Jump to content

Hemi425HP

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Hampton, Virginia
  1. The cleanup went withoug a hitch. Everything is in good shape. I'll read (and heed) the tips in the links at the bottom of your post. Thanks again! -Rob
  2. Uninstall Java Updates - Done Restart Update Adobe Reader - Done Norton 360 Disabled - Done OTL Fix - Done All processes killed ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. ========== COMMANDS ========== File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: AppData ->Temp folder emptied: 0 bytes User: Brooke ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Daddy ->Temp folder emptied: 41646 bytes ->Temporary Internet Files folder emptied: 161841311 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 1724 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Mcx1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Mommy ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Nick ->Temp folder emptied: 31832 bytes ->Temporary Internet Files folder emptied: 13989822 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 647 bytes User: Public ->Temp folder emptied: 0 bytes User: TEMP ->Temp folder emptied: 0 bytes User: TEMP.Rodgers-PC ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: UpdatusUser.Rodgers-PC ->Temp folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: UpdatusUser.Rodgers-PC.000 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 119047633 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 281.00 mb Restore point Set: OTL Restore Point [EMPTYFLASH] User: All Users User: AppData User: Brooke ->Flash cache emptied: 0 bytes User: Daddy ->Flash cache emptied: 0 bytes User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Mcx1 ->Flash cache emptied: 0 bytes User: Mommy ->Flash cache emptied: 0 bytes User: Nick ->Flash cache emptied: 0 bytes User: Public User: TEMP User: TEMP.Rodgers-PC ->Flash cache emptied: 0 bytes User: UpdatusUser ->Flash cache emptied: 0 bytes User: UpdatusUser.Rodgers-PC ->Flash cache emptied: 0 bytes User: UpdatusUser.Rodgers-PC.000 ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb [EMPTYJAVA] User: All Users User: AppData User: Brooke ->Java cache emptied: 0 bytes User: Daddy ->Java cache emptied: 0 bytes User: Default User: Default User User: Mcx1 User: Mommy ->Java cache emptied: 0 bytes User: Nick ->Java cache emptied: 0 bytes User: Public User: TEMP User: TEMP.Rodgers-PC User: UpdatusUser User: UpdatusUser.Rodgers-PC User: UpdatusUser.Rodgers-PC.000 Total Java Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.61.4 log created on 09162012_164447 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Update & Reset Firefox - Done Norton360 Re-enabled - Done The system is like new. Startup is faster by 20% I'd guess. Windows is very responsive. All in all fantastic. Java wanted to do an update so I let it (Update 35) Very Truly Thank You for taking the time to help me. You do wonderful work.
  3. STEP 1 - SECURITY CHECK Results of screen317's Security Check version 0.99.50 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Norton 360 WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 Java 6 Update 22 Java 6 Update 33 Java 6 Update 3 Java 6 Update 4 Java 6 Update 5 Java 6 Update 7 Java version out of Date! Adobe Flash Player 11.3.300.271 Adobe Reader X 10.1.0 Adobe Reader out of Date! Mozilla Firefox 12.0 Firefox out of Date! Google Chrome 12.0.742.100 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` STEP 2 - FSS Farbar Service Scanner Version: 06-08-2012 Ran by Daddy (administrator) on 16-09-2012 at 08:23:11 Running from "C:\Users\Daddy\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcsvc.dll [2009-07-17 06:09] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7 C:\Windows\System32\drivers\afd.sys [2012-02-14 17:17] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943 C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-05-10 15:24] - [2012-03-30 08:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E C:\Windows\System32\dnsrslvr.dll [2011-04-14 19:26] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0 C:\Windows\System32\mpssvc.dll [2009-07-17 06:09] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C C:\Windows\System32\bfe.dll [2009-07-17 06:09] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29 C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe [2009-07-17 06:10] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1 C:\Windows\System32\wscsvc.dll [2009-07-17 06:09] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A C:\Windows\System32\wbem\WMIsvc.dll [2009-07-17 06:09] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02 C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll [2009-07-17 06:10] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C C:\Windows\System32\es.dll [2009-07-17 06:09] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF C:\Windows\System32\cryptsvc.dll [2012-06-14 07:17] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31 C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2009-07-17 06:10] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF **** End of log **** STEP 3 - OTL (QUICK SCAN) OTL logfile created on: 9/16/2012 8:24:53 AM - Run 3 OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\Daddy\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 5.12 Gb Available Physical Memory | 64.03% Memory free 16.18 Gb Paging File | 13.17 Gb Available in Paging File | 81.40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.76 Gb Total Space | 55.32 Gb Free Space | 11.88% Space Free | Partition Type: NTFS Drive F: | 8.92 Gb Total Space | 8.60 Gb Free Space | 96.39% Space Free | Partition Type: FAT32 Drive G: | 7.39 Gb Total Space | 5.88 Gb Free Space | 79.49% Space Free | Partition Type: FAT32 Computer Name: RODGERS-PC | User Name: Daddy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/09/14 21:37:16 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Daddy\Desktop\OTL.exe PRC - [2012/08/18 13:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Management\Engine\3.1.0.24\ccSvcHst.exe PRC - [2012/06/29 16:41:52 | 000,553,800 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe PRC - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccsvchst.exe PRC - [2012/05/20 23:45:26 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011/09/05 17:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010/10/12 17:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe PRC - [2010/10/12 17:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe ========== Modules (No Company Name) ========== MOD - [2012/06/30 00:18:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTMUI.dll MOD - [2012/06/30 00:18:04 | 000,335,872 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTHAL.dll MOD - [2012/06/30 00:17:48 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTCore.dll MOD - [2012/06/30 00:17:40 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTUI.dll MOD - [2012/06/30 00:17:34 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTFC.dll MOD - [2012/06/29 16:41:52 | 000,553,800 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe MOD - [2011/05/01 02:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTTSH.dll ========== Services (SafeList) ========== SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2008/01/19 04:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/08/23 14:53:33 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/08/22 23:12:37 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/08/18 13:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Management\Engine\3.1.0.24\ccSvcHst.exe -- (MCLIENT) SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe -- (N360) SRV - [2012/06/04 20:52:18 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/05/20 23:45:26 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011/09/05 17:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service) SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe -- (PCCUJobMgr) SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/11/25 23:33:08 | 000,077,944 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/08/06 13:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MCLIENTx64\0301000.018\ccSetx64.sys -- (ccSet_MCLIENT) DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SRTSPX64.SYS -- (SRTSPX) DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\0603000.00E\SRTSP64.SYS -- (SRTSP) DRV:64bit: - [2012/07/03 18:18:09 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccSetx64.sys -- (ccSet_N360) DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SYMEFA64.SYS -- (SymEFA) DRV:64bit: - [2012/04/28 07:34:26 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/17 18:46:01 | 000,445,560 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0603000.00E\SYMTDIV.SYS -- (SYMTDIv) DRV:64bit: - [2012/01/17 18:46:00 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM) DRV:64bit: - [2012/01/17 18:45:55 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SYMDS64.SYS -- (SymDS) DRV:64bit: - [2012/01/17 18:35:24 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Ironx64.SYS -- (SymIRON) DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/07/14 12:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ctxusbm.sys -- (ctxusbm) DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009/11/16 04:13:26 | 000,271,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009/06/17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009/06/17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2008/01/19 02:30:09 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc) DRV:64bit: - [2007/08/28 17:04:20 | 000,067,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21) DRV:64bit: - [2007/06/29 14:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64) DRV:64bit: - [2007/05/24 06:30:02 | 000,072,192 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID) DRV:64bit: - [2007/05/09 09:37:52 | 000,484,736 | ---- | M] (Pinnacle a division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\MarvinAVS64.sys -- (PinnacleMarvinAVS) DRV:64bit: - [2007/05/03 13:15:12 | 000,021,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTictwl.sys -- (NCPro) DRV:64bit: - [2006/11/10 09:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATITool64.sys -- (ATITool) DRV:64bit: - [2006/09/20 04:37:22 | 000,022,064 | ---- | M] (ABIT) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uGuru.sys -- (UGURU) DRV - [2012/09/16 01:12:55 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120915.008\ex64.sys -- (NAVEX15) DRV - [2012/09/16 01:12:55 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120915.008\eng64.sys -- (NAVENG) DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120914.001\IDSviA64.sys -- (IDSVia64) DRV - [2012/08/31 18:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120905.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2012/08/09 01:44:47 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/08/09 01:44:47 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/06/29 16:41:52 | 000,015,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision X\RTCore64.sys -- (RTCore64) DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2008/12/17 22:27:35 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Users\Daddy\Documents\Computer Utilities\RealTemp_2.87\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [2006/11/08 13:43:56 | 000,011,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\U-ABIT\FlashMenu\WinFlash64.sys -- (Winflash) DRV - [2005/10/21 07:25:32 | 000,013,396 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\MTictwl.sys -- (NCPro) DRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2612669 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 8D CC 1C A6 69 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {EE171C03-A2C3-44C5-8DB8-D468274AF87F} IE - HKCU\..\SearchScopes\{467BBA57-ECFE-4412-A3F0-FCDE1C45C3AB}: "URL" = http://search.espn.go.com/results?searchString={searchTerms}&fromForm=true IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{EE171C03-A2C3-44C5-8DB8-D468274AF87F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGHP_en IE - HKCU\..\SearchScopes\{F05C35F5-7733-4FA0-85CD-BFA4498B6BF6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.defaultthis.engineName: "IMVU Inc Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9 FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: textlinks@gamevance.com:1.0.0 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.3.6 FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@dyyno.com/vlc;version=0.8.6f: C:\Program Files (x86)\Dyyno\Dyyno Player\npvlc.dll (Dyyno) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Daddy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Daddy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daddy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daddy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\IPSFFPlgn\ [2012/04/28 07:39:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\coFFPlgn\ [2012/09/15 22:48:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.40\coFFFw\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/23 13:59:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/23 13:59:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension [2012/01/02 19:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daddy\AppData\Roaming\Mozilla\Extensions [2012/05/04 05:50:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\qm5g6rc1.default\extensions [2012/03/31 23:02:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\qm5g6rc1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/08/31 14:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/04/28 07:39:38 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\IPSFFPLGN [2010/06/11 22:03:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012/06/04 20:52:18 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012/02/25 14:27:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/03/27 13:42:57 | 000,002,051 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchstonicus.xml [2012/01/02 19:10:39 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012/02/25 14:27:26 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/09/15 21:42:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Calorie Count Plus Toolbar) - {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - C:\Program Files (x86)\ccptb\ccptb.dll ( ) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Calorie Count Plus Toolbar) - {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - C:\Program Files (x86)\ccptb\ccptb.dll ( ) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Calorie Count Plus Toolbar) - {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - C:\Program Files (x86)\ccptb\ccptb.dll ( ) O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: mcleancont.com ([citrix] https in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.26.0.cab (SysInfo Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB (Wizard101GameLauncher) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40236.725474537 (Update Class) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class) O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39C63FB6-02E5-47FE-B86F-9AA44F31660C}: DhcpNameServer = 192.168.1.1 71.252.0.12 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\ica - No CLSID value found O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Daddy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Daddy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/05/22 23:21:14 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2012/04/08 17:08:38 | 000,000,000 | ---D | M] - F:\AutoGuideFree_download -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/09/16 08:10:44 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{C0FEA711-98A2-483B-9CA7-D2375BEDC050} [2012/09/15 21:50:44 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/09/15 21:50:43 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\temp [2012/09/15 21:42:36 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/09/15 21:25:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/09/15 21:25:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/09/15 21:25:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/09/15 21:18:56 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/09/15 19:20:57 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2012/09/15 18:48:14 | 000,000,000 | ---D | C] -- C:\Users\Daddy\Desktop\Malware Fighting Stuff [2012/09/15 17:54:57 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{CC4EA27F-8D10-402D-AE1B-2A607B2270C5} [2012/09/15 17:05:44 | 000,000,000 | ---D | C] -- C:\_OTL [2012/09/14 22:28:55 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Daddy\Desktop\FSS.exe [2012/09/14 21:37:15 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Daddy\Desktop\OTL.exe [2012/09/14 19:16:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/09/14 19:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2012/09/14 19:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2012/09/14 18:25:45 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{4A3DD88C-1CAA-4CCA-BB61-FE51983C6D6F} [2012/09/13 21:14:53 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{B6B2F80B-3534-4921-A772-5B9492633838} [2012/09/12 21:00:08 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{3E3F0CA4-C5A5-4BB4-AB81-716441C5F7E9} [2012/09/12 08:59:34 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{19FA9E90-07E7-4262-BD44-570F46E89F31} [2012/09/05 06:11:22 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{57F24FA5-6F5D-4297-8240-BE1CD2C9144D} [2012/09/03 16:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2012/09/03 16:48:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012/09/03 16:46:19 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2012/09/03 16:46:18 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012/09/03 16:46:18 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2012/09/03 16:46:18 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2012/09/03 16:46:18 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012/09/03 16:46:15 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2012/09/03 16:46:15 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2012/09/03 16:46:14 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2012/09/03 16:46:14 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2012/09/03 16:46:12 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2012/09/03 16:46:12 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2012/09/03 16:46:12 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012/09/03 16:46:12 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012/09/03 16:46:12 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012/09/03 16:46:12 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012/09/03 16:46:12 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2012/09/03 16:46:12 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2012/09/03 16:46:12 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012/09/03 16:46:12 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012/09/03 16:46:12 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2012/09/03 16:46:11 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll [2012/09/03 16:46:11 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2012/09/03 16:46:10 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2012/09/03 16:46:10 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2012/09/03 16:46:10 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2012/09/03 16:46:09 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll [2012/09/03 16:46:09 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2012/09/03 16:46:09 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2012/09/03 16:46:08 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012/09/03 16:46:08 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2012/09/03 16:46:08 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2012/09/03 16:46:08 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2012/09/03 16:46:08 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2012/09/03 16:46:08 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2012/09/03 16:46:08 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2012/09/03 16:46:08 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll [2012/09/03 16:46:08 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll [2012/09/03 16:46:08 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2012/09/03 16:46:08 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll [2012/09/03 16:46:08 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2012/09/03 16:46:08 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2012/09/03 16:46:08 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2012/09/03 16:46:08 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2012/09/03 16:46:08 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2012/09/03 16:46:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012/09/02 13:38:41 | 000,000,000 | ---D | C] -- C:\Users\Daddy\Documents\Podcast [2012/09/02 13:29:16 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\Motorola [2012/09/02 13:28:24 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Roaming\Motorola Mobility [2012/09/02 13:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola Mobility [2012/09/01 13:37:29 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{418F8885-4FE1-408A-B90D-9537524FA9F3} [2012/09/01 07:58:11 | 000,000,000 | ---D | C] -- C:\Users\Daddy\Documents\Cheerleading [2012/08/31 14:12:36 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{E4916322-22DC-4B88-864D-F2F57F602A06} [2012/08/23 15:06:28 | 000,039,424 | ---- | C] (AMD, Inc.) -- C:\Windows\SysNative\drivers\AmdLLD64.sys [2012/08/23 15:06:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD [2012/08/23 11:05:35 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{36823A00-5521-4646-9F17-A3442FBD94C9} [2012/08/22 12:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls [2012/08/21 15:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios [2012/08/21 15:52:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios [2012/08/20 18:44:15 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{7C7A8F9C-5A04-4737-9272-2F582ED2A214} [2012/08/18 08:20:23 | 000,000,000 | ---D | C] -- C:\Users\Daddy\Documents\Home Improvement ========== Files - Modified Within 30 Days ========== [2012/09/16 08:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/09/16 08:16:03 | 000,854,156 | ---- | M] () -- C:\Users\Daddy\Desktop\SecurityCheck.exe [2012/09/16 08:09:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/16 08:09:56 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-53450069-800913693-2988721728-1000UA.job [2012/09/16 02:44:54 | 000,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/16 02:44:54 | 000,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/15 22:44:55 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/09/15 22:44:55 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/09/15 21:42:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/09/15 21:41:40 | 000,392,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/09/14 22:28:55 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Daddy\Desktop\FSS.exe [2012/09/14 21:37:16 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Daddy\Desktop\OTL.exe [2012/09/14 19:33:39 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-53450069-800913693-2988721728-1000Core.job [2012/09/13 05:26:20 | 000,716,864 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/09/13 05:26:20 | 000,613,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/09/13 05:26:20 | 000,108,228 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/09/12 09:04:30 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2012/09/12 08:58:51 | 000,015,095 | ---- | M] () -- C:\Users\Daddy\Documents\forgotthedamnedloginCSV.ods [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/09/02 21:52:36 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job [2012/09/01 13:33:37 | 000,075,753 | ---- | M] () -- C:\Users\Daddy\Documents\2012.09.01rodgersaccountbalance.pdf [2012/08/31 14:28:31 | 000,123,624 | ---- | M] () -- C:\Users\Daddy\Documents\birthcertorder.pdf [2012/08/30 21:03:26 | 000,018,693 | ---- | M] () -- C:\Users\Daddy\Documents\Cheerleading Snack Schedule.ods [2012/08/30 19:19:36 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW [2012/08/27 15:06:53 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\MCLIENTx64\0301000.018\isolate.ini ========== Files Created - No Company Name ========== [2012/09/16 08:16:03 | 000,854,156 | ---- | C] () -- C:\Users\Daddy\Desktop\SecurityCheck.exe [2012/09/15 21:25:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/09/15 21:25:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/09/15 21:25:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/09/15 21:25:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/09/15 21:25:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/09/03 16:46:12 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2012/09/01 13:33:36 | 000,075,753 | ---- | C] () -- C:\Users\Daddy\Documents\2012.09.01rodgersaccountbalance.pdf [2012/08/31 14:28:30 | 000,123,624 | ---- | C] () -- C:\Users\Daddy\Documents\birthcertorder.pdf [2012/08/30 21:01:05 | 000,018,693 | ---- | C] () -- C:\Users\Daddy\Documents\Cheerleading Snack Schedule.ods [2012/08/30 19:19:36 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW [2012/07/14 18:44:20 | 000,002,086 | ---- | C] () -- C:\Users\Daddy\.recently-used.xbel [2012/05/24 00:03:34 | 000,109,108 | ---- | C] () -- C:\Users\Daddy\AppData\Roaming\icarus-dxdiag.xml [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012/01/16 22:32:24 | 000,009,179 | ---- | C] () -- C:\Users\Daddy\AppData\Local\a37c1552 [2011/09/24 07:49:43 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011/08/26 18:21:30 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2011/07/08 22:27:04 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011/03/18 17:01:58 | 000,000,827 | ---- | C] () -- C:\Windows\BTI.INI [2011/03/18 17:01:52 | 000,206,848 | ---- | C] () -- C:\Windows\SysWow64\DBSETUP.EXE [2011/03/18 17:01:52 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\DBU_UI.DLL [2011/03/18 17:01:51 | 000,101,888 | ---- | C] () -- C:\Windows\SysWow64\BUTIL.DLL [2011/03/18 17:01:50 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\WDBUUI32.DLL [2011/03/18 17:01:50 | 000,038,576 | ---- | C] () -- C:\Windows\SysWow64\NWLOCALE.DLL [2011/03/18 17:01:49 | 000,009,136 | ---- | C] () -- C:\Windows\SysWow64\INETWH16.DLL [2011/03/16 21:06:23 | 000,320,512 | ---- | C] () -- C:\Windows\SysWow64\W32MKDE.EXE [2011/03/16 21:06:23 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\W32MKRC.DLL [2010/08/23 22:53:06 | 000,023,676 | ---- | C] () -- C:\Users\Daddy\AppData\Roaming\UserTile.png [2010/02/25 23:21:29 | 000,005,198 | -HS- | C] () -- C:\Users\Daddy\AppData\Local\JjrT1QIkQ3n [2009/05/09 22:48:30 | 000,000,760 | ---- | C] () -- C:\Users\Daddy\AppData\Roaming\setup_ldm.iss [2009/03/13 21:51:50 | 000,000,552 | ---- | C] () -- C:\Users\Daddy\AppData\Local\d3d8caps.dat [2009/03/04 17:07:13 | 000,000,680 | ---- | C] () -- C:\Users\Daddy\AppData\Local\d3d9caps.dat [2008/12/13 17:45:08 | 000,000,632 | RHS- | C] () -- C:\Users\Daddy\ntuser.pol [2008/03/23 13:38:55 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008/03/23 01:07:01 | 000,081,408 | ---- | C] () -- C:\Users\Daddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/03/22 01:31:47 | 000,000,093 | ---- | C] () -- C:\Users\Daddy\AppData\Local\fusioncache.dat [2008/03/21 01:39:39 | 000,001,460 | ---- | C] () -- C:\Users\Daddy\AppData\Local\d3d9caps64.dat ========== LOP Check ========== [2008/11/25 23:39:57 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Autodesk [2008/07/03 20:27:03 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\BitZipper [2010/04/11 14:08:15 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\BonkEnc [2009/01/24 20:21:12 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Bullzip [2011/09/25 11:38:43 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Canon [2010/06/15 22:25:02 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\ccptb [2009/07/22 05:39:01 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Citrix [2008/11/25 23:06:01 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\DAEMON Tools [2012/07/09 21:30:09 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\DAEMON Tools Lite [2008/08/19 22:15:00 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\DeepBurner [2008/11/29 00:45:59 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\dyyno-vlc [2011/04/06 21:49:43 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Engius, LLC [2012/01/12 22:07:33 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\FileZilla [2011/03/28 21:43:59 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\GeoVid [2012/07/14 18:20:14 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\gtk-2.0 [2010/02/19 13:45:22 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\HLSW [2011/07/22 20:16:27 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\ICAClient [2008/03/31 22:33:29 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\ImgBurn [2009/08/10 18:17:19 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\KompoZer [2008/05/06 22:54:40 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Leadertech [2012/09/02 13:46:03 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Motorola [2012/09/02 13:28:24 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Motorola Mobility [2010/05/21 11:23:50 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\My Games [2009/01/12 22:21:47 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Nvu [2011/04/12 16:15:23 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\ooVoo Details [2009/01/05 22:51:19 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org [2010/08/23 22:53:05 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\PeerNetworking [2008/08/24 20:30:03 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Skinux [2008/12/25 12:37:32 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Sony [2008/12/25 12:27:45 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Sony Setup [2011/10/23 15:04:29 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\StreamTorrent [2012/04/15 22:11:39 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\SystemRequirementsLab [2011/09/04 17:15:19 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Temp [2012/02/04 05:57:17 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\The Creative Assembly [2010/05/28 10:38:19 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Tific [2010/10/24 19:02:10 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Windows Live Writer [2012/09/02 21:52:36 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job [2012/09/15 22:43:49 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A1063995 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:6DFF1A8A < End of report >
  4. Disabled Norton360 per the instructions and Cobofix still put up a warning. I went into the Norton360 settings and unchecked everything in the "Quick Controls" then clicked OK to let Combofix do it's thing. It took about 12 minutes to run through the 50 stages and the system re-start happened automatically. No "illegal operation" message upon coming back. Combofix took a short while to generate the log and do whatever it does upon re-start. Haven't done much but the system seems really good, windows and files definitely open faster than they did before. Differences I've noticed are there is now an internet explorer icon on my desktop with the name "The Internet". Also I noticed that my network and volume icons are gone from the notification area of my taskbar. I right clicked the taskbar > properties > notification area and under System Icons the options to always show Volume, Network, and Power are greyed out (clock is available and checked). All in all though I wasn't really expecting my computer to be running this much better. It's noticeably faster. Thanks a ton. Combofix log below. ComboFix 12-09-15.02 - Daddy 09/15/2012 21:28:34.1.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.5819 [GMT -4:00] Running from: c:\users\Daddy\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\programdata\84e2a78c c:\programdata\xmlA757.tmp c:\programdata\xmlAB6F.tmp c:\programdata\xmlADD1.tmp c:\users\Daddy\AppData\Roaming\beda7ebd c:\users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\qm5g6rc1.default\searchplugins\bing-zugo.xml c:\windows\SysWow64\AC2005DLL.dll c:\windows\SysWow64\FlashPlayerInstaller.exe c:\windows\SysWow64\URTTemp c:\windows\SysWow64\URTTemp\regtlib.exe c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((( Files Created from 2012-08-16 to 2012-09-16 ))))))))))))))))))))))))))))))) . . 2012-09-16 01:39 . 2012-09-16 01:44 -------- d-----w- c:\users\Daddy\AppData\Local\temp 2012-09-16 01:39 . 2012-09-16 01:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-09-16 01:39 . 2012-09-16 01:39 -------- d-----w- c:\users\UpdatusUser.Rodgers-PC\AppData\Local\temp 2012-09-16 01:39 . 2012-09-16 01:39 -------- d-----w- c:\users\UpdatusUser.Rodgers-PC.000\AppData\Local\temp 2012-09-16 01:39 . 2012-09-16 01:39 -------- d-----w- c:\users\TEMP.Rodgers-PC\AppData\Local\temp 2012-09-16 01:39 . 2012-09-16 01:39 -------- d-----w- c:\users\Nick\AppData\Local\temp 2012-09-16 01:39 . 2012-09-16 01:39 -------- d-----w- c:\users\Mommy\AppData\Local\temp 2012-09-16 01:39 . 2012-09-16 01:39 -------- d-----w- c:\users\Mcx1\AppData\Local\temp 2012-09-16 01:39 . 2012-09-16 01:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-16 01:39 . 2012-09-16 01:39 -------- d-----w- c:\users\Brooke\AppData\Local\temp 2012-09-15 21:05 . 2012-09-15 21:05 -------- d-----w- C:\_OTL 2012-09-14 23:14 . 2012-09-14 23:14 -------- d-----w- c:\program files (x86)\ERUNT 2012-09-13 20:54 . 2012-09-13 20:54 -------- d-----w- c:\windows\system32\drivers\MCLIENTx64\0301000.018 2012-09-03 20:48 . 2012-09-03 20:48 -------- d-----w- c:\program files\Realtek 2012-09-03 20:48 . 2012-09-03 20:48 -------- d-----w- c:\windows\SysWow64\RTCOM 2012-09-02 17:29 . 2012-09-02 17:29 -------- d-----w- c:\users\Daddy\AppData\Local\Motorola 2012-09-02 17:28 . 2012-09-02 17:28 -------- d-----w- c:\users\Daddy\AppData\Roaming\Motorola Mobility 2012-09-02 17:27 . 2012-09-02 17:45 -------- d-----w- c:\program files (x86)\Motorola Mobility 2012-08-23 19:48 . 2012-08-23 19:48 -------- d-----w- c:\users\Nick\AppData\Local\Chromium 2012-08-23 19:06 . 2007-06-29 18:48 39424 ----a-w- c:\windows\system32\drivers\AmdLLD64.sys 2012-08-23 19:06 . 2012-08-23 19:06 -------- d-----w- c:\program files (x86)\AMD 2012-08-23 19:06 . 2012-08-23 19:06 -------- d-----w- c:\users\Nick\AppData\Local\Downloaded Installations 2012-08-22 16:10 . 2012-08-22 16:10 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls 2012-08-21 19:52 . 2012-09-12 22:21 -------- d-----w- c:\programdata\Hi-Rez Studios 2012-08-21 19:52 . 2012-09-12 22:21 -------- d-----w- c:\program files (x86)\Hi-Rez Studios . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-12 10:08 . 2006-11-02 12:35 64462936 ----a-w- c:\windows\system32\mrt.exe 2012-09-07 21:04 . 2012-01-17 04:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-23 03:12 . 2012-03-31 01:17 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-23 03:12 . 2011-05-17 21:46 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-08 22:11 . 2009-02-22 00:28 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-07-08 22:11 . 2009-02-20 22:18 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-07-06 02:17 . 2012-08-15 04:11 37536 ----a-w- c:\windows\system32\drivers\N360x64\0603000.00E\srtspx64.sys 2012-07-06 02:17 . 2012-08-15 04:11 737952 ----a-w- c:\windows\system32\drivers\N360x64\0603000.00E\srtsp64.sys 2012-07-04 14:33 . 2012-08-15 10:08 2769408 ----a-w- c:\windows\system32\win32k.sys 2012-07-03 22:18 . 2008-11-26 03:06 560184 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-07-02 00:27 . 2012-07-02 00:28 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-07-02 00:27 . 2011-02-27 20:52 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-06-29 16:20 . 2012-08-15 09:45 648192 ----a-w- c:\windows\system32\netapi32.dll 2012-06-28 04:10 . 2012-08-15 10:08 17809920 ----a-w- c:\windows\system32\mshtml.dll 2012-06-28 03:39 . 2012-08-15 10:08 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-06-28 03:28 . 2012-08-15 10:08 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-28 03:22 . 2012-08-15 10:08 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-06-28 03:21 . 2012-08-15 10:08 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-06-28 03:20 . 2012-08-15 10:08 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-28 03:19 . 2012-08-15 10:08 237056 ----a-w- c:\windows\system32\url.dll 2012-06-28 03:17 . 2012-08-15 10:08 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-06-28 03:16 . 2012-08-15 10:08 816640 ----a-w- c:\windows\system32\jscript.dll 2012-06-28 03:16 . 2012-08-15 10:08 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-28 03:14 . 2012-08-15 10:08 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-06-28 03:13 . 2012-08-15 10:08 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-06-28 03:12 . 2012-08-15 10:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-28 03:08 . 2012-08-15 10:08 248320 ----a-w- c:\windows\system32\ieui.dll 2012-06-28 00:27 . 2012-08-15 10:08 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-28 00:19 . 2012-08-15 10:08 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-06-28 00:18 . 2012-08-15 10:08 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-06-28 00:12 . 2012-08-15 10:08 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-06-28 00:07 . 2012-08-15 10:08 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 138240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-09-05 2232752] . c:\users\Brooke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ IMVU.lnk - c:\users\Daddy\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [N/A] OpenOffice.org 3.0.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] OpenOffice.org 3.4.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 250568] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 17:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 03:12] . 2012-09-03 c:\windows\Tasks\EasyShare Registration Task.job - c:\windows\system32\rundll32.exe [2006-11-02 09:45] . 2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-13 20:38] . 2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-13 20:38] . 2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-53450069-800913693-2988721728-1000Core.job - c:\users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 02:44] . 2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-53450069-800913693-2988721728-1000UA.job - c:\users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 02:44] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496] "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ig mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;192.168.*.*;<local> IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: mcleancont.com\citrix Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.1.1 71.252.0.12 DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\qm5g6rc1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file) Toolbar-10 - (no file) ShellIconOverlayIdentifiers-{2D7E38A6-A604-45AE-9A87-4F5F25760650} - (no file) Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe Toolbar-10 - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MCLIENT] "ImagePath"="\"c:\program files (x86)\Norton Management\Engine\3.1.0.24\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files (x86)\Norton Management\Engine\3.1.0.24\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.4.131\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9}"=hex:51,66,7a,6c,4c,1d,38,12,6a,a1,44, a4,fe,f4,48,08,a0,d2,28,ee,8e,f3,79,dd "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{59C6F12B-F004-43E5-9997-08F2123119B6}"=hex:51,66,7a,6c,4c,1d,38,12,45,f2,d5, 5d,36,be,8b,06,e6,81,4b,b2,17,6f,5d,a2 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce, 9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13, 36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:05,bb,7f,09,77,f9,cb,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\FLAGS] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\HELPDIR] @="c:\\Windows\\SysWOW64\\Macromed\\Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\FLAGS] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\HELPDIR] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe c:\program files (x86)\Common Files\Motive\McciCMService.exe c:\program files (x86)\Norton Management\Engine\3.1.0.24\ccSvcHst.exe c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe c:\program files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Norton Management\Engine\3.1.0.24\ccSvcHst.exe c:\program files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe c:\program files (x86)\EVGA Precision X\EVGAPrecision.exe c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\program files (x86)\Google\Update\Install\{8764DC4E-ED1C-44AD-8D00-1907FEBB55DD}\GoogleUpdateSetup.exe c:\program files (x86)\GUM251A.tmp\GoogleUpdate.exe . ************************************************************************** . Completion time: 2012-09-15 21:50:35 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-16 01:50 . Pre-Run: 59,077,595,136 bytes free Post-Run: 58,857,312,256 bytes free . - - End Of File - - FED5D85C60EBB1FDA0CE37AE3D0930BC
  5. I copied and pasted the text into notepad and it all came out on one line like: @Echo offsc stop msiserversc config msiserver start=manualsc start msiserversc.......... I thought it was odd but went with it and when I ran it as administrator a box flashed on the screen and nothing happened for a very long time. I then edited the file so each "command" was on a separate line as shown in your codebox. I right clicked it and a command window popped up for a quick couple of seconds, ran through a bunch of steps (the commands I'm assuming) quicker than I could read, and then the fix.bat file deleted itself. I waited about 10 minutes for the system to re-start but it never did. I then restarted it myself via the start menu. The system seems great. I checked my wifes user account and can access the public pictures folder. I then checked out the Control Panel from my user account and I don't get any "service missing" type messages when clicking around in there. I think startup is faster now too.
  6. Houston we have a problem! I disabled Norton360 per instructions and copied and pasted the lines between the **** below the blue bar, closed my browser, and clicked "Run Fix" Everything seemed to be going swimmingly until it got to the [CLEARALLRESTOREPOINTS] Message at the bottom of the OTL window said "Clearing Restore Points Do Not Interrupt" All of a sudden the program crashed and a windows error message popped up that said "OTL has stopped working A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available." I looked to see if there was a log in C:\_OTL\MovedFiles and there isn't. I did not attempt to re-run it or move on to the next step pending further instructions. Thanks again for your help.
  7. Farbar Service Scanner Version: 06-08-2012 Ran by Daddy (administrator) on 15-09-2012 at 11:17:35 Running from "C:\Users\Daddy\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= MpsSvc Service is not running. Checking service configuration: The start type of MpsSvc service is OK. The ImagePath of MpsSvc service is OK. The ServiceDll of MpsSvc service is OK. bfe Service is not running. Checking service configuration: The start type of bfe service is OK. The ImagePath of bfe service is OK. The ServiceDll of bfe service is OK. Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcsvc.dll [2009-07-17 06:09] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7 C:\Windows\System32\drivers\afd.sys [2012-02-14 17:17] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943 C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-05-10 15:24] - [2012-03-30 08:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E C:\Windows\System32\dnsrslvr.dll [2011-04-14 19:26] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0 C:\Windows\System32\mpssvc.dll [2009-07-17 06:09] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C C:\Windows\System32\bfe.dll [2009-07-17 06:09] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29 C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe [2009-07-17 06:10] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1 C:\Windows\System32\wscsvc.dll [2009-07-17 06:09] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A C:\Windows\System32\wbem\WMIsvc.dll [2009-07-17 06:09] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02 C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll [2009-07-17 06:10] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C C:\Windows\System32\es.dll [2009-07-17 06:09] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF C:\Windows\System32\cryptsvc.dll [2012-06-14 07:17] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31 C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2009-07-17 06:10] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF **** End of log ****
  8. I checked the network and sharing center and Network discovery and File sharing are now shown as on. I'm not going to change anything without instructions. I was just curious.
  9. Step 4 - FSS.exe Farbar Service Scanner Version: 06-08-2012 Ran by Daddy (administrator) on 14-09-2012 at 22:30:20 Running from "C:\Users\Daddy\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. bfe Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcsvc.dll [2009-07-17 06:09] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7 C:\Windows\System32\drivers\afd.sys [2012-02-14 17:17] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943 C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-05-10 15:24] - [2012-03-30 08:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E C:\Windows\System32\dnsrslvr.dll [2011-04-14 19:26] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0 C:\Windows\System32\mpssvc.dll [2009-07-17 06:09] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C C:\Windows\System32\bfe.dll [2009-07-17 06:09] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29 C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe [2009-07-17 06:10] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1 C:\Windows\System32\wscsvc.dll [2009-07-17 06:09] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A C:\Windows\System32\wbem\WMIsvc.dll [2009-07-17 06:09] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02 C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll [2009-07-17 06:10] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C C:\Windows\System32\es.dll [2009-07-17 06:09] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF C:\Windows\System32\cryptsvc.dll [2012-06-14 07:17] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31 C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2009-07-17 06:10] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF **** End of log **** What a tremendous amount of text to go through. Thanks again for your help.
  10. Step 3 - OTL.exe Continued ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4 ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) Drivers32: vidc.i420 - vdrcodec.dll File not found Drivers32: VIDC.MJPG - C:\Windows\SysWow64\pvmjpg30.dll (Pegasus Imaging Corporation) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/09/14 21:37:15 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Daddy\Desktop\OTL.exe [2012/09/14 21:23:38 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Daddy\Desktop\tdsskiller.exe [2012/09/14 19:46:44 | 000,000,000 | ---D | C] -- C:\Users\Daddy\Desktop\RK_Quarantine [2012/09/14 19:16:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/09/14 19:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2012/09/14 19:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2012/09/14 18:25:45 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{4A3DD88C-1CAA-4CCA-BB61-FE51983C6D6F} [2012/09/13 21:14:53 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{B6B2F80B-3534-4921-A772-5B9492633838} [2012/09/12 21:00:08 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{3E3F0CA4-C5A5-4BB4-AB81-716441C5F7E9} [2012/09/12 08:59:34 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{19FA9E90-07E7-4262-BD44-570F46E89F31} [2012/09/12 08:42:24 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Daddy\Desktop\dds.com [2012/09/05 06:11:22 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{57F24FA5-6F5D-4297-8240-BE1CD2C9144D} [2012/09/03 16:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2012/09/03 16:48:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012/09/03 16:46:29 | 000,525,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll [2012/09/03 16:46:19 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2012/09/03 16:46:19 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll [2012/09/03 16:46:19 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll [2012/09/03 16:46:19 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll [2012/09/03 16:46:18 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012/09/03 16:46:18 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2012/09/03 16:46:18 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2012/09/03 16:46:18 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012/09/03 16:46:18 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll [2012/09/03 16:46:16 | 000,220,776 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll [2012/09/03 16:46:15 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2012/09/03 16:46:15 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2012/09/03 16:46:14 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2012/09/03 16:46:14 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2012/09/03 16:46:13 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2012/09/03 16:46:13 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2012/09/03 16:46:13 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2012/09/03 16:46:12 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2012/09/03 16:46:12 | 005,096,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat [2012/09/03 16:46:12 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2012/09/03 16:46:12 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2012/09/03 16:46:12 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2012/09/03 16:46:12 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2012/09/03 16:46:12 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012/09/03 16:46:12 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012/09/03 16:46:12 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012/09/03 16:46:12 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012/09/03 16:46:12 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2012/09/03 16:46:12 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2012/09/03 16:46:12 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2012/09/03 16:46:12 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll [2012/09/03 16:46:12 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012/09/03 16:46:12 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012/09/03 16:46:12 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2012/09/03 16:46:12 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll [2012/09/03 16:46:11 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll [2012/09/03 16:46:11 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2012/09/03 16:46:10 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2012/09/03 16:46:10 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2012/09/03 16:46:10 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2012/09/03 16:46:09 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll [2012/09/03 16:46:09 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2012/09/03 16:46:09 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2012/09/03 16:46:08 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012/09/03 16:46:08 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2012/09/03 16:46:08 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2012/09/03 16:46:08 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2012/09/03 16:46:08 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2012/09/03 16:46:08 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2012/09/03 16:46:08 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2012/09/03 16:46:08 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll [2012/09/03 16:46:08 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll [2012/09/03 16:46:08 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2012/09/03 16:46:08 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll [2012/09/03 16:46:08 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2012/09/03 16:46:08 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2012/09/03 16:46:08 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2012/09/03 16:46:08 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2012/09/03 16:46:08 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2012/09/03 16:46:07 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2012/09/03 16:46:07 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2012/09/03 16:46:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012/09/03 16:46:00 | 001,706,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2012/09/02 13:38:41 | 000,000,000 | ---D | C] -- C:\Users\Daddy\Documents\Podcast [2012/09/02 13:29:16 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\Motorola [2012/09/02 13:28:24 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Roaming\Motorola Mobility [2012/09/02 13:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola Mobility [2012/09/01 13:37:29 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{418F8885-4FE1-408A-B90D-9537524FA9F3} [2012/09/01 07:58:11 | 000,000,000 | ---D | C] -- C:\Users\Daddy\Documents\Cheerleading [2012/08/31 14:12:36 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{E4916322-22DC-4B88-864D-F2F57F602A06} [2012/08/23 15:06:28 | 000,039,424 | ---- | C] (AMD, Inc.) -- C:\Windows\SysNative\drivers\AmdLLD64.sys [2012/08/23 15:06:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD [2012/08/23 11:05:35 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{36823A00-5521-4646-9F17-A3442FBD94C9} [2012/08/22 12:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls [2012/08/21 15:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios [2012/08/21 15:52:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios [2012/08/20 18:44:15 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{7C7A8F9C-5A04-4737-9272-2F582ED2A214} [2012/08/18 08:20:23 | 000,000,000 | ---D | C] -- C:\Users\Daddy\Documents\Home Improvement [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/09/14 21:39:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-53450069-800913693-2988721728-1000UA.job [2012/09/14 21:37:16 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Daddy\Desktop\OTL.exe [2012/09/14 21:31:20 | 000,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/14 21:31:20 | 000,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/14 21:31:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/14 21:23:38 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Daddy\Desktop\tdsskiller.exe [2012/09/14 20:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/09/14 19:45:26 | 001,378,816 | ---- | M] () -- C:\Users\Daddy\Desktop\RogueKiller.exe [2012/09/14 19:33:39 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-53450069-800913693-2988721728-1000Core.job [2012/09/14 19:14:27 | 000,000,723 | ---- | M] () -- C:\Users\Daddy\Desktop\NTREGOPT.lnk [2012/09/14 19:14:26 | 000,000,704 | ---- | M] () -- C:\Users\Daddy\Desktop\ERUNT.lnk [2012/09/13 05:26:20 | 000,716,864 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/09/13 05:26:20 | 000,613,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/09/13 05:26:20 | 000,108,228 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/09/12 09:04:30 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2012/09/12 08:58:51 | 000,015,095 | ---- | M] () -- C:\Users\Daddy\Documents\forgotthedamnedloginCSV.ods [2012/09/12 08:42:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Daddy\Desktop\dds.com [2012/09/11 21:29:01 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/09/03 16:46:43 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll [2012/09/02 21:52:36 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job [2012/09/01 13:33:37 | 000,075,753 | ---- | M] () -- C:\Users\Daddy\Documents\2012.09.01rodgersaccountbalance.pdf [2012/08/31 14:28:31 | 000,123,624 | ---- | M] () -- C:\Users\Daddy\Documents\birthcertorder.pdf [2012/08/30 21:03:26 | 000,018,693 | ---- | M] () -- C:\Users\Daddy\Documents\Cheerleading Snack Schedule.ods [2012/08/30 19:19:36 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW [2012/08/27 15:06:53 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\MCLIENTx64\0301000.018\isolate.ini [2012/08/22 23:12:37 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/08/22 23:12:37 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/08/15 23:12:52 | 845,034,621 | ---- | M] () -- C:\Windows\MEMORY.DMP [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/09/14 19:45:26 | 001,378,816 | ---- | C] () -- C:\Users\Daddy\Desktop\RogueKiller.exe [2012/09/14 19:14:26 | 000,000,723 | ---- | C] () -- C:\Users\Daddy\Desktop\NTREGOPT.lnk [2012/09/14 19:14:26 | 000,000,704 | ---- | C] () -- C:\Users\Daddy\Desktop\ERUNT.lnk [2012/09/11 21:29:01 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/03 16:46:12 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2012/09/01 13:33:36 | 000,075,753 | ---- | C] () -- C:\Users\Daddy\Documents\2012.09.01rodgersaccountbalance.pdf [2012/08/31 14:28:30 | 000,123,624 | ---- | C] () -- C:\Users\Daddy\Documents\birthcertorder.pdf [2012/08/30 21:01:05 | 000,018,693 | ---- | C] () -- C:\Users\Daddy\Documents\Cheerleading Snack Schedule.ods [2012/08/30 19:19:36 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW [2012/08/15 23:12:52 | 845,034,621 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/07/14 18:44:20 | 000,002,086 | ---- | C] () -- C:\Users\Daddy\.recently-used.xbel [2012/05/24 00:03:34 | 000,109,108 | ---- | C] () -- C:\Users\Daddy\AppData\Roaming\icarus-dxdiag.xml [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012/01/16 22:32:24 | 000,009,310 | ---- | C] () -- C:\Users\Daddy\AppData\Roaming\beda7ebd [2012/01/16 22:32:24 | 000,009,233 | ---- | C] () -- C:\ProgramData\84e2a78c [2012/01/16 22:32:24 | 000,009,179 | ---- | C] () -- C:\Users\Daddy\AppData\Local\a37c1552 [2011/09/24 07:49:43 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011/08/26 18:21:30 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2011/07/08 22:27:04 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011/03/18 17:01:58 | 000,000,827 | ---- | C] () -- C:\Windows\BTI.INI [2011/03/18 17:01:52 | 000,206,848 | ---- | C] () -- C:\Windows\SysWow64\DBSETUP.EXE [2011/03/18 17:01:52 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\DBU_UI.DLL [2011/03/18 17:01:51 | 000,101,888 | ---- | C] () -- C:\Windows\SysWow64\BUTIL.DLL [2011/03/18 17:01:50 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\WDBUUI32.DLL [2011/03/18 17:01:50 | 000,038,576 | ---- | C] () -- C:\Windows\SysWow64\NWLOCALE.DLL [2011/03/18 17:01:49 | 000,009,136 | ---- | C] () -- C:\Windows\SysWow64\INETWH16.DLL [2011/03/16 21:06:23 | 000,320,512 | ---- | C] () -- C:\Windows\SysWow64\W32MKDE.EXE [2011/03/16 21:06:23 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\W32MKRC.DLL [2010/08/23 22:53:06 | 000,023,676 | ---- | C] () -- C:\Users\Daddy\AppData\Roaming\UserTile.png [2010/02/25 23:21:29 | 000,005,198 | -HS- | C] () -- C:\Users\Daddy\AppData\Local\JjrT1QIkQ3n [2009/05/09 22:48:30 | 000,000,760 | ---- | C] () -- C:\Users\Daddy\AppData\Roaming\setup_ldm.iss [2009/03/13 21:51:50 | 000,000,552 | ---- | C] () -- C:\Users\Daddy\AppData\Local\d3d8caps.dat [2009/03/04 17:07:13 | 000,000,680 | ---- | C] () -- C:\Users\Daddy\AppData\Local\d3d9caps.dat [2008/12/13 17:45:08 | 000,000,632 | RHS- | C] () -- C:\Users\Daddy\ntuser.pol [2008/03/23 13:38:55 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008/03/23 01:07:01 | 000,081,408 | ---- | C] () -- C:\Users\Daddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/03/22 01:31:47 | 000,000,093 | ---- | C] () -- C:\Users\Daddy\AppData\Local\fusioncache.dat [2008/03/21 01:39:39 | 000,001,460 | ---- | C] () -- C:\Users\Daddy\AppData\Local\d3d9caps64.dat ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %ALLUSERSPROFILE%\Application Data\*.dll /s > < %APPDATA%\*. > [2011/03/26 08:02:38 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Adobe [2011/11/19 22:05:15 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Apple Computer [2011/03/06 15:59:13 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\ArcSoft [2008/11/25 23:39:57 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Autodesk [2008/08/30 21:50:31 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\AVS4YOU [2008/07/03 20:27:03 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\BitZipper [2010/04/11 14:08:15 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\BonkEnc [2009/01/24 20:21:12 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Bullzip [2010/07/10 13:58:11 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\CameraWindowDC [2011/09/25 11:38:43 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Canon [2010/02/12 11:01:57 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\CANON INC [2010/06/15 22:25:02 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\ccptb [2009/07/22 05:39:01 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Citrix [2008/11/25 23:06:01 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\DAEMON Tools [2012/07/09 21:30:09 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\DAEMON Tools Lite [2008/08/19 22:15:00 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\DeepBurner [2011/02/28 22:09:14 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\DivX [2008/11/29 00:45:59 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\dyyno-vlc [2011/04/06 21:49:43 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Engius, LLC [2012/01/12 22:07:33 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\FileZilla [2011/03/28 21:43:59 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\GeoVid [2011/02/18 21:15:26 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Google [2012/07/14 18:20:14 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\gtk-2.0 [2009/01/02 23:17:10 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Help [2010/02/19 13:45:22 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\HLSW [2011/07/22 20:16:27 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\ICAClient [2008/03/21 01:39:44 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Identities [2008/03/31 22:33:29 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\ImgBurn [2008/03/21 23:21:24 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\InstallShield [2008/12/27 10:59:37 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Intuit [2011/03/06 16:01:20 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\KodakCredentialStore [2009/08/10 18:17:19 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\KompoZer [2008/05/06 22:54:40 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Leadertech [2010/04/11 00:21:01 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Logishrd [2010/04/11 00:24:38 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Logitech [2008/03/21 22:55:50 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Macromedia [2012/01/17 00:04:19 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Malwarebytes [2006/11/02 11:07:25 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Media Center Programs [2011/03/26 08:02:38 | 000,000,000 | --SD | M] -- C:\Users\Daddy\AppData\Roaming\Microsoft [2010/06/16 19:57:22 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Microsoft Games [2010/09/17 05:34:28 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Motive [2012/09/02 13:46:03 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Motorola [2012/09/02 13:28:24 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Motorola Mobility [2012/01/16 22:53:35 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Move Networks [2012/09/12 18:34:56 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Mozilla [2010/05/21 11:23:50 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\My Games [2011/09/29 12:31:10 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\NVIDIA [2009/01/12 22:21:47 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Nvu [2011/04/12 16:15:23 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\ooVoo Details [2009/01/05 22:51:19 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org [2009/01/05 20:57:55 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org2 [2010/08/23 22:53:05 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\PeerNetworking [2008/12/26 09:41:51 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Roxio [2008/08/24 20:30:03 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Skinux [2008/12/25 12:37:32 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Sony [2008/12/25 12:27:45 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Sony Setup [2011/10/23 15:04:29 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\StreamTorrent [2009/09/13 22:57:23 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Sun [2012/04/15 22:11:39 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\SystemRequirementsLab [2011/09/04 17:15:19 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Temp [2012/02/04 05:57:17 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\The Creative Assembly [2010/05/28 10:38:19 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Tific [2009/07/25 14:02:28 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\U3 [2011/04/12 21:29:27 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Ventrilo [2009/03/30 18:03:39 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Verizon [2012/09/02 13:30:57 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\vlc [2010/10/24 19:02:10 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Windows Live Writer [2011/08/30 21:17:49 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Xfire [2010/09/04 11:13:54 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\ZoomBrowser EX < %APPDATA%\*.exe /s > [2010/04/11 00:24:25 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Daddy\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2008/04/20 01:24:00 | 000,021,630 | R--- | M] () -- C:\Users\Daddy\AppData\Roaming\Microsoft\Installer\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}\_6FEFF9B68218417F98F549.exe [2008/04/20 01:24:00 | 000,006,462 | R--- | M] () -- C:\Users\Daddy\AppData\Roaming\Microsoft\Installer\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}\_7128E1F9F222A8E24D3CAA.exe [2008/04/20 01:24:00 | 000,021,630 | R--- | M] () -- C:\Users\Daddy\AppData\Roaming\Microsoft\Installer\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}\_CFD6D42B6B589B419C4C1C.exe [2008/04/20 01:24:00 | 000,021,630 | R--- | M] () -- C:\Users\Daddy\AppData\Roaming\Microsoft\Installer\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}\_ED5A694DDDFCA3353724A2.exe [2008/05/23 22:53:10 | 000,015,086 | R--- | M] () -- C:\Users\Daddy\AppData\Roaming\Microsoft\Installer\{CEF736FF-8133-42F3-8E18-BDFE293B87FF}\ARPPRODUCTICON.exe [2009/08/29 15:08:27 | 000,015,086 | R--- | M] () -- C:\Users\Daddy\AppData\Roaming\Microsoft\Installer\{D761BBA0-FBDD-4E81-96E1-43B957D91BD8}\ARPPRODUCTICON.exe [2009/08/29 15:11:06 | 000,015,086 | R--- | M] () -- C:\Users\Daddy\AppData\Roaming\Microsoft\Installer\{F82E9B29-EE4B-418F-9CA4-A70DA610553D}\ARPPRODUCTICON.exe [2009/06/16 02:35:42 | 000,097,144 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe [2008/12/25 12:29:43 | 027,288,880 | ---- | M] (Apple Inc.) -- C:\Users\Daddy\AppData\Roaming\Sony Setup\A189E68E-2253-4C3B-86B7-D77E36F13C55\QuickTimeInstaller.exe < %APPDATA%\*.dll /s > [2012/01/15 18:55:46 | 005,494,272 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\Adobe\Flash Player\NativeCache\4C35D13E7986AF668024429FA6710AC1\500dfefe\adobecp-300592-2.dll [2012/08/24 13:58:36 | 000,325,144 | ---- | M] (Google) -- C:\Users\Daddy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2012/08/24 13:58:40 | 004,736,024 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2012/08/24 13:22:56 | 003,734,536 | ---- | M] (Microsoft Corporation) -- C:\Users\Daddy\AppData\Roaming\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll [2012/06/24 19:15:25 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sveieot.tmp_\presentation-minimizer.oxt\msvcm90.dll [2012/06/24 19:15:25 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sveieot.tmp_\presentation-minimizer.oxt\msvcp90.dll [2012/06/24 19:15:25 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sveieot.tmp_\presentation-minimizer.oxt\msvcr90.dll [2012/06/24 19:15:25 | 000,245,248 | ---- | M] (Apache Software Foundation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sveieot.tmp_\presentation-minimizer.oxt\SunPresentationMinimizer.uno.dll [2012/06/24 19:15:32 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sveihlf.tmp_\presenter-screen.oxt\msvcm90.dll [2012/06/24 19:15:35 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sveihlf.tmp_\presenter-screen.oxt\msvcp90.dll [2012/06/24 19:15:35 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sveihlf.tmp_\presenter-screen.oxt\msvcr90.dll [2012/06/24 19:15:35 | 000,709,632 | ---- | M] (Apache Software Foundation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sveihlf.tmp_\presenter-screen.oxt\PresenterScreen.uno.dll [2012/06/24 19:15:26 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\sveifev.tmp_\presentation-minimizer.oxt\msvcm90.dll [2012/06/24 19:15:26 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\sveifev.tmp_\presentation-minimizer.oxt\msvcp90.dll [2012/06/24 19:15:26 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\sveifev.tmp_\presentation-minimizer.oxt\msvcr90.dll [2012/06/24 19:15:26 | 000,245,248 | ---- | M] (Apache Software Foundation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\sveifev.tmp_\presentation-minimizer.oxt\SunPresentationMinimizer.uno.dll [2010/10/30 15:41:04 | 000,092,280 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.3.1.0A.dll [2011/02/04 21:06:08 | 000,094,008 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.4.16.0A.dll [2012/04/15 22:11:39 | 000,094,488 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.5.1.0A.dll [2011/01/23 00:44:10 | 000,290,816 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll [2011/01/23 00:44:10 | 000,290,816 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll [2011/01/23 00:44:10 | 000,290,816 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll [2011/01/23 00:44:10 | 000,290,816 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll < %SYSTEMDRIVE%\*.exe > [2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2006/11/02 08:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys [2008/01/19 04:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008/01/19 04:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008/03/22 09:57:31 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=05001E1FACCE49DB895B8526B05C7302 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_37cb142cf6008bc1\atapi.sys [2008/01/19 04:07:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2008/03/22 09:57:31 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=BB55C79E0595D8CFBE4A80A3C9EB77EA -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\atapi.sys [2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys [2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll [2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008/01/19 04:11:31 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys [2006/11/02 07:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008/01/19 04:03:01 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll [2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll [2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll [2006/11/02 07:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 08:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys [2008/01/19 04:08:50 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2006/11/02 07:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll [2008/01/19 04:03:55 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll [2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < MD5 for: SERVICES.EXE > [2006/11/02 07:16:09 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=0A87F57DFC2C0EB9BBA8BE1C87BAFE1A -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_294799ef88bb616c\services.exe [2008/01/19 03:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe [2006/11/02 05:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe [2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe [2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe [2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe [2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe [2008/01/19 04:00:35 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe < MD5 for: THEMEUI.DLL > [2006/11/02 07:19:10 | 000,688,128 | ---- | M] (Microsoft Corporation) MD5=43E84A3B0F06A7B1B1D071BEE20C3685 -- C:\Windows\winsxs\amd64_microsoft-windows-themeui_31bf3856ad364e35_6.0.6000.16386_none_dee66ffad6f3899d\themeui.dll [2009/04/11 02:28:24 | 000,615,424 | ---- | M] (Microsoft Corporation) MD5=4CF66D8014ECB3BF517E38C5B90AAC74 -- C:\Windows\SysWOW64\themeui.dll [2009/04/11 02:28:24 | 000,615,424 | ---- | M] (Microsoft Corporation) MD5=4CF66D8014ECB3BF517E38C5B90AAC74 -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.0.6002.18005_none_86ea0f7f18a2f487\themeui.dll [2008/01/19 03:36:40 | 000,615,424 | ---- | M] (Microsoft Corporation) MD5=56BA1BD7176DBBFBD037275819DA4AE3 -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.0.6001.18000_none_84fe96731b81293b\themeui.dll [2006/11/02 05:46:13 | 000,615,424 | ---- | M] (Microsoft Corporation) MD5=57662420C44382D612E40043DA492616 -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.0.6000.16386_none_82c7d4771e961867\themeui.dll [2009/04/11 03:11:27 | 000,688,640 | ---- | M] (Microsoft Corporation) MD5=A83ABA8C35FC10E8CECF4A241ECAFA9F -- C:\Windows\SysNative\themeui.dll [2009/04/11 03:11:27 | 000,688,640 | ---- | M] (Microsoft Corporation) MD5=A83ABA8C35FC10E8CECF4A241ECAFA9F -- C:\Windows\winsxs\amd64_microsoft-windows-themeui_31bf3856ad364e35_6.0.6002.18005_none_e308ab02d10065bd\themeui.dll [2008/01/19 04:04:16 | 000,688,128 | ---- | M] (Microsoft Corporation) MD5=DAE68AD95119FF3DE58B72B44CA2DDC8 -- C:\Windows\winsxs\amd64_microsoft-windows-themeui_31bf3856ad364e35_6.0.6001.18000_none_e11d31f6d3de9a71\themeui.dll < MD5 for: USERINIT.EXE > [2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe [2006/11/02 07:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe [2008/01/19 04:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008/01/19 04:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < c:|services.ex;true;true;true; /FP > < %USERPROFILE%\..|smtmp;true;true;true /FP > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < > ========== Alternate Data Streams ========== @Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A1063995 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:6DFF1A8A < End of report >
  11. Step 3 - OTL.exe (very long so will be 2 posts) OTL logfile created on: 9/14/2012 10:09:43 PM - Run 2 OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\Daddy\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 5.76 Gb Available Physical Memory | 72.07% Memory free 16.05 Gb Paging File | 14.00 Gb Available in Paging File | 87.23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.76 Gb Total Space | 64.87 Gb Free Space | 13.93% Space Free | Partition Type: NTFS Computer Name: RODGERS-PC | User Name: Daddy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/09/14 21:37:16 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Daddy\Desktop\OTL.exe PRC - [2012/08/18 13:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Management\Engine\3.1.0.24\ccSvcHst.exe PRC - [2012/06/29 16:41:52 | 000,553,800 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe PRC - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccsvchst.exe PRC - [2012/05/20 23:45:26 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011/09/05 17:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010/10/12 17:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe PRC - [2010/10/12 17:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe ========== Modules (No Company Name) ========== MOD - [2012/06/30 00:18:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTMUI.dll MOD - [2012/06/30 00:18:04 | 000,335,872 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTHAL.dll MOD - [2012/06/30 00:17:48 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTCore.dll MOD - [2012/06/30 00:17:40 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTUI.dll MOD - [2012/06/30 00:17:34 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTFC.dll MOD - [2012/06/29 16:41:52 | 000,553,800 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe MOD - [2011/05/01 02:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTTSH.dll ========== Services (SafeList) ========== SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2012/08/23 14:53:33 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/08/22 23:12:37 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/08/18 13:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Management\Engine\3.1.0.24\ccSvcHst.exe -- (MCLIENT) SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe -- (N360) SRV - [2012/06/04 20:52:18 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/05/20 23:45:26 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011/09/05 17:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service) SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe -- (PCCUJobMgr) SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/11/25 23:33:08 | 000,077,944 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/08/06 13:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MCLIENTx64\0301000.018\ccSetx64.sys -- (ccSet_MCLIENT) DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SRTSPX64.SYS -- (SRTSPX) DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\0603000.00E\SRTSP64.SYS -- (SRTSP) DRV:64bit: - [2012/07/03 18:18:09 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccSetx64.sys -- (ccSet_N360) DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SYMEFA64.SYS -- (SymEFA) DRV:64bit: - [2012/04/28 07:34:26 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/17 18:46:01 | 000,445,560 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0603000.00E\SYMTDIV.SYS -- (SYMTDIv) DRV:64bit: - [2012/01/17 18:46:00 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM) DRV:64bit: - [2012/01/17 18:45:55 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SYMDS64.SYS -- (SymDS) DRV:64bit: - [2012/01/17 18:35:24 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Ironx64.SYS -- (SymIRON) DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/07/14 12:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ctxusbm.sys -- (ctxusbm) DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009/11/16 04:13:26 | 000,271,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009/06/17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009/06/17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2008/01/19 02:30:09 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc) DRV:64bit: - [2007/08/28 17:04:20 | 000,067,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21) DRV:64bit: - [2007/06/29 14:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64) DRV:64bit: - [2007/05/24 06:30:02 | 000,072,192 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID) DRV:64bit: - [2007/05/09 09:37:52 | 000,484,736 | ---- | M] (Pinnacle a division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\MarvinAVS64.sys -- (PinnacleMarvinAVS) DRV:64bit: - [2007/05/03 13:15:12 | 000,021,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTictwl.sys -- (NCPro) DRV:64bit: - [2006/11/10 09:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATITool64.sys -- (ATITool) DRV:64bit: - [2006/09/20 04:37:22 | 000,022,064 | ---- | M] (ABIT) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uGuru.sys -- (UGURU) DRV - [2012/09/14 17:37:34 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120914.002\ex64.sys -- (NAVEX15) DRV - [2012/09/14 17:37:33 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120914.002\eng64.sys -- (NAVENG) DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120914.001\IDSviA64.sys -- (IDSVia64) DRV - [2012/08/31 18:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120905.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2012/08/09 01:44:47 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/08/09 01:44:47 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/06/29 16:41:52 | 000,015,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision X\RTCore64.sys -- (RTCore64) DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2008/12/17 22:27:35 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Users\Daddy\Documents\Computer Utilities\RealTemp_2.87\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [2006/11/08 13:43:56 | 000,011,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\U-ABIT\FlashMenu\WinFlash64.sys -- (Winflash) DRV - [2005/10/21 07:25:32 | 000,013,396 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\MTictwl.sys -- (NCPro) DRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2612669 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 8D CC 1C A6 69 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig IE - HKCU\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {EE171C03-A2C3-44C5-8DB8-D468274AF87F} IE - HKCU\..\SearchScopes\{467BBA57-ECFE-4412-A3F0-FCDE1C45C3AB}: "URL" = http://search.espn.go.com/results?searchString={searchTerms}&fromForm=true IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{EE171C03-A2C3-44C5-8DB8-D468274AF87F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGHP_en IE - HKCU\..\SearchScopes\{F05C35F5-7733-4FA0-85CD-BFA4498B6BF6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.defaultthis.engineName: "IMVU Inc Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9 FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: textlinks@gamevance.com:1.0.0 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.3.6 FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@dyyno.com/vlc;version=0.8.6f: C:\Program Files (x86)\Dyyno\Dyyno Player\npvlc.dll (Dyyno) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Daddy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Daddy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daddy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daddy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\IPSFFPlgn\ [2012/04/28 07:39:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\coFFPlgn\ [2012/09/14 21:34:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.40\coFFFw\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/23 13:59:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/23 13:59:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension [2012/01/02 19:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daddy\AppData\Roaming\Mozilla\Extensions [2012/05/04 05:50:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\qm5g6rc1.default\extensions [2012/03/31 23:02:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\qm5g6rc1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011/04/12 16:15:16 | 000,002,014 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\qm5g6rc1.default\searchplugins\bing-zugo.xml [2012/08/31 14:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/04/28 07:39:38 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\IPSFFPLGN [2010/06/11 22:03:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012/06/04 20:52:18 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012/02/25 14:27:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/03/27 13:42:57 | 000,002,051 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchstonicus.xml [2012/01/02 19:10:39 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012/02/25 14:27:26 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Calorie Count Plus Toolbar) - {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - C:\Program Files (x86)\ccptb\ccptb.dll ( ) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O3 - HKLM\..\Toolbar: (Calorie Count Plus Toolbar) - {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - C:\Program Files (x86)\ccptb\ccptb.dll ( ) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Calorie Count Plus Toolbar) - {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - C:\Program Files (x86)\ccptb\ccptb.dll ( ) O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: mcleancont.com ([citrix] https in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.26.0.cab (SysInfo Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB (Wizard101GameLauncher) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40236.725474537 (Update Class) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class) O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39C63FB6-02E5-47FE-B86F-9AA44F31660C}: DhcpNameServer = 192.168.1.1 71.252.0.12 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\ica - No CLSID value found O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Daddy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Daddy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/05/22 23:21:14 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{2e9af24b-e11e-11e1-bc8d-00508dba6a8e}\Shell - "" = AutoRun O33 - MountPoints2\{2e9af24b-e11e-11e1-bc8d-00508dba6a8e}\Shell\AutoRun\command - "" = H:\MotoCastSetup.exe -a O33 - MountPoints2\{32a8c8aa-2840-11df-ae6f-00508dba6a8e}\Shell - "" = AutoRun O33 - MountPoints2\{32a8c8aa-2840-11df-ae6f-00508dba6a8e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{601a3923-dbcb-11e1-a149-00508dba6a8e}\Shell - "" = AutoRun O33 - MountPoints2\{601a3923-dbcb-11e1-a149-00508dba6a8e}\Shell\AutoRun\command - "" = I:\MotoCastSetup.exe -a O33 - MountPoints2\{6f95fd69-7944-11de-912b-00508dba6a8e}\Shell - "" = AutoRun O33 - MountPoints2\{6f95fd69-7944-11de-912b-00508dba6a8e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{774672dd-5f2f-11e1-a8a8-00508dba6a8e}\Shell - "" = AutoRun O33 - MountPoints2\{774672dd-5f2f-11e1-a8a8-00508dba6a8e}\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a O33 - MountPoints2\{8a6a1de8-bb67-11dd-a8ea-00508dba6a8e}\Shell - "" = AutoRun O33 - MountPoints2\{8a6a1de8-bb67-11dd-a8ea-00508dba6a8e}\Shell\AutoRun\command - "" = F:\Setup.exe O33 - MountPoints2\{d3021943-e1a7-11e0-bf48-00508dba6a8e}\Shell - "" = AutoRun O33 - MountPoints2\{d3021943-e1a7-11e0-bf48-00508dba6a8e}\Shell\AutoRun\command - "" = F:\setup.exe -a O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk - C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe - (Autodesk, Inc) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor for SD.lnk - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe - (PIXELA CORPORATION) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe - (Eastman Kodak Company) MsConfig:64bit - StartUpFolder: C:^Users^Mommy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - () MsConfig:64bit - StartUpFolder: C:^Users^Mommy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - () MsConfig:64bit - StartUpFolder: C:^Users^Mommy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - () MsConfig:64bit - StartUpFolder: C:^Users^Nick^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^Nick^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - () MsConfig:64bit - StartUpReg: 4StoryPrePatch - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Akamai NetSession Interface - hkey= - key= - C:\Users\Daddy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ConnectionCenter - hkey= - key= - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: Gamevance - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig:64bit - StartUpReg: HLBackupScheduler - hkey= - key= - C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe () MsConfig:64bit - StartUpReg: hpqSRMon - hkey= - key= - File not found MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: MotoCast - hkey= - key= - File not found MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RivaTunerStartupDaemon - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Shockwave Updater - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Spotify - hkey= - key= - C:\Users\Mommy\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\Mommy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig:64bit - StartUpReg: VerizonServicepoint.exe - hkey= - key= - C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe (Verizon) MsConfig:64bit - StartUpReg: Verizon_McciTrayApp - hkey= - key= - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent) MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: WLSync - hkey= - key= - C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= - File not found MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: WinDefend - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: BFE - Service SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MPSSvc - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: WinDefend - Service SafeBootNet:64bit: WudfPf - Driver SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: BFE - Service SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MPSSvc - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - Service SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
  12. Step 1 - RogueKiller (After Delete) RogueKiller V8.0.3 [09/13/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : Daddy [Admin rights] Mode : Scan -- Date : 09/14/2012 22:05:45 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD501LJ ATA Device +++++ --- User --- [MBR] c6f1105b2a50a4ddcdd3d4f94c30559c [bSP] 8bee6f9577d1195b1651f3ad024f3a0e : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt Step 2 - tdsskiller 22:06:27.0547 5112 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48 22:06:27.0880 5112 ============================================================ 22:06:27.0880 5112 Current date / time: 2012/09/14 22:06:27.0880 22:06:27.0880 5112 SystemInfo: 22:06:27.0880 5112 22:06:27.0880 5112 OS Version: 6.0.6002 ServicePack: 2.0 22:06:27.0880 5112 Product type: Workstation 22:06:27.0880 5112 ComputerName: RODGERS-PC 22:06:27.0880 5112 UserName: Daddy 22:06:27.0880 5112 Windows directory: C:\Windows 22:06:27.0881 5112 System windows directory: C:\Windows 22:06:27.0881 5112 Running under WOW64 22:06:27.0881 5112 Processor architecture: Intel x64 22:06:27.0881 5112 Number of processors: 4 22:06:27.0881 5112 Page size: 0x1000 22:06:27.0881 5112 Boot type: Normal boot 22:06:27.0881 5112 ============================================================ 22:06:29.0144 5112 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 22:06:29.0149 5112 ============================================================ 22:06:29.0149 5112 \Device\Harddisk0\DR0: 22:06:29.0149 5112 MBR partitions: 22:06:29.0149 5112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000 22:06:29.0149 5112 ============================================================ 22:06:29.0185 5112 C: <-> \Device\Harddisk0\DR0\Partition1 22:06:29.0186 5112 ============================================================ 22:06:29.0186 5112 Initialize success 22:06:29.0186 5112 ============================================================ 22:06:37.0980 5048 ============================================================ 22:06:37.0980 5048 Scan started 22:06:37.0980 5048 Mode: Manual; 22:06:37.0980 5048 ============================================================ 22:06:40.0315 5048 ================ Scan system memory ======================== 22:06:40.0315 5048 System memory - ok 22:06:40.0316 5048 ================ Scan services ============================= 22:06:40.0840 5048 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys 22:06:40.0842 5048 ACPI - ok 22:06:41.0184 5048 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 22:06:41.0184 5048 AdobeARMservice - ok 22:06:41.0382 5048 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 22:06:41.0383 5048 AdobeFlashPlayerUpdateSvc - ok 22:06:41.0439 5048 [ 9137451D37BA1C325CD6C2DEF3D2D692 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 22:06:41.0442 5048 adp94xx - ok 22:06:41.0485 5048 [ 01F80898DF5CC7DF19B3B11351846263 ] adpahci C:\Windows\system32\drivers\adpahci.sys 22:06:41.0487 5048 adpahci - ok 22:06:41.0558 5048 [ DA001DB13FFF45DFE9109936E265B7CC ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 22:06:41.0560 5048 adpu160m - ok 22:06:41.0692 5048 [ 2B10C35C5B7C5C0C28F572E035319602 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 22:06:41.0694 5048 adpu320 - ok 22:06:41.0741 5048 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 22:06:41.0741 5048 AeLookupSvc - ok 22:06:41.0780 5048 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys 22:06:41.0782 5048 AFD - ok 22:06:41.0802 5048 [ 5CCDD13BC602AE33CD8B62D33C29AB72 ] agp440 C:\Windows\system32\drivers\agp440.sys 22:06:41.0803 5048 agp440 - ok 22:06:41.0835 5048 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 22:06:41.0836 5048 aic78xx - ok 22:06:41.0863 5048 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe 22:06:41.0864 5048 ALG - ok 22:06:41.0875 5048 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys 22:06:41.0876 5048 aliide - ok 22:06:42.0229 5048 ALSysIO - ok 22:06:42.0241 5048 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys 22:06:42.0242 5048 amdide - ok 22:06:42.0297 5048 [ DE55DC52F7CEB89A967572D6B491ADA2 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 22:06:42.0297 5048 AmdK8 - ok 22:06:42.0335 5048 [ F5761675DA9D15D7AE0E40907A8F4404 ] AmdLLD64 C:\Windows\system32\DRIVERS\AmdLLD64.sys 22:06:42.0336 5048 AmdLLD64 - ok 22:06:42.0417 5048 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll 22:06:42.0418 5048 Appinfo - ok 22:06:42.0671 5048 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 22:06:42.0672 5048 Apple Mobile Device - ok 22:06:42.0717 5048 [ 2E8623F2FED998A97129A3DB919551C8 ] arc C:\Windows\system32\drivers\arc.sys 22:06:42.0717 5048 arc - ok 22:06:42.0756 5048 [ 741A003C041A3EC480A2E71AF71E9654 ] arcsas C:\Windows\system32\drivers\arcsas.sys 22:06:42.0757 5048 arcsas - ok 22:06:42.0816 5048 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 22:06:42.0817 5048 AsyncMac - ok 22:06:42.0862 5048 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys 22:06:42.0863 5048 atapi - ok 22:06:42.0917 5048 [ B07E6681D303A612680223C729B021E2 ] ATITool C:\Windows\system32\DRIVERS\ATITool64.sys 22:06:42.0917 5048 ATITool - ok 22:06:42.0953 5048 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 22:06:42.0956 5048 AudioEndpointBuilder - ok 22:06:43.0088 5048 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll 22:06:43.0091 5048 AudioSrv - ok 22:06:43.0177 5048 [ 32A5DEFDDC3562BF89D73586F5915B34 ] Autodesk Licensing Service C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe 22:06:43.0178 5048 Autodesk Licensing Service - ok 22:06:43.0641 5048 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120905.001\BHDrvx64.sys 22:06:43.0649 5048 BHDrvx64 - ok 22:06:43.0740 5048 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll 22:06:43.0749 5048 BITS - ok 22:06:43.0754 5048 blbdrive - ok 22:06:43.0866 5048 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 22:06:43.0869 5048 Bonjour Service - ok 22:06:43.0897 5048 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 22:06:43.0898 5048 bowser - ok 22:06:43.0925 5048 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 22:06:43.0925 5048 BrFiltLo - ok 22:06:43.0936 5048 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 22:06:43.0936 5048 BrFiltUp - ok 22:06:43.0969 5048 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll 22:06:43.0970 5048 Browser - ok 22:06:43.0994 5048 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys 22:06:43.0995 5048 Brserid - ok 22:06:44.0015 5048 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 22:06:44.0016 5048 BrSerWdm - ok 22:06:44.0029 5048 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 22:06:44.0030 5048 BrUsbMdm - ok 22:06:44.0048 5048 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 22:06:44.0049 5048 BrUsbSer - ok 22:06:44.0058 5048 BTCFilterService - ok 22:06:44.0130 5048 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 22:06:44.0130 5048 BTHMODEM - ok 22:06:44.0214 5048 [ A5C13600F63EB92F8D15123D64BA9895 ] ccSet_MCLIENT C:\Windows\system32\drivers\MCLIENTx64\0301000.018\ccSetx64.sys 22:06:44.0215 5048 ccSet_MCLIENT - ok 22:06:44.0301 5048 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys 22:06:44.0302 5048 ccSet_N360 - ok 22:06:44.0334 5048 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 22:06:44.0335 5048 cdfs - ok 22:06:44.0364 5048 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 22:06:44.0365 5048 cdrom - ok 22:06:44.0409 5048 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll 22:06:44.0410 5048 CertPropSvc - ok 22:06:44.0426 5048 [ F28F00596824058BC61D5EDF434C9B82 ] circlass C:\Windows\system32\drivers\circlass.sys 22:06:44.0427 5048 circlass - ok 22:06:44.0462 5048 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys 22:06:44.0464 5048 CLFS - ok 22:06:44.0523 5048 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:06:44.0524 5048 clr_optimization_v2.0.50727_32 - ok 22:06:44.0564 5048 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 22:06:44.0565 5048 clr_optimization_v2.0.50727_64 - ok 22:06:44.0660 5048 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:06:44.0661 5048 clr_optimization_v4.0.30319_32 - ok 22:06:44.0690 5048 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 22:06:44.0691 5048 clr_optimization_v4.0.30319_64 - ok 22:06:44.0733 5048 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys 22:06:44.0733 5048 cmdide - ok 22:06:44.0765 5048 [ 0E77A445640BF310817F60941C50560C ] Compbatt C:\Windows\system32\drivers\compbatt.sys 22:06:44.0765 5048 Compbatt - ok 22:06:44.0770 5048 COMSysApp - ok 22:06:44.0782 5048 [ B1192DCD5B9CF46BEED0E2A9E5BCF59A ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 22:06:44.0783 5048 crcdisk - ok 22:06:44.0813 5048 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll 22:06:44.0814 5048 CryptSvc - ok 22:06:44.0851 5048 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys 22:06:44.0852 5048 ctxusbm - ok 22:06:44.0929 5048 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll 22:06:44.0934 5048 DcomLaunch - ok 22:06:44.0988 5048 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 22:06:44.0989 5048 DfsC - ok 22:06:45.0092 5048 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe 22:06:45.0112 5048 DFSR - ok 22:06:45.0166 5048 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll 22:06:45.0168 5048 Dhcp - ok 22:06:45.0194 5048 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys 22:06:45.0195 5048 disk - ok 22:06:45.0230 5048 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 22:06:45.0232 5048 Dnscache - ok 22:06:45.0262 5048 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll 22:06:45.0264 5048 dot3svc - ok 22:06:45.0309 5048 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll 22:06:45.0311 5048 DPS - ok 22:06:45.0345 5048 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 22:06:45.0345 5048 drmkaud - ok 22:06:45.0402 5048 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 22:06:45.0407 5048 DXGKrnl - ok 22:06:45.0443 5048 [ D57FE09B575545738A73A0C193D0616A ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys 22:06:45.0444 5048 E1G60 - ok 22:06:45.0469 5048 EagleX64 - ok 22:06:45.0497 5048 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll 22:06:45.0498 5048 EapHost - ok 22:06:45.0550 5048 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys 22:06:45.0551 5048 Ecache - ok 22:06:45.0626 5048 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 22:06:45.0629 5048 eeCtrl - ok 22:06:45.0701 5048 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe 22:06:45.0704 5048 ehRecvr - ok 22:06:45.0739 5048 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe 22:06:45.0740 5048 ehSched - ok 22:06:45.0787 5048 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll 22:06:45.0788 5048 ehstart - ok 22:06:45.0822 5048 [ 3D6298AFF3FE06C0616CE5D090A3EEAA ] elxstor C:\Windows\system32\drivers\elxstor.sys 22:06:45.0824 5048 elxstor - ok 22:06:45.0882 5048 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll 22:06:45.0885 5048 EMDMgmt - ok 22:06:45.0912 5048 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 22:06:45.0913 5048 EraserUtilRebootDrv - ok 22:06:45.0962 5048 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll 22:06:45.0965 5048 EventSystem - ok 22:06:45.0993 5048 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys 22:06:45.0995 5048 exfat - ok 22:06:46.0039 5048 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys 22:06:46.0040 5048 fastfat - ok 22:06:46.0065 5048 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 22:06:46.0065 5048 fdc - ok 22:06:46.0101 5048 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll 22:06:46.0102 5048 fdPHost - ok 22:06:46.0139 5048 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll 22:06:46.0140 5048 FDResPub - ok 22:06:46.0150 5048 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 22:06:46.0151 5048 FileInfo - ok 22:06:46.0174 5048 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys 22:06:46.0174 5048 Filetrace - ok 22:06:46.0201 5048 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 22:06:46.0202 5048 flpydisk - ok 22:06:46.0232 5048 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 22:06:46.0234 5048 FltMgr - ok 22:06:46.0324 5048 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll 22:06:46.0328 5048 FontCache - ok 22:06:46.0374 5048 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:06:46.0374 5048 FontCache3.0.0.0 - ok 22:06:46.0416 5048 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 22:06:46.0417 5048 fssfltr - ok 22:06:46.0524 5048 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 22:06:46.0532 5048 fsssvc - ok 22:06:46.0576 5048 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 22:06:46.0576 5048 Fs_Rec - ok 22:06:46.0602 5048 [ B54520CC7B4B55134D7527B1CD3FC1F2 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 22:06:46.0603 5048 gagp30kx - ok 22:06:46.0652 5048 [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 22:06:46.0652 5048 GEARAspiWDM - ok 22:06:46.0722 5048 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll 22:06:46.0728 5048 gpsvc - ok 22:06:46.0842 5048 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9a41bad056cd3 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 22:06:46.0843 5048 gupdate1c9a41bad056cd3 - ok 22:06:46.0863 5048 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 22:06:46.0864 5048 gupdatem - ok 22:06:46.0909 5048 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 22:06:46.0910 5048 gusvc - ok 22:06:46.0951 5048 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 22:06:46.0952 5048 HdAudAddService - ok 22:06:47.0036 5048 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 22:06:47.0042 5048 HDAudBus - ok 22:06:47.0110 5048 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys 22:06:47.0110 5048 HidBth - ok 22:06:47.0128 5048 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys 22:06:47.0129 5048 HidIr - ok 22:06:47.0165 5048 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll 22:06:47.0166 5048 hidserv - ok 22:06:47.0193 5048 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 22:06:47.0194 5048 HidUsb - ok 22:06:47.0231 5048 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll 22:06:47.0233 5048 hkmsvc - ok 22:06:47.0260 5048 [ 8EDC820115DF1E04763B2923676EA5B2 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 22:06:47.0261 5048 HpCISSs - ok 22:06:47.0292 5048 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys 22:06:47.0296 5048 HTTP - ok 22:06:47.0312 5048 [ F2901763845570ECAC48E6A50EC50812 ] i2omp C:\Windows\system32\drivers\i2omp.sys 22:06:47.0313 5048 i2omp - ok 22:06:47.0344 5048 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 22:06:47.0345 5048 i8042prt - ok 22:06:47.0378 5048 [ 72C3EE7EA3CD75A772E62AE0E5DF8B8C ] iaStorV C:\Windows\system32\drivers\iastorv.sys 22:06:47.0381 5048 iaStorV - ok 22:06:47.0466 5048 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 22:06:47.0467 5048 IDriverT - ok 22:06:47.0531 5048 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 22:06:47.0535 5048 idsvc - ok 22:06:47.0630 5048 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120914.001\IDSvia64.sys 22:06:47.0633 5048 IDSVia64 - ok 22:06:47.0647 5048 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys 22:06:47.0648 5048 iirsp - ok 22:06:47.0718 5048 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll 22:06:47.0722 5048 IKEEXT - ok 22:06:47.0831 5048 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 22:06:47.0854 5048 IntcAzAudAddService - ok 22:06:47.0882 5048 [ 36A266C673812878996F72B200203FBB ] intelide C:\Windows\system32\drivers\intelide.sys 22:06:47.0883 5048 intelide - ok 22:06:47.0907 5048 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 22:06:47.0907 5048 intelppm - ok 22:06:47.0943 5048 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 22:06:47.0944 5048 IPBusEnum - ok 22:06:47.0982 5048 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:06:47.0982 5048 IpFilterDriver - ok 22:06:47.0986 5048 IpInIp - ok 22:06:48.0006 5048 [ EACDBBE429C6D170BDEEE0EFFCBC317B ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 22:06:48.0007 5048 IPMIDRV - ok 22:06:48.0032 5048 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 22:06:48.0033 5048 IPNAT - ok 22:06:48.0099 5048 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 22:06:48.0104 5048 iPod Service - ok 22:06:48.0148 5048 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys 22:06:48.0149 5048 IRENUM - ok 22:06:48.0171 5048 [ D3BB520B31F28C1A065CD058E762EE73 ] isapnp C:\Windows\system32\drivers\isapnp.sys 22:06:48.0172 5048 isapnp - ok 22:06:48.0238 5048 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 22:06:48.0239 5048 iScsiPrt - ok 22:06:48.0286 5048 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 22:06:48.0286 5048 iteatapi - ok 22:06:48.0310 5048 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys 22:06:48.0310 5048 iteraid - ok 22:06:48.0349 5048 [ 50B9060D11C4C2AAEBACB2263972EFF2 ] JRAID C:\Windows\system32\DRIVERS\jraid.sys 22:06:48.0350 5048 JRAID - ok 22:06:48.0378 5048 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 22:06:48.0379 5048 kbdclass - ok 22:06:48.0405 5048 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 22:06:48.0405 5048 kbdhid - ok 22:06:48.0434 5048 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe 22:06:48.0436 5048 KeyIso - ok 22:06:48.0567 5048 [ 3D1E2D4A75BB4230B0CEE140B5585DCD ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe 22:06:48.0570 5048 Kodak AiO Network Discovery Service - ok 22:06:48.0604 5048 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 22:06:48.0607 5048 KSecDD - ok 22:06:48.0681 5048 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 22:06:48.0682 5048 ksthunk - ok 22:06:48.0729 5048 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll 22:06:48.0733 5048 KtmRm - ok 22:06:48.0772 5048 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll 22:06:48.0774 5048 LanmanServer - ok 22:06:48.0816 5048 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 22:06:48.0819 5048 LanmanWorkstation - ok 22:06:48.0864 5048 [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 22:06:48.0864 5048 LHidFilt - ok 22:06:48.0931 5048 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 22:06:48.0932 5048 LightScribeService - ok 22:06:48.0963 5048 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 22:06:48.0964 5048 lltdio - ok 22:06:49.0014 5048 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll 22:06:49.0016 5048 lltdsvc - ok 22:06:49.0047 5048 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll 22:06:49.0048 5048 lmhosts - ok 22:06:49.0063 5048 [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 22:06:49.0064 5048 LMouFilt - ok 22:06:49.0092 5048 [ 1572F8D999C0AB4376AFDCE058A78DF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 22:06:49.0093 5048 LSI_FC - ok 22:06:49.0109 5048 [ 64470979C3E3C9FF60EDFB5230C56E0E ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 22:06:49.0110 5048 LSI_SAS - ok 22:06:49.0120 5048 [ 4CED7D3B54BFC5BBAE75C4A73C7F7428 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 22:06:49.0121 5048 LSI_SCSI - ok 22:06:49.0144 5048 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys 22:06:49.0146 5048 luafv - ok 22:06:49.0220 5048 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe 22:06:49.0223 5048 McciCMService - ok 22:06:49.0297 5048 [ 859E5A32485178DAECA06B52E2BB44B2 ] McciCMService64 C:\Program Files\Common Files\Motive\McciCMService.exe 22:06:49.0299 5048 McciCMService64 - ok 22:06:49.0415 5048 [ 8D11DA92F83D8C8281689739BEF05FD5 ] MCLIENT C:\Program Files (x86)\Norton Management\Engine\3.1.0.24\ccSvcHst.exe 22:06:49.0416 5048 MCLIENT - ok 22:06:49.0438 5048 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 22:06:49.0439 5048 Mcx2Svc - ok 22:06:49.0460 5048 [ 2F631C2939D5F2E8958935EE701D70D7 ] megasas C:\Windows\system32\drivers\megasas.sys 22:06:49.0461 5048 megasas - ok 22:06:49.0492 5048 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll 22:06:49.0493 5048 MMCSS - ok 22:06:49.0519 5048 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys 22:06:49.0520 5048 Modem - ok 22:06:49.0552 5048 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 22:06:49.0553 5048 monitor - ok 22:06:49.0556 5048 motandroidusb - ok 22:06:49.0582 5048 motccgp - ok 22:06:49.0586 5048 motccgpfl - ok 22:06:49.0591 5048 motmodem - ok 22:06:49.0595 5048 MotoSwitchService - ok 22:06:49.0600 5048 Motousbnet - ok 22:06:49.0604 5048 motusbdevice - ok 22:06:49.0644 5048 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 22:06:49.0645 5048 mouclass - ok 22:06:49.0664 5048 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 22:06:49.0665 5048 mouhid - ok 22:06:49.0694 5048 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 22:06:49.0695 5048 MountMgr - ok 22:06:49.0733 5048 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 22:06:49.0734 5048 MozillaMaintenance - ok 22:06:49.0770 5048 [ ED48EAC719EE28DB773359EB1B06E2B5 ] mpio C:\Windows\system32\drivers\mpio.sys 22:06:49.0771 5048 mpio - ok 22:06:49.0803 5048 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 22:06:49.0804 5048 mpsdrv - ok 22:06:49.0820 5048 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 22:06:49.0821 5048 Mraid35x - ok 22:06:49.0846 5048 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS 22:06:49.0847 5048 MREMP50 - ok 22:06:49.0849 5048 MREMP50a64 - ok 22:06:49.0853 5048 MREMPR5 - ok 22:06:49.0857 5048 MRENDIS5 - ok 22:06:49.0873 5048 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS 22:06:49.0873 5048 MRESP50 - ok 22:06:49.0876 5048 MRESP50a64 - ok 22:06:49.0915 5048 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 22:06:49.0916 5048 MRxDAV - ok 22:06:49.0942 5048 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 22:06:49.0943 5048 mrxsmb - ok 22:06:49.0987 5048 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:06:49.0989 5048 mrxsmb10 - ok 22:06:50.0027 5048 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:06:50.0028 5048 mrxsmb20 - ok 22:06:50.0040 5048 [ EEADF970795148BFBB1DB3ABCC89C16B ] msahci C:\Windows\system32\drivers\msahci.sys 22:06:50.0040 5048 msahci - ok 22:06:50.0060 5048 [ 96D7C0A1B98434C6E4FF0C2E26A0E20A ] msdsm C:\Windows\system32\drivers\msdsm.sys 22:06:50.0061 5048 msdsm - ok 22:06:50.0084 5048 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe 22:06:50.0086 5048 MSDTC - ok 22:06:50.0124 5048 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys 22:06:50.0124 5048 Msfs - ok 22:06:50.0151 5048 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 22:06:50.0151 5048 msisadrv - ok 22:06:50.0190 5048 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 22:06:50.0192 5048 MSiSCSI - ok 22:06:50.0195 5048 msiserver - ok 22:06:50.0237 5048 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 22:06:50.0237 5048 MSKSSRV - ok 22:06:50.0252 5048 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 22:06:50.0252 5048 MSPCLOCK - ok 22:06:50.0263 5048 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 22:06:50.0264 5048 MSPQM - ok 22:06:50.0293 5048 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 22:06:50.0295 5048 MsRPC - ok 22:06:50.0310 5048 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 22:06:50.0310 5048 mssmbios - ok 22:06:50.0343 5048 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 22:06:50.0343 5048 MSTEE - ok 22:06:50.0359 5048 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys 22:06:50.0360 5048 Mup - ok 22:06:50.0427 5048 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe 22:06:50.0428 5048 N360 - ok 22:06:50.0476 5048 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll 22:06:50.0479 5048 napagent - ok 22:06:50.0523 5048 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 22:06:50.0524 5048 NativeWifiP - ok 22:06:50.0588 5048 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120914.002\ENG64.SYS 22:06:50.0589 5048 NAVENG - ok 22:06:50.0671 5048 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120914.002\EX64.SYS 22:06:50.0680 5048 NAVEX15 - ok 22:06:50.0725 5048 [ 97DEFD7F4FBB7E149934AE103FBC790A ] NCPro C:\Windows\system32\drivers\MTictwl.sys 22:06:50.0726 5048 NCPro - ok 22:06:50.0772 5048 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys 22:06:50.0775 5048 NDIS - ok 22:06:50.0878 5048 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 22:06:50.0878 5048 NdisTapi - ok 22:06:51.0124 5048 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 22:06:51.0125 5048 Ndisuio - ok 22:06:51.0285 5048 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 22:06:51.0286 5048 NdisWan - ok 22:06:51.0340 5048 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 22:06:51.0341 5048 NDProxy - ok 22:06:51.0450 5048 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 22:06:51.0450 5048 NetBIOS - ok 22:06:51.0514 5048 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 22:06:51.0516 5048 netbt - ok 22:06:51.0527 5048 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe 22:06:51.0528 5048 Netlogon - ok 22:06:51.0728 5048 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll 22:06:51.0730 5048 Netman - ok 22:06:51.0869 5048 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll 22:06:51.0872 5048 netprofm - ok 22:06:52.0079 5048 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:06:52.0080 5048 NetTcpPortSharing - ok 22:06:52.0107 5048 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 22:06:52.0107 5048 nfrd960 - ok 22:06:52.0334 5048 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll 22:06:52.0337 5048 NlaSvc - ok 22:06:52.0545 5048 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys 22:06:52.0546 5048 NPF - ok 22:06:52.0578 5048 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys 22:06:52.0579 5048 Npfs - ok 22:06:52.0602 5048 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll 22:06:52.0604 5048 nsi - ok 22:06:52.0671 5048 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 22:06:52.0672 5048 nsiproxy - ok 22:06:53.0181 5048 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 22:06:53.0189 5048 Ntfs - ok 22:06:53.0309 5048 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys 22:06:53.0309 5048 Null - ok 22:06:55.0659 5048 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 22:06:55.0740 5048 nvlddmkm - ok 22:06:55.0875 5048 NVR0FLASHDev - ok 22:06:55.0912 5048 [ 840EEB44DC49317A6161961F7682CD99 ] nvraid C:\Windows\system32\drivers\nvraid.sys 22:06:55.0913 5048 nvraid - ok 22:06:56.0046 5048 [ 94C5334040A5D500897F4C5FD12AEEDE ] nvstor C:\Windows\system32\drivers\nvstor.sys 22:06:56.0047 5048 nvstor - ok 22:06:56.0216 5048 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe 22:06:56.0222 5048 nvsvc - ok 22:06:56.0557 5048 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 22:06:56.0564 5048 nvUpdatusService - ok 22:06:56.0583 5048 [ AA1B6C86A4763502E20B65C025F39BAD ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 22:06:56.0584 5048 nv_agp - ok 22:06:56.0588 5048 NwlnkFlt - ok 22:06:56.0592 5048 NwlnkFwd - ok 22:06:56.0662 5048 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 22:06:56.0663 5048 ohci1394 - ok 22:06:56.0971 5048 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll 22:06:56.0977 5048 p2pimsvc - ok 22:06:56.0991 5048 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll 22:06:56.0997 5048 p2psvc - ok 22:06:57.0095 5048 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys 22:06:57.0096 5048 Parport - ok 22:06:57.0252 5048 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys 22:06:57.0253 5048 partmgr - ok 22:06:57.0290 5048 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll 22:06:57.0292 5048 PcaSvc - ok 22:06:57.0394 5048 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe 22:06:57.0395 5048 PCCUJobMgr - ok 22:06:57.0447 5048 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys 22:06:57.0449 5048 pci - ok 22:06:57.0521 5048 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys 22:06:57.0521 5048 pciide - ok 22:06:57.0525 5048 PCLEPCI - ok 22:06:57.0552 5048 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 22:06:57.0553 5048 pcmcia - ok 22:06:57.0589 5048 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys 22:06:57.0594 5048 PEAUTH - ok 22:06:57.0692 5048 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe 22:06:57.0693 5048 PerfHost - ok 22:06:57.0897 5048 [ 0050E6BEC926C98AC6C16714FF1AD450 ] PinnacleMarvinAVS C:\Windows\system32\DRIVERS\MarvinAVS64.sys 22:06:57.0900 5048 PinnacleMarvinAVS - ok 22:06:58.0208 5048 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll 22:06:58.0217 5048 pla - ok 22:06:58.0307 5048 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 22:06:58.0310 5048 PlugPlay - ok 22:06:58.0333 5048 PnkBstrA - ok 22:06:58.0530 5048 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 22:06:58.0534 5048 PNRPAutoReg - ok 22:06:58.0573 5048 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll 22:06:58.0577 5048 PNRPsvc - ok 22:06:58.0659 5048 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 22:06:58.0662 5048 PolicyAgent - ok 22:06:58.0696 5048 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 22:06:58.0697 5048 PptpMiniport - ok 22:06:58.0742 5048 [ 6BC78E5F12CBB74E7930AAAA4A0DB387 ] Processor C:\Windows\system32\drivers\processr.sys 22:06:58.0742 5048 Processor - ok 22:06:59.0014 5048 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll 22:06:59.0017 5048 ProfSvc - ok 22:06:59.0033 5048 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe 22:06:59.0034 5048 ProtectedStorage - ok 22:06:59.0088 5048 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys 22:06:59.0089 5048 PSched - ok 22:06:59.0389 5048 [ 4A29D25704917161BAD9B4659A248DFD ] ql2300 C:\Windows\system32\drivers\ql2300.sys 22:06:59.0395 5048 ql2300 - ok 22:06:59.0418 5048 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 22:06:59.0419 5048 ql40xx - ok 22:06:59.0664 5048 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll 22:06:59.0666 5048 QWAVE - ok 22:06:59.0702 5048 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 22:06:59.0703 5048 QWAVEdrv - ok 22:06:59.0770 5048 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 22:06:59.0771 5048 RasAcd - ok 22:06:59.0940 5048 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll 22:06:59.0942 5048 RasAuto - ok 22:07:00.0047 5048 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 22:07:00.0048 5048 Rasl2tp - ok 22:07:00.0118 5048 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll 22:07:00.0121 5048 RasMan - ok 22:07:00.0327 5048 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 22:07:00.0328 5048 RasPppoe - ok 22:07:00.0439 5048 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 22:07:00.0440 5048 RasSstp - ok 22:07:00.0587 5048 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 22:07:00.0589 5048 rdbss - ok 22:07:00.0673 5048 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 22:07:00.0674 5048 RDPCDD - ok 22:07:00.0840 5048 [ 2D98DDA8EDCE73DF99854BF3692CCC87 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 22:07:00.0842 5048 rdpdr - ok 22:07:00.0846 5048 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 22:07:00.0847 5048 RDPENCDD - ok 22:07:00.0893 5048 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 22:07:00.0894 5048 RDPWD - ok 22:07:00.0994 5048 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll 22:07:00.0996 5048 RemoteAccess - ok 22:07:01.0140 5048 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll 22:07:01.0142 5048 RemoteRegistry - ok 22:07:01.0177 5048 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe 22:07:01.0178 5048 rpcapd - ok 22:07:01.0296 5048 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe 22:07:01.0297 5048 RpcLocator - ok 22:07:01.0449 5048 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll 22:07:01.0453 5048 RpcSs - ok 22:07:01.0503 5048 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 22:07:01.0504 5048 rspndr - ok 22:07:01.0592 5048 [ 269C9E8B59434C700482C363952D2C38 ] RTCore64 C:\Program Files (x86)\EVGA Precision X\RTCore64.sys 22:07:01.0593 5048 RTCore64 - ok 22:07:01.0685 5048 [ BFEB9C99AE9AE0C635AC1DC38A2B2F1D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys 22:07:01.0687 5048 RTL8169 - ok 22:07:01.0695 5048 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe 22:07:01.0696 5048 SamSs - ok 22:07:01.0722 5048 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 22:07:01.0723 5048 sbp2port - ok 22:07:01.0893 5048 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll 22:07:01.0895 5048 SCardSvr - ok 22:07:01.0994 5048 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll 22:07:02.0001 5048 Schedule - ok 22:07:02.0089 5048 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll 22:07:02.0090 5048 SCPolicySvc - ok 22:07:02.0243 5048 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll 22:07:02.0246 5048 SDRSVC - ok 22:07:02.0276 5048 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 22:07:02.0276 5048 secdrv - ok 22:07:02.0374 5048 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll 22:07:02.0376 5048 seclogon - ok 22:07:02.0536 5048 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll 22:07:02.0538 5048 SENS - ok 22:07:02.0618 5048 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys 22:07:02.0618 5048 Serenum - ok 22:07:02.0633 5048 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys 22:07:02.0634 5048 Serial - ok 22:07:02.0671 5048 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys 22:07:02.0672 5048 sermouse - ok 22:07:02.0768 5048 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll 22:07:02.0770 5048 SessionEnv - ok 22:07:02.0910 5048 [ 541B32F8D6B2DCB92EC43BAB267E79EA ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 22:07:02.0910 5048 sffdisk - ok 22:07:03.0003 5048 [ 446E7CCA3325C7E0AE0FDE7F73CDD9C2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 22:07:03.0004 5048 sffp_mmc - ok 22:07:03.0020 5048 [ 67EDC221348911E895AF51C57D9A3725 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 22:07:03.0020 5048 sffp_sd - ok 22:07:03.0028 5048 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 22:07:03.0029 5048 sfloppy - ok 22:07:03.0282 5048 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll 22:07:03.0285 5048 SharedAccess - ok 22:07:03.0384 5048 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 22:07:03.0388 5048 ShellHWDetection - ok 22:07:03.0415 5048 [ 08DDA16573FA44F8B13AFE74597AD2E5 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 22:07:03.0415 5048 SiSRaid2 - ok 22:07:03.0483 5048 [ C52259E9DAAF3890D572D87FFEE0979E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 22:07:03.0484 5048 SiSRaid4 - ok 22:07:03.0764 5048 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe 22:07:03.0781 5048 slsvc - ok 22:07:03.0810 5048 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll 22:07:03.0813 5048 SLUINotify - ok 22:07:03.0848 5048 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys 22:07:03.0849 5048 Smb - ok 22:07:03.0878 5048 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe 22:07:03.0879 5048 SNMPTRAP - ok 22:07:03.0912 5048 [ 7455ED832A33FEF453407F5411C3342D ] speedfan C:\Windows\syswow64\speedfan.sys 22:07:03.0913 5048 speedfan - ok 22:07:03.0946 5048 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys 22:07:03.0947 5048 spldr - ok 22:07:03.0980 5048 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe 22:07:03.0983 5048 Spooler - ok 22:07:04.0021 5048 [ A15860E920B02C9A7CE8F3A6C2FF1E3A ] sptd C:\Windows\System32\Drivers\sptd.sys 22:07:04.0025 5048 sptd - ok 22:07:04.0124 5048 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0603000.00E\SRTSP64.SYS 22:07:04.0128 5048 SRTSP - ok 22:07:04.0160 5048 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0603000.00E\SRTSPX64.SYS 22:07:04.0160 5048 SRTSPX - ok 22:07:04.0201 5048 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys 22:07:04.0203 5048 srv - ok 22:07:04.0231 5048 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 22:07:04.0232 5048 srv2 - ok 22:07:04.0265 5048 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 22:07:04.0265 5048 srvnet - ok 22:07:04.0293 5048 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 22:07:04.0295 5048 SSDPSRV - ok 22:07:04.0327 5048 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll 22:07:04.0329 5048 SstpSvc - ok 22:07:04.0344 5048 Steam Client Service - ok 22:07:04.0415 5048 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 22:07:04.0417 5048 Stereo Service - ok 22:07:04.0461 5048 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll 22:07:04.0464 5048 stisvc - ok 22:07:04.0495 5048 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys 22:07:04.0495 5048 swenum - ok 22:07:04.0535 5048 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll 22:07:04.0540 5048 swprv - ok 22:07:04.0566 5048 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 22:07:04.0567 5048 Symc8xx - ok 22:07:04.0606 5048 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS 22:07:04.0609 5048 SymDS - ok 22:07:04.0653 5048 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS 22:07:04.0659 5048 SymEFA - ok 22:07:04.0689 5048 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 22:07:04.0690 5048 SymEvent - ok 22:07:04.0719 5048 [ B681D1B0F9596684225DCC9B94C6BACF ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys 22:07:04.0720 5048 SymIM - ok 22:07:04.0755 5048 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS 22:07:04.0756 5048 SymIRON - ok 22:07:04.0796 5048 [ A25FEE245C78804601D83431386A0BEE ] SYMTDIv C:\Windows\System32\Drivers\N360x64\0603000.00E\SYMTDIV.SYS 22:07:04.0799 5048 SYMTDIv - ok 22:07:04.0825 5048 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 22:07:04.0826 5048 Sym_hi - ok 22:07:04.0845 5048 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 22:07:04.0845 5048 Sym_u3 - ok 22:07:04.0887 5048 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll 22:07:04.0894 5048 SysMain - ok 22:07:04.0932 5048 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll 22:07:04.0935 5048 TabletInputService - ok 22:07:04.0984 5048 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll 22:07:04.0987 5048 TapiSrv - ok 22:07:05.0022 5048 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll 22:07:05.0024 5048 TBS - ok 22:07:05.0090 5048 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys 22:07:05.0099 5048 Tcpip - ok 22:07:05.0118 5048 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 22:07:05.0127 5048 Tcpip6 - ok 22:07:05.0154 5048 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 22:07:05.0155 5048 tcpipreg - ok 22:07:05.0198 5048 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 22:07:05.0199 5048 TDPIPE - ok 22:07:05.0204 5048 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 22:07:05.0204 5048 TDTCP - ok 22:07:05.0303 5048 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 22:07:05.0304 5048 tdx - ok 22:07:05.0343 5048 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 22:07:05.0344 5048 TermDD - ok 22:07:05.0391 5048 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll 22:07:05.0396 5048 TermService - ok 22:07:05.0408 5048 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll 22:07:05.0411 5048 Themes - ok 22:07:05.0439 5048 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll 22:07:05.0441 5048 THREADORDER - ok 22:07:05.0466 5048 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll 22:07:05.0469 5048 TrkWks - ok 22:07:05.0519 5048 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 22:07:05.0519 5048 TrustedInstaller - ok 22:07:05.0525 5048 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 22:07:05.0525 5048 tssecsrv - ok 22:07:05.0549 5048 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 22:07:05.0550 5048 tunmp - ok 22:07:05.0579 5048 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 22:07:05.0580 5048 tunnel - ok 22:07:05.0623 5048 [ E4722DFBD6232ACF17543EF2C2DCE8D2 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 22:07:05.0624 5048 uagp35 - ok 22:07:05.0661 5048 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 22:07:05.0663 5048 udfs - ok 22:07:05.0707 5048 [ 0FB030C397E97811CA141355541C8F41 ] UGURU C:\Windows\system32\drivers\uGuru.sys 22:07:05.0707 5048 UGURU - ok 22:07:05.0740 5048 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe 22:07:05.0742 5048 UI0Detect - ok 22:07:05.0770 5048 [ 5663D7696ABBE71F8C9D915C5374118A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 22:07:05.0771 5048 uliagpkx - ok 22:07:05.0811 5048 [ 6030B68E86A30D1B315B51C4D7778B16 ] uliahci C:\Windows\system32\drivers\uliahci.sys 22:07:05.0813 5048 uliahci - ok 22:07:05.0840 5048 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys 22:07:05.0841 5048 UlSata - ok 22:07:05.0882 5048 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 22:07:05.0884 5048 ulsata2 - ok 22:07:05.0925 5048 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 22:07:05.0926 5048 umbus - ok 22:07:05.0967 5048 [ 01ABE05C401E70795B43A8933B44831E ] UMPass C:\Windows\system32\DRIVERS\umpass.sys 22:07:05.0968 5048 UMPass - ok 22:07:06.0010 5048 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll 22:07:06.0014 5048 upnphost - ok 22:07:06.0063 5048 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 22:07:06.0063 5048 USBAAPL64 - ok 22:07:06.0091 5048 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 22:07:06.0092 5048 usbaudio - ok 22:07:06.0140 5048 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 22:07:06.0141 5048 usbccgp - ok 22:07:06.0163 5048 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys 22:07:06.0164 5048 usbcir - ok 22:07:06.0180 5048 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 22:07:06.0181 5048 usbehci - ok 22:07:06.0198 5048 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 22:07:06.0200 5048 usbhub - ok 22:07:06.0215 5048 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys 22:07:06.0216 5048 usbohci - ok 22:07:06.0232 5048 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 22:07:06.0232 5048 usbprint - ok 22:07:06.0266 5048 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 22:07:06.0266 5048 usbscan - ok 22:07:06.0287 5048 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:07:06.0288 5048 USBSTOR - ok 22:07:06.0316 5048 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 22:07:06.0316 5048 usbuhci - ok 22:07:06.0346 5048 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll 22:07:06.0348 5048 UxSms - ok 22:07:06.0390 5048 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe 22:07:06.0395 5048 vds - ok 22:07:06.0428 5048 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 22:07:06.0429 5048 vga - ok 22:07:06.0433 5048 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys 22:07:06.0434 5048 VgaSave - ok 22:07:06.0451 5048 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys 22:07:06.0452 5048 viaide - ok 22:07:06.0467 5048 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys 22:07:06.0468 5048 volmgr - ok 22:07:06.0498 5048 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 22:07:06.0501 5048 volmgrx - ok 22:07:06.0531 5048 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys 22:07:06.0533 5048 volsnap - ok 22:07:06.0553 5048 [ 410AE2C141142C58BC617FC2C677F8B0 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 22:07:06.0554 5048 vsmraid - ok 22:07:06.0608 5048 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe 22:07:06.0618 5048 VSS - ok 22:07:06.0682 5048 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll 22:07:06.0686 5048 W32Time - ok 22:07:06.0699 5048 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 22:07:06.0700 5048 WacomPen - ok 22:07:06.0726 5048 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 22:07:06.0726 5048 Wanarp - ok 22:07:06.0730 5048 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 22:07:06.0731 5048 Wanarpv6 - ok 22:07:06.0750 5048 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll 22:07:06.0755 5048 wcncsvc - ok 22:07:06.0777 5048 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 22:07:06.0779 5048 WcsPlugInService - ok 22:07:06.0792 5048 [ 59B501B0A04C9672142B7FFA2BDBF663 ] Wd C:\Windows\system32\drivers\wd.sys 22:07:06.0793 5048 Wd - ok 22:07:06.0833 5048 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 22:07:06.0839 5048 Wdf01000 - ok 22:07:06.0874 5048 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll 22:07:06.0876 5048 WdiServiceHost - ok 22:07:06.0880 5048 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll 22:07:06.0882 5048 WdiSystemHost - ok 22:07:06.0896 5048 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll 22:07:06.0898 5048 WebClient - ok 22:07:06.0962 5048 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll 22:07:06.0965 5048 Wecsvc - ok 22:07:06.0976 5048 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll 22:07:06.0978 5048 wercplsupport - ok 22:07:07.0010 5048 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll 22:07:07.0013 5048 WerSvc - ok 22:07:07.0071 5048 [ BF2A954160CB155DF0DF433929E9102B ] Winflash C:\Program Files (x86)\U-ABIT\FlashMenu\WinFlash64.sys 22:07:07.0071 5048 Winflash - ok 22:07:07.0074 5048 WinHttpAutoProxySvc - ok 22:07:07.0129 5048 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 22:07:07.0131 5048 Winmgmt - ok 22:07:07.0268 5048 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Users\Daddy\Documents\Computer Utilities\RealTemp_2.87\WinRing0x64.sys 22:07:07.0268 5048 WinRing0_1_2_0 - ok 22:07:07.0336 5048 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll 22:07:07.0353 5048 WinRM - ok 22:07:07.0422 5048 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll 22:07:07.0426 5048 Wlansvc - ok 22:07:07.0526 5048 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 22:07:07.0527 5048 wlcrasvc - ok 22:07:07.0632 5048 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 22:07:07.0641 5048 wlidsvc - ok 22:07:07.0662 5048 [ AE34218455D5DC12D1E45DE85F160346 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 22:07:07.0663 5048 WmiAcpi - ok 22:07:07.0690 5048 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 22:07:07.0692 5048 wmiApSrv - ok 22:07:07.0724 5048 WMPNetworkSvc - ok 22:07:07.0754 5048 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll 22:07:07.0756 5048 WPCSvc - ok 22:07:07.0799 5048 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 22:07:07.0802 5048 WPDBusEnum - ok 22:07:07.0834 5048 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 22:07:07.0835 5048 WpdUsb - ok 22:07:07.0970 5048 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe 22:07:07.0976 5048 WPFFontCache_v0400 - ok 22:07:08.0012 5048 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 22:07:08.0013 5048 ws2ifsl - ok 22:07:08.0016 5048 WSearch - ok 22:07:08.0094 5048 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 22:07:08.0109 5048 wuauserv - ok 22:07:08.0167 5048 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 22:07:08.0168 5048 WUDFRd - ok 22:07:08.0201 5048 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll 22:07:08.0203 5048 wudfsvc - ok 22:07:08.0283 5048 [ DA1C23F65EF1894AB5B6FF79D81F544A ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys 22:07:08.0288 5048 xnacc - ok 22:07:08.0329 5048 [ 47AEA795C67B7440E60D1F7542CB3D38 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys 22:07:08.0330 5048 xusb21 - ok 22:07:08.0336 5048 ================ Scan global =============================== 22:07:08.0384 5048 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll 22:07:08.0426 5048 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll 22:07:08.0437 5048 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll 22:07:08.0488 5048 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe 22:07:08.0491 5048 [Global] - ok 22:07:08.0491 5048 ================ Scan MBR ================================== 22:07:08.0502 5048 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 22:07:08.0712 5048 \Device\Harddisk0\DR0 - ok 22:07:08.0712 5048 ================ Scan VBR ================================== 22:07:08.0714 5048 [ 32845E0F1D454BCA0298C6FB92AC0F08 ] \Device\Harddisk0\DR0\Partition1 22:07:08.0715 5048 \Device\Harddisk0\DR0\Partition1 - ok 22:07:08.0716 5048 ============================================================ 22:07:08.0716 5048 Scan finished 22:07:08.0716 5048 ============================================================ 22:07:08.0723 4944 Detected object count: 0 22:07:08.0723 4944 Actual detected object count: 0 22:07:18.0698 4756 Deinitialize success
  13. Thank you for your help. It's greatly appreciated. 1. Backup Registry with ERUNT - Done 2. Show all files - Done 3. Disable Norton 360 - Done 3a. Run MBAM Chameleon - Done The first button worked. Since it ran I assumed I didn't need to run the remaining buttons. If this was a mistake please let me know. It didn't find anything so it didn't prompt for a re-start. I restarted anyhow and ran another quick scan. Here is the log: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.14.07 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Daddy :: RODGERS-PC [administrator] 9/14/2012 7:38:28 PM mbam-log-2012-09-14 (19-38-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 371317 Time elapsed: 4 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) 4. Run Tigzy's RogueKiller - Done (closed after scan without attempting to fix anything) RogueKiller V8.0.3 [09/13/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : Daddy [Admin rights] Mode : Scan -- Date : 09/14/2012 19:47:38 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD501LJ ATA Device +++++ --- User --- [MBR] c6f1105b2a50a4ddcdd3d4f94c30559c [bSP] 8bee6f9577d1195b1651f3ad024f3a0e : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  14. Hi, I was made aware of the issue last night when my wife told me she couldn't access pictures in the public folder of our computer. Everything has been normal from my own experience but I checked it out and she was right. I went into the network and sharing center and for all options but the media sharing I get the message "The specified service does not exist as an installed service" when I try to turn them on (they're all off, except the media sharing). I asked her when she first noticed the problem and she said more than a week, but less than a month. I let malwarebytes run last night before I went to bed and it didn't get any hits. I'm really not sure if this is malware related or windows related so apologies if I'm barking up the wrong tree. DDS.txt below and Attach.txt attached. Thanks in advance for your attention. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22 Run by Daddy at 9:05:48 on 2012-09-12 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.5787 [GMT -4:00] . AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe C:\Program Files (x86)\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe C:\Windows\System32\wpcumi.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Logitech\SetPoint II\SetPointII.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchProtocolHost.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Daddy\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uStart Page = hxxp://www.google.com/ig uInternet Settings,ProxyOverride = *.local;192.168.*.*;<local> mSearchAssistant = about:blank uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Calorie Count Plus Toolbar: {a057a204-bacc-4d26-dfc4-6bae8bad3dc9} - C:\PROGRA~2\ccptb\ccptb.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll TB: Calorie Count Plus Toolbar: {a057a204-bacc-4d26-dfc4-6bae8bad3dc9} - C:\PROGRA~2\ccptb\ccptb.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun: [Conime] %windir%\system32\conime.exe mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files (x86)\Logitech\SetPoint II\SetPointII.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll LSP: C:\Windows\system32\wpclsp.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: mcleancont.com\citrix Trusted Zone: soe.com Trusted Zone: sony.com DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.26.0.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40236.725474537 DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab TCP: DhcpNameServer = 192.168.1.1 71.252.0.12 TCP: Interfaces\{39C63FB6-02E5-47FE-B86F-9AA44F31660C} : DhcpNameServer = 192.168.1.1 71.252.0.12 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll BHO-X64: Norton Identity Protection - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Calorie Count Plus Toolbar: {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - C:\PROGRA~2\ccptb\ccptb.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll TB-X64: Calorie Count Plus Toolbar: {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - C:\PROGRA~2\ccptb\ccptb.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll TB-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun-x64: [Conime] %windir%\system32\conime.exe mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\qm5g6rc1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q= FF - prefs.js: network.proxy.type - 0 FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_3_6\components\coFFPlgn.dll FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll FF - plugin: C:\Program Files (x86)\Dyyno\Dyyno Player\npvlc.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Daddy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Users\Daddy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Daddy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120905.001\BHDrvx64.sys [2012-8-31 1385120] R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\system32\drivers\MCLIENTx64\0201020.00D\ccSetx64.sys --> C:\Windows\system32\drivers\MCLIENTx64\0201020.00D\ccSetx64.sys [?] R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [?] R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120911.001\IDSviA64.sys [2012-9-11 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [?] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0603000.00E\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0603000.00E\SYMTDIV.SYS [?] R1 UGURU;UGURU;C:\Windows\system32\drivers\uGuru.sys --> C:\Windows\system32\drivers\uGuru.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-11 21504] R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-8-21 8704] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-9-5 393648] R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-9-17 517632] R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe [2012-4-28 138232] R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccsvchst.exe [2012-8-15 138272] R2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys --> C:\Windows\system32\drivers\npf.sys [?] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-12 1262400] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe [2010-8-24 126392] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272] R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\system32\DRIVERS\AmdLLD64.sys --> C:\Windows\system32\DRIVERS\AmdLLD64.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912] R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2012-6-29 15176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate1c9a41bad056cd3;Google Update Service (gupdate1c9a41bad056cd3);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-3-13 133104] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 250568] S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-3-13 133104] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-4 129976] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-4-11 19968] S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;C:\Windows\system32\DRIVERS\MarvinAVS64.sys --> C:\Windows\system32\DRIVERS\MarvinAVS64.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Daddy\Documents\Computer Utilities\RealTemp_2.87\WinRing0x64.sys [2008-7-26 14544] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-17 89920] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* .scr=AutoCADScriptFile . =============== Created Last 30 ================ . 2012-09-12 12:59:34 -------- d-----w- C:\Users\Daddy\AppData\Local\{19FA9E90-07E7-4262-BD44-570F46E89F31} 2012-09-05 10:11:22 -------- d-----w- C:\Users\Daddy\AppData\Local\{57F24FA5-6F5D-4297-8240-BE1CD2C9144D} 2012-09-03 20:48:01 -------- d-----w- C:\Program Files\Realtek 2012-09-03 20:48:00 -------- d-----w- C:\Windows\SysWow64\RTCOM 2012-09-02 17:29:16 -------- d-----w- C:\Users\Daddy\AppData\Local\Motorola 2012-09-02 17:28:24 -------- d-----w- C:\Users\Daddy\AppData\Roaming\Motorola Mobility 2012-09-02 17:27:54 -------- d-----w- C:\Program Files (x86)\Motorola Mobility 2012-09-01 17:37:29 -------- d-----w- C:\Users\Daddy\AppData\Local\{418F8885-4FE1-408A-B90D-9537524FA9F3} 2012-08-31 18:12:36 -------- d-----w- C:\Users\Daddy\AppData\Local\{E4916322-22DC-4B88-864D-F2F57F602A06} 2012-08-23 19:06:28 39424 ----a-w- C:\Windows\System32\drivers\AmdLLD64.sys 2012-08-23 19:06:26 -------- d-----w- C:\Program Files (x86)\AMD 2012-08-23 15:05:35 -------- d-----w- C:\Users\Daddy\AppData\Local\{36823A00-5521-4646-9F17-A3442FBD94C9} 2012-08-22 16:10:09 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls 2012-08-21 19:52:37 -------- d-----w- C:\ProgramData\Hi-Rez Studios 2012-08-21 19:52:20 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios 2012-08-20 22:44:15 -------- d-----w- C:\Users\Daddy\AppData\Local\{7C7A8F9C-5A04-4737-9272-2F582ED2A214} 2012-08-15 09:45:55 788480 ----a-w- C:\Windows\System32\localspl.dll 2012-08-15 09:45:54 623616 ----a-w- C:\Windows\SysWow64\localspl.dll 2012-08-15 04:11:24 445560 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\symtdiv.sys 2012-08-15 04:11:24 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\symnets.sys 2012-08-15 04:11:23 1129120 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\symefa64.sys 2012-08-15 04:11:22 737952 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\srtsp64.sys 2012-08-15 04:11:22 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\symds64.sys 2012-08-15 04:11:22 37536 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\srtspx64.sys 2012-08-15 04:11:22 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\ironx64.sys 2012-08-15 04:11:22 167072 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\ccsetx64.sys 2012-08-15 04:10:51 -------- d-----w- C:\Windows\System32\drivers\N360x64\0603000.00E 2012-08-15 03:38:15 -------- d-----w- C:\Users\Daddy\AppData\Local\{E591B837-392F-4D25-8C7A-0E7BE0E6FFC0} 2012-08-15 03:37:54 -------- d-----w- C:\Users\Daddy\AppData\Local\{1FC08993-C8FC-4A38-9BCD-2568EE2F70FB} 2012-08-14 23:20:02 9232584 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe . ==================== Find3M ==================== . 2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-03 20:46:43 525792 ----a-w- C:\Windows\DIFxAPI.dll 2012-09-02 17:45:17 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp 2012-08-23 03:12:37 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-23 03:12:37 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-08 22:11:33 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-07-08 22:11:33 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-07-04 14:33:06 2769408 ----a-w- C:\Windows\System32\win32k.sys 2012-07-03 22:18:09 560184 ----a-w- C:\Windows\System32\drivers\sptd.sys 2012-07-02 00:27:58 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-07-02 00:27:57 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-06-28 03:28:35 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-28 03:21:17 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-28 03:20:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-28 03:16:25 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-28 03:12:35 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-28 00:27:12 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-28 00:19:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-28 00:18:16 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-28 00:12:08 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-28 00:07:44 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-25 20:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll 2012-06-19 20:54:20 4065296 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys 2012-06-14 17:43:32 5096448 ----a-w- C:\Windows\System32\RCoRes64.dat . ============= FINISH: 9:06:25.21 =============== Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.