2010/09/13 19:34:07 | 000,000,175 | ---- | C] () -- C:\ProgramData\LockFilePath.ini
[2010/07/01 08:46:25 | 000,000,680 | ---- | C] () -- C:\Users\Mama\AppData\Local\d3d9caps.dat
[2010/04/03 00:00:49 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/31 14:45:17 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/12/01 21:05:59 | 002,447,334 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0040]-[p08].bmp
[2009/09/13 14:02:10 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/08/12 20:27:30 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/16 20:47:48 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat.temp
[2009/05/26 16:51:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/26 16:51:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/25 21:09:05 | 000,117,811 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/05/02 14:48:17 | 000,001,682 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/04/24 21:53:53 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/04/24 21:53:53 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/04/21 22:04:02 | 000,035,840 | ---- | C] () -- C:\Users\Mama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/13 15:53:21 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/04/13 15:53:21 | 000,176,214 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/04/13 15:53:21 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/04/13 15:53:21 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009/04/13 15:53:21 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/04/13 15:53:21 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/04/13 15:50:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/13 07:58:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/09/08 17:26:22 | 000,012,288 | ---- | C] () -- C:\Windows\System32\drivers\Spyder3.sys
[2006/11/02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 002,230,488 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,629,224 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,118,324 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 27 Nov 2014
Posts: 9983
Location: Yorkshire

PostPosted: Wed Oct 12, 2011 10:30 pm    Post subject: Reply with quote

Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Valentina

I'm Gary R

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.


  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...

    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.



Please observe these rules while we work:

  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

  • As you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator


Quote:
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


I see you have run Combofix, I need to see the log it produced, you'll find it at C:\Combofix.txt

I'd also like you to run some further scans for me .....

First

Download TDSSKiller.zip and extract it to your Desktop.

  • Double click on TDSSKiller.exe to launch it.

    • If using Vista or Windows7, when prompted by UAC allow the prompt.

  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Next


  • Download aswMBR.exe to your desktop.
  • Double click aswMBR.exe to run it



  • Click the SCAN button to start the scan.



  • On completion of the scan click SAVE LOG and save it to your desktop.
  • Post the log contents in your next reply please.


Next

Please download Junction.zip and save it to your desktop.

  • Right click Junction.zip and choose extract all...
  • When the Compressed Folders Extraction wizard opens, click Next
  • Click Browse
  • When the "select a destination" box opens, click My Computer > Local Disk (CSmile > Windows > OK
  • Back at the Extraction Wizard, click Next.
  • Untick "Show Extracted Files" and click Finish

    • Click Start > Run. Copy and paste the contents of the codebox below into the run box.
    • (Do Not include Code:) Then click OK:



Code:
cmd /c junction -s c:\ >log.txt&log.txt&del log.txt



  • A command window will open and the system will be scanned. (Click Agree to the prompt)
  • Please be patient & wait untill a log file opens in notepad.
  • Copy and paste the contents of that file in your next reply.


Summary of the logs I need from you in your next post:

  • Combofix.txt
  • Tdsskiller log
  • aswMBR log
  • Junction log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 27 Nov 2014
Posts: 9983
Location: Yorkshire

PostPosted: Sun Oct 16, 2011 12:39 am    Post subject: Reply with quote

Quote:
Due to lack of response this topic is now closed.

If you still need help you must open a new thread in the HijackThis logs forum, post a new log, and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

Gary R

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group