Jump to content

Specified Service Does Not Exist as an Installed Service


Hemi425HP

Recommended Posts

Hi,

I was made aware of the issue last night when my wife told me she couldn't access pictures in the public folder of our computer. Everything has been normal from my own experience but I checked it out and she was right. I went into the network and sharing center and for all options but the media sharing I get the message "The specified service does not exist as an installed service" when I try to turn them on (they're all off, except the media sharing). I asked her when she first noticed the problem and she said more than a week, but less than a month. I let malwarebytes run last night before I went to bed and it didn't get any hits. I'm really not sure if this is malware related or windows related so apologies if I'm barking up the wrong tree.

DDS.txt below and Attach.txt attached. Thanks in advance for your attention.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22

Run by Daddy at 9:05:48 on 2012-09-12

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.5787 [GMT -4:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe

C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe

C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe

C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe

C:\Windows\System32\wpcumi.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Logitech\SetPoint II\SetPointII.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Daddy\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uStart Page = hxxp://www.google.com/ig

uInternet Settings,ProxyOverride = *.local;192.168.*.*;<local>

mSearchAssistant = about:blank

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Calorie Count Plus Toolbar: {a057a204-bacc-4d26-dfc4-6bae8bad3dc9} - C:\PROGRA~2\ccptb\ccptb.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll

TB: Calorie Count Plus Toolbar: {a057a204-bacc-4d26-dfc4-6bae8bad3dc9} - C:\PROGRA~2\ccptb\ccptb.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll

TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [Conime] %windir%\system32\conime.exe

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files (x86)\Logitech\SetPoint II\SetPointII.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

LSP: C:\Windows\system32\wpclsp.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: mcleancont.com\citrix

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.26.0.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40236.725474537

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab

TCP: DhcpNameServer = 192.168.1.1 71.252.0.12

TCP: Interfaces\{39C63FB6-02E5-47FE-B86F-9AA44F31660C} : DhcpNameServer = 192.168.1.1 71.252.0.12

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Calorie Count Plus Toolbar: {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - C:\PROGRA~2\ccptb\ccptb.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll

TB-X64: Calorie Count Plus Toolbar: {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - C:\PROGRA~2\ccptb\ccptb.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll

TB-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun-x64: [Conime] %windir%\system32\conime.exe

mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\qm5g6rc1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=

FF - prefs.js: network.proxy.type - 0

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_3_6\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll

FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll

FF - plugin: C:\Program Files (x86)\Dyyno\Dyyno Player\npvlc.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll

FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Daddy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Users\Daddy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Daddy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120905.001\BHDrvx64.sys [2012-8-31 1385120]

R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\system32\drivers\MCLIENTx64\0201020.00D\ccSetx64.sys --> C:\Windows\system32\drivers\MCLIENTx64\0201020.00D\ccSetx64.sys [?]

R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [?]

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120911.001\IDSviA64.sys [2012-9-11 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [?]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0603000.00E\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0603000.00E\SYMTDIV.SYS [?]

R1 UGURU;UGURU;C:\Windows\system32\drivers\uGuru.sys --> C:\Windows\system32\drivers\uGuru.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-11 21504]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-8-21 8704]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-9-5 393648]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-9-17 517632]

R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe [2012-4-28 138232]

R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccsvchst.exe [2012-8-15 138272]

R2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys --> C:\Windows\system32\drivers\npf.sys [?]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-12 1262400]

R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe [2010-8-24 126392]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\system32\DRIVERS\AmdLLD64.sys --> C:\Windows\system32\DRIVERS\AmdLLD64.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912]

R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2012-6-29 15176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate1c9a41bad056cd3;Google Update Service (gupdate1c9a41bad056cd3);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-3-13 133104]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 250568]

S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-3-13 133104]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-4 129976]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-4-11 19968]

S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;C:\Windows\system32\DRIVERS\MarvinAVS64.sys --> C:\Windows\system32\DRIVERS\MarvinAVS64.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Daddy\Documents\Computer Utilities\RealTemp_2.87\WinRing0x64.sys [2008-7-26 14544]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-17 89920]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.scr=AutoCADScriptFile

.

=============== Created Last 30 ================

.

2012-09-12 12:59:34 -------- d-----w- C:\Users\Daddy\AppData\Local\{19FA9E90-07E7-4262-BD44-570F46E89F31}

2012-09-05 10:11:22 -------- d-----w- C:\Users\Daddy\AppData\Local\{57F24FA5-6F5D-4297-8240-BE1CD2C9144D}

2012-09-03 20:48:01 -------- d-----w- C:\Program Files\Realtek

2012-09-03 20:48:00 -------- d-----w- C:\Windows\SysWow64\RTCOM

2012-09-02 17:29:16 -------- d-----w- C:\Users\Daddy\AppData\Local\Motorola

2012-09-02 17:28:24 -------- d-----w- C:\Users\Daddy\AppData\Roaming\Motorola Mobility

2012-09-02 17:27:54 -------- d-----w- C:\Program Files (x86)\Motorola Mobility

2012-09-01 17:37:29 -------- d-----w- C:\Users\Daddy\AppData\Local\{418F8885-4FE1-408A-B90D-9537524FA9F3}

2012-08-31 18:12:36 -------- d-----w- C:\Users\Daddy\AppData\Local\{E4916322-22DC-4B88-864D-F2F57F602A06}

2012-08-23 19:06:28 39424 ----a-w- C:\Windows\System32\drivers\AmdLLD64.sys

2012-08-23 19:06:26 -------- d-----w- C:\Program Files (x86)\AMD

2012-08-23 15:05:35 -------- d-----w- C:\Users\Daddy\AppData\Local\{36823A00-5521-4646-9F17-A3442FBD94C9}

2012-08-22 16:10:09 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls

2012-08-21 19:52:37 -------- d-----w- C:\ProgramData\Hi-Rez Studios

2012-08-21 19:52:20 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios

2012-08-20 22:44:15 -------- d-----w- C:\Users\Daddy\AppData\Local\{7C7A8F9C-5A04-4737-9272-2F582ED2A214}

2012-08-15 09:45:55 788480 ----a-w- C:\Windows\System32\localspl.dll

2012-08-15 09:45:54 623616 ----a-w- C:\Windows\SysWow64\localspl.dll

2012-08-15 04:11:24 445560 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\symtdiv.sys

2012-08-15 04:11:24 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\symnets.sys

2012-08-15 04:11:23 1129120 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\symefa64.sys

2012-08-15 04:11:22 737952 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\srtsp64.sys

2012-08-15 04:11:22 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\symds64.sys

2012-08-15 04:11:22 37536 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\srtspx64.sys

2012-08-15 04:11:22 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\ironx64.sys

2012-08-15 04:11:22 167072 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\ccsetx64.sys

2012-08-15 04:10:51 -------- d-----w- C:\Windows\System32\drivers\N360x64\0603000.00E

2012-08-15 03:38:15 -------- d-----w- C:\Users\Daddy\AppData\Local\{E591B837-392F-4D25-8C7A-0E7BE0E6FFC0}

2012-08-15 03:37:54 -------- d-----w- C:\Users\Daddy\AppData\Local\{1FC08993-C8FC-4A38-9BCD-2568EE2F70FB}

2012-08-14 23:20:02 9232584 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

.

==================== Find3M ====================

.

2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-03 20:46:43 525792 ----a-w- C:\Windows\DIFxAPI.dll

2012-09-02 17:45:17 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp

2012-08-23 03:12:37 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-23 03:12:37 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-08 22:11:33 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-07-08 22:11:33 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-07-04 14:33:06 2769408 ----a-w- C:\Windows\System32\win32k.sys

2012-07-03 22:18:09 560184 ----a-w- C:\Windows\System32\drivers\sptd.sys

2012-07-02 00:27:58 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-07-02 00:27:57 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-28 03:28:35 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-28 03:21:17 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-28 03:20:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-28 03:16:25 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-28 03:12:35 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-28 00:27:12 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-28 00:19:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-28 00:18:16 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-28 00:12:08 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-28 00:07:44 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-25 20:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll

2012-06-19 20:54:20 4065296 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys

2012-06-14 17:43:32 5096448 ----a-w- C:\Windows\System32\RCoRes64.dat

.

============= FINISH: 9:06:25.21 ===============

Attach.txt

Link to post
Share on other sites

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT by doing a Right-Click on it & select Run As Admisnistrator

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

  1. Close any/all open internet browsers. Save any open documents you have open & close programs you started.
  2. Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware Chameleon
    On Windows 7, press Windows-key, then start typing in text box
Malwarebytes[code] then select/click [b]Malwarebytes Anti-Malware Chameleon[/b]
Once the Help file opens, click on a [b]Chameleon[/b] button (starting with #1)
If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.
You should see a black Command-prompt-window that remains open and says [b]MBAM-chameleon ver. 1.6[/b] at the top
Press any key to continue as it says in the window {space-bar will do}
If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).
Have infinite patience during this process
Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
Once the update completes and it says your database is updated, click on [b]OK[/b] button so that process can continue :excl:
Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
Once the scan is complete, click on [b]Show Results[/b] and remove any threats that are found by clicking [b]Remove Selected[/b]
If prompted to restart your computer to complete the removal process, click [b]Yes[/b] :excl:
If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.
After your computer restarts, open [b]Malwarebytes Anti-Malware[/b] and perform one last Quick scan to verify that there are no remaining threats

Reply with copy of the MBAM scan log for review.

NEXT:

  • Download & SAVE to your Desktop [b]>> Tigzy's RogueKillerfrom here <<[/b] or
    [b]>> from here <<[/b]
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on [b]Scan[/b] button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on [b]Report[/b] and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller

Link to post
Share on other sites

Thank you for your help. It's greatly appreciated.

1. Backup Registry with ERUNT - Done

2. Show all files - Done

3. Disable Norton 360 - Done

3a. Run MBAM Chameleon - Done

The first button worked. Since it ran I assumed I didn't need to run the remaining buttons. If this was a mistake please let me know. It didn't find anything so it didn't prompt for a re-start. I restarted anyhow and ran another quick scan. Here is the log:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.14.07

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Daddy :: RODGERS-PC [administrator]

9/14/2012 7:38:28 PM

mbam-log-2012-09-14 (19-38-28).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 371317

Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

4. Run Tigzy's RogueKiller - Done (closed after scan without attempting to fix anything)

RogueKiller V8.0.3 [09/13/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User : Daddy [Admin rights]

Mode : Scan -- Date : 09/14/2012 19:47:38

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD501LJ ATA Device +++++

--- User ---

[MBR] c6f1105b2a50a4ddcdd3d4f94c30559c

[bSP] 8bee6f9577d1195b1651f3ad024f3a0e : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Follow-up by doing the following: Take your time, do each step, and post the log as you go along at the conclusion of each step.

Step 1

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
  • Then press the Delete button.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

Step 2

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Now, temporarily disable your Norton360 so that it does not interfere.

Please close any of your open windows/programs and exit; saving any open work you have.

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %ALLUSERSPROFILE%\Application Data\*.dll /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %APPDATA%\*.dll /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.exe
    themeui.dll
    beep.sys
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    c:|services.ex;true;true;true; /FP
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of just OTL.txt

Step 4

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

Re-enable your Norton360.

Edited by Maurice Naggar
Link to post
Share on other sites

Step 1 - RogueKiller (After Delete)

RogueKiller V8.0.3 [09/13/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User : Daddy [Admin rights]

Mode : Scan -- Date : 09/14/2012 22:05:45

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD501LJ ATA Device +++++

--- User ---

[MBR] c6f1105b2a50a4ddcdd3d4f94c30559c

[bSP] 8bee6f9577d1195b1651f3ad024f3a0e : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Step 2 - tdsskiller

22:06:27.0547 5112 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

22:06:27.0880 5112 ============================================================

22:06:27.0880 5112 Current date / time: 2012/09/14 22:06:27.0880

22:06:27.0880 5112 SystemInfo:

22:06:27.0880 5112

22:06:27.0880 5112 OS Version: 6.0.6002 ServicePack: 2.0

22:06:27.0880 5112 Product type: Workstation

22:06:27.0880 5112 ComputerName: RODGERS-PC

22:06:27.0880 5112 UserName: Daddy

22:06:27.0880 5112 Windows directory: C:\Windows

22:06:27.0881 5112 System windows directory: C:\Windows

22:06:27.0881 5112 Running under WOW64

22:06:27.0881 5112 Processor architecture: Intel x64

22:06:27.0881 5112 Number of processors: 4

22:06:27.0881 5112 Page size: 0x1000

22:06:27.0881 5112 Boot type: Normal boot

22:06:27.0881 5112 ============================================================

22:06:29.0144 5112 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:06:29.0149 5112 ============================================================

22:06:29.0149 5112 \Device\Harddisk0\DR0:

22:06:29.0149 5112 MBR partitions:

22:06:29.0149 5112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000

22:06:29.0149 5112 ============================================================

22:06:29.0185 5112 C: <-> \Device\Harddisk0\DR0\Partition1

22:06:29.0186 5112 ============================================================

22:06:29.0186 5112 Initialize success

22:06:29.0186 5112 ============================================================

22:06:37.0980 5048 ============================================================

22:06:37.0980 5048 Scan started

22:06:37.0980 5048 Mode: Manual;

22:06:37.0980 5048 ============================================================

22:06:40.0315 5048 ================ Scan system memory ========================

22:06:40.0315 5048 System memory - ok

22:06:40.0316 5048 ================ Scan services =============================

22:06:40.0840 5048 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys

22:06:40.0842 5048 ACPI - ok

22:06:41.0184 5048 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

22:06:41.0184 5048 AdobeARMservice - ok

22:06:41.0382 5048 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

22:06:41.0383 5048 AdobeFlashPlayerUpdateSvc - ok

22:06:41.0439 5048 [ 9137451D37BA1C325CD6C2DEF3D2D692 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

22:06:41.0442 5048 adp94xx - ok

22:06:41.0485 5048 [ 01F80898DF5CC7DF19B3B11351846263 ] adpahci C:\Windows\system32\drivers\adpahci.sys

22:06:41.0487 5048 adpahci - ok

22:06:41.0558 5048 [ DA001DB13FFF45DFE9109936E265B7CC ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

22:06:41.0560 5048 adpu160m - ok

22:06:41.0692 5048 [ 2B10C35C5B7C5C0C28F572E035319602 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

22:06:41.0694 5048 adpu320 - ok

22:06:41.0741 5048 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

22:06:41.0741 5048 AeLookupSvc - ok

22:06:41.0780 5048 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys

22:06:41.0782 5048 AFD - ok

22:06:41.0802 5048 [ 5CCDD13BC602AE33CD8B62D33C29AB72 ] agp440 C:\Windows\system32\drivers\agp440.sys

22:06:41.0803 5048 agp440 - ok

22:06:41.0835 5048 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys

22:06:41.0836 5048 aic78xx - ok

22:06:41.0863 5048 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe

22:06:41.0864 5048 ALG - ok

22:06:41.0875 5048 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys

22:06:41.0876 5048 aliide - ok

22:06:42.0229 5048 ALSysIO - ok

22:06:42.0241 5048 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys

22:06:42.0242 5048 amdide - ok

22:06:42.0297 5048 [ DE55DC52F7CEB89A967572D6B491ADA2 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

22:06:42.0297 5048 AmdK8 - ok

22:06:42.0335 5048 [ F5761675DA9D15D7AE0E40907A8F4404 ] AmdLLD64 C:\Windows\system32\DRIVERS\AmdLLD64.sys

22:06:42.0336 5048 AmdLLD64 - ok

22:06:42.0417 5048 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll

22:06:42.0418 5048 Appinfo - ok

22:06:42.0671 5048 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

22:06:42.0672 5048 Apple Mobile Device - ok

22:06:42.0717 5048 [ 2E8623F2FED998A97129A3DB919551C8 ] arc C:\Windows\system32\drivers\arc.sys

22:06:42.0717 5048 arc - ok

22:06:42.0756 5048 [ 741A003C041A3EC480A2E71AF71E9654 ] arcsas C:\Windows\system32\drivers\arcsas.sys

22:06:42.0757 5048 arcsas - ok

22:06:42.0816 5048 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

22:06:42.0817 5048 AsyncMac - ok

22:06:42.0862 5048 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys

22:06:42.0863 5048 atapi - ok

22:06:42.0917 5048 [ B07E6681D303A612680223C729B021E2 ] ATITool C:\Windows\system32\DRIVERS\ATITool64.sys

22:06:42.0917 5048 ATITool - ok

22:06:42.0953 5048 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

22:06:42.0956 5048 AudioEndpointBuilder - ok

22:06:43.0088 5048 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll

22:06:43.0091 5048 AudioSrv - ok

22:06:43.0177 5048 [ 32A5DEFDDC3562BF89D73586F5915B34 ] Autodesk Licensing Service C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

22:06:43.0178 5048 Autodesk Licensing Service - ok

22:06:43.0641 5048 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120905.001\BHDrvx64.sys

22:06:43.0649 5048 BHDrvx64 - ok

22:06:43.0740 5048 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll

22:06:43.0749 5048 BITS - ok

22:06:43.0754 5048 blbdrive - ok

22:06:43.0866 5048 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

22:06:43.0869 5048 Bonjour Service - ok

22:06:43.0897 5048 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

22:06:43.0898 5048 bowser - ok

22:06:43.0925 5048 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

22:06:43.0925 5048 BrFiltLo - ok

22:06:43.0936 5048 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

22:06:43.0936 5048 BrFiltUp - ok

22:06:43.0969 5048 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll

22:06:43.0970 5048 Browser - ok

22:06:43.0994 5048 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys

22:06:43.0995 5048 Brserid - ok

22:06:44.0015 5048 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

22:06:44.0016 5048 BrSerWdm - ok

22:06:44.0029 5048 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

22:06:44.0030 5048 BrUsbMdm - ok

22:06:44.0048 5048 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

22:06:44.0049 5048 BrUsbSer - ok

22:06:44.0058 5048 BTCFilterService - ok

22:06:44.0130 5048 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

22:06:44.0130 5048 BTHMODEM - ok

22:06:44.0214 5048 [ A5C13600F63EB92F8D15123D64BA9895 ] ccSet_MCLIENT C:\Windows\system32\drivers\MCLIENTx64\0301000.018\ccSetx64.sys

22:06:44.0215 5048 ccSet_MCLIENT - ok

22:06:44.0301 5048 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys

22:06:44.0302 5048 ccSet_N360 - ok

22:06:44.0334 5048 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

22:06:44.0335 5048 cdfs - ok

22:06:44.0364 5048 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

22:06:44.0365 5048 cdrom - ok

22:06:44.0409 5048 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll

22:06:44.0410 5048 CertPropSvc - ok

22:06:44.0426 5048 [ F28F00596824058BC61D5EDF434C9B82 ] circlass C:\Windows\system32\drivers\circlass.sys

22:06:44.0427 5048 circlass - ok

22:06:44.0462 5048 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys

22:06:44.0464 5048 CLFS - ok

22:06:44.0523 5048 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:06:44.0524 5048 clr_optimization_v2.0.50727_32 - ok

22:06:44.0564 5048 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

22:06:44.0565 5048 clr_optimization_v2.0.50727_64 - ok

22:06:44.0660 5048 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:06:44.0661 5048 clr_optimization_v4.0.30319_32 - ok

22:06:44.0690 5048 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

22:06:44.0691 5048 clr_optimization_v4.0.30319_64 - ok

22:06:44.0733 5048 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys

22:06:44.0733 5048 cmdide - ok

22:06:44.0765 5048 [ 0E77A445640BF310817F60941C50560C ] Compbatt C:\Windows\system32\drivers\compbatt.sys

22:06:44.0765 5048 Compbatt - ok

22:06:44.0770 5048 COMSysApp - ok

22:06:44.0782 5048 [ B1192DCD5B9CF46BEED0E2A9E5BCF59A ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

22:06:44.0783 5048 crcdisk - ok

22:06:44.0813 5048 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll

22:06:44.0814 5048 CryptSvc - ok

22:06:44.0851 5048 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys

22:06:44.0852 5048 ctxusbm - ok

22:06:44.0929 5048 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll

22:06:44.0934 5048 DcomLaunch - ok

22:06:44.0988 5048 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

22:06:44.0989 5048 DfsC - ok

22:06:45.0092 5048 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe

22:06:45.0112 5048 DFSR - ok

22:06:45.0166 5048 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll

22:06:45.0168 5048 Dhcp - ok

22:06:45.0194 5048 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys

22:06:45.0195 5048 disk - ok

22:06:45.0230 5048 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll

22:06:45.0232 5048 Dnscache - ok

22:06:45.0262 5048 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll

22:06:45.0264 5048 dot3svc - ok

22:06:45.0309 5048 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll

22:06:45.0311 5048 DPS - ok

22:06:45.0345 5048 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

22:06:45.0345 5048 drmkaud - ok

22:06:45.0402 5048 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

22:06:45.0407 5048 DXGKrnl - ok

22:06:45.0443 5048 [ D57FE09B575545738A73A0C193D0616A ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys

22:06:45.0444 5048 E1G60 - ok

22:06:45.0469 5048 EagleX64 - ok

22:06:45.0497 5048 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll

22:06:45.0498 5048 EapHost - ok

22:06:45.0550 5048 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys

22:06:45.0551 5048 Ecache - ok

22:06:45.0626 5048 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

22:06:45.0629 5048 eeCtrl - ok

22:06:45.0701 5048 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe

22:06:45.0704 5048 ehRecvr - ok

22:06:45.0739 5048 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe

22:06:45.0740 5048 ehSched - ok

22:06:45.0787 5048 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll

22:06:45.0788 5048 ehstart - ok

22:06:45.0822 5048 [ 3D6298AFF3FE06C0616CE5D090A3EEAA ] elxstor C:\Windows\system32\drivers\elxstor.sys

22:06:45.0824 5048 elxstor - ok

22:06:45.0882 5048 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll

22:06:45.0885 5048 EMDMgmt - ok

22:06:45.0912 5048 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

22:06:45.0913 5048 EraserUtilRebootDrv - ok

22:06:45.0962 5048 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll

22:06:45.0965 5048 EventSystem - ok

22:06:45.0993 5048 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys

22:06:45.0995 5048 exfat - ok

22:06:46.0039 5048 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys

22:06:46.0040 5048 fastfat - ok

22:06:46.0065 5048 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

22:06:46.0065 5048 fdc - ok

22:06:46.0101 5048 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll

22:06:46.0102 5048 fdPHost - ok

22:06:46.0139 5048 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll

22:06:46.0140 5048 FDResPub - ok

22:06:46.0150 5048 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

22:06:46.0151 5048 FileInfo - ok

22:06:46.0174 5048 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys

22:06:46.0174 5048 Filetrace - ok

22:06:46.0201 5048 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

22:06:46.0202 5048 flpydisk - ok

22:06:46.0232 5048 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

22:06:46.0234 5048 FltMgr - ok

22:06:46.0324 5048 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll

22:06:46.0328 5048 FontCache - ok

22:06:46.0374 5048 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

22:06:46.0374 5048 FontCache3.0.0.0 - ok

22:06:46.0416 5048 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

22:06:46.0417 5048 fssfltr - ok

22:06:46.0524 5048 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

22:06:46.0532 5048 fsssvc - ok

22:06:46.0576 5048 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

22:06:46.0576 5048 Fs_Rec - ok

22:06:46.0602 5048 [ B54520CC7B4B55134D7527B1CD3FC1F2 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

22:06:46.0603 5048 gagp30kx - ok

22:06:46.0652 5048 [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

22:06:46.0652 5048 GEARAspiWDM - ok

22:06:46.0722 5048 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll

22:06:46.0728 5048 gpsvc - ok

22:06:46.0842 5048 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9a41bad056cd3 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:06:46.0843 5048 gupdate1c9a41bad056cd3 - ok

22:06:46.0863 5048 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:06:46.0864 5048 gupdatem - ok

22:06:46.0909 5048 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

22:06:46.0910 5048 gusvc - ok

22:06:46.0951 5048 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

22:06:46.0952 5048 HdAudAddService - ok

22:06:47.0036 5048 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

22:06:47.0042 5048 HDAudBus - ok

22:06:47.0110 5048 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys

22:06:47.0110 5048 HidBth - ok

22:06:47.0128 5048 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys

22:06:47.0129 5048 HidIr - ok

22:06:47.0165 5048 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll

22:06:47.0166 5048 hidserv - ok

22:06:47.0193 5048 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

22:06:47.0194 5048 HidUsb - ok

22:06:47.0231 5048 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll

22:06:47.0233 5048 hkmsvc - ok

22:06:47.0260 5048 [ 8EDC820115DF1E04763B2923676EA5B2 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

22:06:47.0261 5048 HpCISSs - ok

22:06:47.0292 5048 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys

22:06:47.0296 5048 HTTP - ok

22:06:47.0312 5048 [ F2901763845570ECAC48E6A50EC50812 ] i2omp C:\Windows\system32\drivers\i2omp.sys

22:06:47.0313 5048 i2omp - ok

22:06:47.0344 5048 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

22:06:47.0345 5048 i8042prt - ok

22:06:47.0378 5048 [ 72C3EE7EA3CD75A772E62AE0E5DF8B8C ] iaStorV C:\Windows\system32\drivers\iastorv.sys

22:06:47.0381 5048 iaStorV - ok

22:06:47.0466 5048 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

22:06:47.0467 5048 IDriverT - ok

22:06:47.0531 5048 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

22:06:47.0535 5048 idsvc - ok

22:06:47.0630 5048 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120914.001\IDSvia64.sys

22:06:47.0633 5048 IDSVia64 - ok

22:06:47.0647 5048 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys

22:06:47.0648 5048 iirsp - ok

22:06:47.0718 5048 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll

22:06:47.0722 5048 IKEEXT - ok

22:06:47.0831 5048 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

22:06:47.0854 5048 IntcAzAudAddService - ok

22:06:47.0882 5048 [ 36A266C673812878996F72B200203FBB ] intelide C:\Windows\system32\drivers\intelide.sys

22:06:47.0883 5048 intelide - ok

22:06:47.0907 5048 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

22:06:47.0907 5048 intelppm - ok

22:06:47.0943 5048 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

22:06:47.0944 5048 IPBusEnum - ok

22:06:47.0982 5048 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:06:47.0982 5048 IpFilterDriver - ok

22:06:47.0986 5048 IpInIp - ok

22:06:48.0006 5048 [ EACDBBE429C6D170BDEEE0EFFCBC317B ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

22:06:48.0007 5048 IPMIDRV - ok

22:06:48.0032 5048 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

22:06:48.0033 5048 IPNAT - ok

22:06:48.0099 5048 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

22:06:48.0104 5048 iPod Service - ok

22:06:48.0148 5048 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys

22:06:48.0149 5048 IRENUM - ok

22:06:48.0171 5048 [ D3BB520B31F28C1A065CD058E762EE73 ] isapnp C:\Windows\system32\drivers\isapnp.sys

22:06:48.0172 5048 isapnp - ok

22:06:48.0238 5048 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

22:06:48.0239 5048 iScsiPrt - ok

22:06:48.0286 5048 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

22:06:48.0286 5048 iteatapi - ok

22:06:48.0310 5048 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys

22:06:48.0310 5048 iteraid - ok

22:06:48.0349 5048 [ 50B9060D11C4C2AAEBACB2263972EFF2 ] JRAID C:\Windows\system32\DRIVERS\jraid.sys

22:06:48.0350 5048 JRAID - ok

22:06:48.0378 5048 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

22:06:48.0379 5048 kbdclass - ok

22:06:48.0405 5048 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

22:06:48.0405 5048 kbdhid - ok

22:06:48.0434 5048 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe

22:06:48.0436 5048 KeyIso - ok

22:06:48.0567 5048 [ 3D1E2D4A75BB4230B0CEE140B5585DCD ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

22:06:48.0570 5048 Kodak AiO Network Discovery Service - ok

22:06:48.0604 5048 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

22:06:48.0607 5048 KSecDD - ok

22:06:48.0681 5048 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

22:06:48.0682 5048 ksthunk - ok

22:06:48.0729 5048 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll

22:06:48.0733 5048 KtmRm - ok

22:06:48.0772 5048 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll

22:06:48.0774 5048 LanmanServer - ok

22:06:48.0816 5048 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

22:06:48.0819 5048 LanmanWorkstation - ok

22:06:48.0864 5048 [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys

22:06:48.0864 5048 LHidFilt - ok

22:06:48.0931 5048 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

22:06:48.0932 5048 LightScribeService - ok

22:06:48.0963 5048 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

22:06:48.0964 5048 lltdio - ok

22:06:49.0014 5048 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll

22:06:49.0016 5048 lltdsvc - ok

22:06:49.0047 5048 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll

22:06:49.0048 5048 lmhosts - ok

22:06:49.0063 5048 [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys

22:06:49.0064 5048 LMouFilt - ok

22:06:49.0092 5048 [ 1572F8D999C0AB4376AFDCE058A78DF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

22:06:49.0093 5048 LSI_FC - ok

22:06:49.0109 5048 [ 64470979C3E3C9FF60EDFB5230C56E0E ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

22:06:49.0110 5048 LSI_SAS - ok

22:06:49.0120 5048 [ 4CED7D3B54BFC5BBAE75C4A73C7F7428 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

22:06:49.0121 5048 LSI_SCSI - ok

22:06:49.0144 5048 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys

22:06:49.0146 5048 luafv - ok

22:06:49.0220 5048 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

22:06:49.0223 5048 McciCMService - ok

22:06:49.0297 5048 [ 859E5A32485178DAECA06B52E2BB44B2 ] McciCMService64 C:\Program Files\Common Files\Motive\McciCMService.exe

22:06:49.0299 5048 McciCMService64 - ok

22:06:49.0415 5048 [ 8D11DA92F83D8C8281689739BEF05FD5 ] MCLIENT C:\Program Files (x86)\Norton Management\Engine\3.1.0.24\ccSvcHst.exe

22:06:49.0416 5048 MCLIENT - ok

22:06:49.0438 5048 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

22:06:49.0439 5048 Mcx2Svc - ok

22:06:49.0460 5048 [ 2F631C2939D5F2E8958935EE701D70D7 ] megasas C:\Windows\system32\drivers\megasas.sys

22:06:49.0461 5048 megasas - ok

22:06:49.0492 5048 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll

22:06:49.0493 5048 MMCSS - ok

22:06:49.0519 5048 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys

22:06:49.0520 5048 Modem - ok

22:06:49.0552 5048 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

22:06:49.0553 5048 monitor - ok

22:06:49.0556 5048 motandroidusb - ok

22:06:49.0582 5048 motccgp - ok

22:06:49.0586 5048 motccgpfl - ok

22:06:49.0591 5048 motmodem - ok

22:06:49.0595 5048 MotoSwitchService - ok

22:06:49.0600 5048 Motousbnet - ok

22:06:49.0604 5048 motusbdevice - ok

22:06:49.0644 5048 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

22:06:49.0645 5048 mouclass - ok

22:06:49.0664 5048 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

22:06:49.0665 5048 mouhid - ok

22:06:49.0694 5048 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

22:06:49.0695 5048 MountMgr - ok

22:06:49.0733 5048 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

22:06:49.0734 5048 MozillaMaintenance - ok

22:06:49.0770 5048 [ ED48EAC719EE28DB773359EB1B06E2B5 ] mpio C:\Windows\system32\drivers\mpio.sys

22:06:49.0771 5048 mpio - ok

22:06:49.0803 5048 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

22:06:49.0804 5048 mpsdrv - ok

22:06:49.0820 5048 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

22:06:49.0821 5048 Mraid35x - ok

22:06:49.0846 5048 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS

22:06:49.0847 5048 MREMP50 - ok

22:06:49.0849 5048 MREMP50a64 - ok

22:06:49.0853 5048 MREMPR5 - ok

22:06:49.0857 5048 MRENDIS5 - ok

22:06:49.0873 5048 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS

22:06:49.0873 5048 MRESP50 - ok

22:06:49.0876 5048 MRESP50a64 - ok

22:06:49.0915 5048 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

22:06:49.0916 5048 MRxDAV - ok

22:06:49.0942 5048 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

22:06:49.0943 5048 mrxsmb - ok

22:06:49.0987 5048 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:06:49.0989 5048 mrxsmb10 - ok

22:06:50.0027 5048 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:06:50.0028 5048 mrxsmb20 - ok

22:06:50.0040 5048 [ EEADF970795148BFBB1DB3ABCC89C16B ] msahci C:\Windows\system32\drivers\msahci.sys

22:06:50.0040 5048 msahci - ok

22:06:50.0060 5048 [ 96D7C0A1B98434C6E4FF0C2E26A0E20A ] msdsm C:\Windows\system32\drivers\msdsm.sys

22:06:50.0061 5048 msdsm - ok

22:06:50.0084 5048 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe

22:06:50.0086 5048 MSDTC - ok

22:06:50.0124 5048 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys

22:06:50.0124 5048 Msfs - ok

22:06:50.0151 5048 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

22:06:50.0151 5048 msisadrv - ok

22:06:50.0190 5048 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

22:06:50.0192 5048 MSiSCSI - ok

22:06:50.0195 5048 msiserver - ok

22:06:50.0237 5048 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

22:06:50.0237 5048 MSKSSRV - ok

22:06:50.0252 5048 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

22:06:50.0252 5048 MSPCLOCK - ok

22:06:50.0263 5048 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

22:06:50.0264 5048 MSPQM - ok

22:06:50.0293 5048 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

22:06:50.0295 5048 MsRPC - ok

22:06:50.0310 5048 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

22:06:50.0310 5048 mssmbios - ok

22:06:50.0343 5048 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

22:06:50.0343 5048 MSTEE - ok

22:06:50.0359 5048 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys

22:06:50.0360 5048 Mup - ok

22:06:50.0427 5048 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe

22:06:50.0428 5048 N360 - ok

22:06:50.0476 5048 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll

22:06:50.0479 5048 napagent - ok

22:06:50.0523 5048 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

22:06:50.0524 5048 NativeWifiP - ok

22:06:50.0588 5048 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120914.002\ENG64.SYS

22:06:50.0589 5048 NAVENG - ok

22:06:50.0671 5048 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120914.002\EX64.SYS

22:06:50.0680 5048 NAVEX15 - ok

22:06:50.0725 5048 [ 97DEFD7F4FBB7E149934AE103FBC790A ] NCPro C:\Windows\system32\drivers\MTictwl.sys

22:06:50.0726 5048 NCPro - ok

22:06:50.0772 5048 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys

22:06:50.0775 5048 NDIS - ok

22:06:50.0878 5048 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

22:06:50.0878 5048 NdisTapi - ok

22:06:51.0124 5048 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

22:06:51.0125 5048 Ndisuio - ok

22:06:51.0285 5048 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

22:06:51.0286 5048 NdisWan - ok

22:06:51.0340 5048 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

22:06:51.0341 5048 NDProxy - ok

22:06:51.0450 5048 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

22:06:51.0450 5048 NetBIOS - ok

22:06:51.0514 5048 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

22:06:51.0516 5048 netbt - ok

22:06:51.0527 5048 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe

22:06:51.0528 5048 Netlogon - ok

22:06:51.0728 5048 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll

22:06:51.0730 5048 Netman - ok

22:06:51.0869 5048 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll

22:06:51.0872 5048 netprofm - ok

22:06:52.0079 5048 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:06:52.0080 5048 NetTcpPortSharing - ok

22:06:52.0107 5048 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

22:06:52.0107 5048 nfrd960 - ok

22:06:52.0334 5048 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll

22:06:52.0337 5048 NlaSvc - ok

22:06:52.0545 5048 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys

22:06:52.0546 5048 NPF - ok

22:06:52.0578 5048 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys

22:06:52.0579 5048 Npfs - ok

22:06:52.0602 5048 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll

22:06:52.0604 5048 nsi - ok

22:06:52.0671 5048 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

22:06:52.0672 5048 nsiproxy - ok

22:06:53.0181 5048 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

22:06:53.0189 5048 Ntfs - ok

22:06:53.0309 5048 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys

22:06:53.0309 5048 Null - ok

22:06:55.0659 5048 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

22:06:55.0740 5048 nvlddmkm - ok

22:06:55.0875 5048 NVR0FLASHDev - ok

22:06:55.0912 5048 [ 840EEB44DC49317A6161961F7682CD99 ] nvraid C:\Windows\system32\drivers\nvraid.sys

22:06:55.0913 5048 nvraid - ok

22:06:56.0046 5048 [ 94C5334040A5D500897F4C5FD12AEEDE ] nvstor C:\Windows\system32\drivers\nvstor.sys

22:06:56.0047 5048 nvstor - ok

22:06:56.0216 5048 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe

22:06:56.0222 5048 nvsvc - ok

22:06:56.0557 5048 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

22:06:56.0564 5048 nvUpdatusService - ok

22:06:56.0583 5048 [ AA1B6C86A4763502E20B65C025F39BAD ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

22:06:56.0584 5048 nv_agp - ok

22:06:56.0588 5048 NwlnkFlt - ok

22:06:56.0592 5048 NwlnkFwd - ok

22:06:56.0662 5048 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

22:06:56.0663 5048 ohci1394 - ok

22:06:56.0971 5048 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll

22:06:56.0977 5048 p2pimsvc - ok

22:06:56.0991 5048 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll

22:06:56.0997 5048 p2psvc - ok

22:06:57.0095 5048 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys

22:06:57.0096 5048 Parport - ok

22:06:57.0252 5048 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys

22:06:57.0253 5048 partmgr - ok

22:06:57.0290 5048 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll

22:06:57.0292 5048 PcaSvc - ok

22:06:57.0394 5048 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe

22:06:57.0395 5048 PCCUJobMgr - ok

22:06:57.0447 5048 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys

22:06:57.0449 5048 pci - ok

22:06:57.0521 5048 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys

22:06:57.0521 5048 pciide - ok

22:06:57.0525 5048 PCLEPCI - ok

22:06:57.0552 5048 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

22:06:57.0553 5048 pcmcia - ok

22:06:57.0589 5048 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys

22:06:57.0594 5048 PEAUTH - ok

22:06:57.0692 5048 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe

22:06:57.0693 5048 PerfHost - ok

22:06:57.0897 5048 [ 0050E6BEC926C98AC6C16714FF1AD450 ] PinnacleMarvinAVS C:\Windows\system32\DRIVERS\MarvinAVS64.sys

22:06:57.0900 5048 PinnacleMarvinAVS - ok

22:06:58.0208 5048 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll

22:06:58.0217 5048 pla - ok

22:06:58.0307 5048 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

22:06:58.0310 5048 PlugPlay - ok

22:06:58.0333 5048 PnkBstrA - ok

22:06:58.0530 5048 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

22:06:58.0534 5048 PNRPAutoReg - ok

22:06:58.0573 5048 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll

22:06:58.0577 5048 PNRPsvc - ok

22:06:58.0659 5048 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

22:06:58.0662 5048 PolicyAgent - ok

22:06:58.0696 5048 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

22:06:58.0697 5048 PptpMiniport - ok

22:06:58.0742 5048 [ 6BC78E5F12CBB74E7930AAAA4A0DB387 ] Processor C:\Windows\system32\drivers\processr.sys

22:06:58.0742 5048 Processor - ok

22:06:59.0014 5048 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll

22:06:59.0017 5048 ProfSvc - ok

22:06:59.0033 5048 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe

22:06:59.0034 5048 ProtectedStorage - ok

22:06:59.0088 5048 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys

22:06:59.0089 5048 PSched - ok

22:06:59.0389 5048 [ 4A29D25704917161BAD9B4659A248DFD ] ql2300 C:\Windows\system32\drivers\ql2300.sys

22:06:59.0395 5048 ql2300 - ok

22:06:59.0418 5048 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

22:06:59.0419 5048 ql40xx - ok

22:06:59.0664 5048 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll

22:06:59.0666 5048 QWAVE - ok

22:06:59.0702 5048 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

22:06:59.0703 5048 QWAVEdrv - ok

22:06:59.0770 5048 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

22:06:59.0771 5048 RasAcd - ok

22:06:59.0940 5048 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll

22:06:59.0942 5048 RasAuto - ok

22:07:00.0047 5048 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

22:07:00.0048 5048 Rasl2tp - ok

22:07:00.0118 5048 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll

22:07:00.0121 5048 RasMan - ok

22:07:00.0327 5048 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

22:07:00.0328 5048 RasPppoe - ok

22:07:00.0439 5048 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

22:07:00.0440 5048 RasSstp - ok

22:07:00.0587 5048 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

22:07:00.0589 5048 rdbss - ok

22:07:00.0673 5048 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

22:07:00.0674 5048 RDPCDD - ok

22:07:00.0840 5048 [ 2D98DDA8EDCE73DF99854BF3692CCC87 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

22:07:00.0842 5048 rdpdr - ok

22:07:00.0846 5048 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

22:07:00.0847 5048 RDPENCDD - ok

22:07:00.0893 5048 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

22:07:00.0894 5048 RDPWD - ok

22:07:00.0994 5048 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll

22:07:00.0996 5048 RemoteAccess - ok

22:07:01.0140 5048 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll

22:07:01.0142 5048 RemoteRegistry - ok

22:07:01.0177 5048 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe

22:07:01.0178 5048 rpcapd - ok

22:07:01.0296 5048 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe

22:07:01.0297 5048 RpcLocator - ok

22:07:01.0449 5048 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll

22:07:01.0453 5048 RpcSs - ok

22:07:01.0503 5048 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

22:07:01.0504 5048 rspndr - ok

22:07:01.0592 5048 [ 269C9E8B59434C700482C363952D2C38 ] RTCore64 C:\Program Files (x86)\EVGA Precision X\RTCore64.sys

22:07:01.0593 5048 RTCore64 - ok

22:07:01.0685 5048 [ BFEB9C99AE9AE0C635AC1DC38A2B2F1D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys

22:07:01.0687 5048 RTL8169 - ok

22:07:01.0695 5048 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe

22:07:01.0696 5048 SamSs - ok

22:07:01.0722 5048 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

22:07:01.0723 5048 sbp2port - ok

22:07:01.0893 5048 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll

22:07:01.0895 5048 SCardSvr - ok

22:07:01.0994 5048 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll

22:07:02.0001 5048 Schedule - ok

22:07:02.0089 5048 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll

22:07:02.0090 5048 SCPolicySvc - ok

22:07:02.0243 5048 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll

22:07:02.0246 5048 SDRSVC - ok

22:07:02.0276 5048 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

22:07:02.0276 5048 secdrv - ok

22:07:02.0374 5048 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll

22:07:02.0376 5048 seclogon - ok

22:07:02.0536 5048 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll

22:07:02.0538 5048 SENS - ok

22:07:02.0618 5048 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys

22:07:02.0618 5048 Serenum - ok

22:07:02.0633 5048 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys

22:07:02.0634 5048 Serial - ok

22:07:02.0671 5048 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys

22:07:02.0672 5048 sermouse - ok

22:07:02.0768 5048 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll

22:07:02.0770 5048 SessionEnv - ok

22:07:02.0910 5048 [ 541B32F8D6B2DCB92EC43BAB267E79EA ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

22:07:02.0910 5048 sffdisk - ok

22:07:03.0003 5048 [ 446E7CCA3325C7E0AE0FDE7F73CDD9C2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

22:07:03.0004 5048 sffp_mmc - ok

22:07:03.0020 5048 [ 67EDC221348911E895AF51C57D9A3725 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

22:07:03.0020 5048 sffp_sd - ok

22:07:03.0028 5048 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

22:07:03.0029 5048 sfloppy - ok

22:07:03.0282 5048 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll

22:07:03.0285 5048 SharedAccess - ok

22:07:03.0384 5048 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

22:07:03.0388 5048 ShellHWDetection - ok

22:07:03.0415 5048 [ 08DDA16573FA44F8B13AFE74597AD2E5 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

22:07:03.0415 5048 SiSRaid2 - ok

22:07:03.0483 5048 [ C52259E9DAAF3890D572D87FFEE0979E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

22:07:03.0484 5048 SiSRaid4 - ok

22:07:03.0764 5048 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe

22:07:03.0781 5048 slsvc - ok

22:07:03.0810 5048 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll

22:07:03.0813 5048 SLUINotify - ok

22:07:03.0848 5048 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys

22:07:03.0849 5048 Smb - ok

22:07:03.0878 5048 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe

22:07:03.0879 5048 SNMPTRAP - ok

22:07:03.0912 5048 [ 7455ED832A33FEF453407F5411C3342D ] speedfan C:\Windows\syswow64\speedfan.sys

22:07:03.0913 5048 speedfan - ok

22:07:03.0946 5048 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys

22:07:03.0947 5048 spldr - ok

22:07:03.0980 5048 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe

22:07:03.0983 5048 Spooler - ok

22:07:04.0021 5048 [ A15860E920B02C9A7CE8F3A6C2FF1E3A ] sptd C:\Windows\System32\Drivers\sptd.sys

22:07:04.0025 5048 sptd - ok

22:07:04.0124 5048 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0603000.00E\SRTSP64.SYS

22:07:04.0128 5048 SRTSP - ok

22:07:04.0160 5048 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0603000.00E\SRTSPX64.SYS

22:07:04.0160 5048 SRTSPX - ok

22:07:04.0201 5048 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys

22:07:04.0203 5048 srv - ok

22:07:04.0231 5048 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

22:07:04.0232 5048 srv2 - ok

22:07:04.0265 5048 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

22:07:04.0265 5048 srvnet - ok

22:07:04.0293 5048 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

22:07:04.0295 5048 SSDPSRV - ok

22:07:04.0327 5048 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll

22:07:04.0329 5048 SstpSvc - ok

22:07:04.0344 5048 Steam Client Service - ok

22:07:04.0415 5048 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

22:07:04.0417 5048 Stereo Service - ok

22:07:04.0461 5048 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll

22:07:04.0464 5048 stisvc - ok

22:07:04.0495 5048 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys

22:07:04.0495 5048 swenum - ok

22:07:04.0535 5048 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll

22:07:04.0540 5048 swprv - ok

22:07:04.0566 5048 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

22:07:04.0567 5048 Symc8xx - ok

22:07:04.0606 5048 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS

22:07:04.0609 5048 SymDS - ok

22:07:04.0653 5048 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS

22:07:04.0659 5048 SymEFA - ok

22:07:04.0689 5048 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

22:07:04.0690 5048 SymEvent - ok

22:07:04.0719 5048 [ B681D1B0F9596684225DCC9B94C6BACF ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys

22:07:04.0720 5048 SymIM - ok

22:07:04.0755 5048 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS

22:07:04.0756 5048 SymIRON - ok

22:07:04.0796 5048 [ A25FEE245C78804601D83431386A0BEE ] SYMTDIv C:\Windows\System32\Drivers\N360x64\0603000.00E\SYMTDIV.SYS

22:07:04.0799 5048 SYMTDIv - ok

22:07:04.0825 5048 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

22:07:04.0826 5048 Sym_hi - ok

22:07:04.0845 5048 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

22:07:04.0845 5048 Sym_u3 - ok

22:07:04.0887 5048 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll

22:07:04.0894 5048 SysMain - ok

22:07:04.0932 5048 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll

22:07:04.0935 5048 TabletInputService - ok

22:07:04.0984 5048 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll

22:07:04.0987 5048 TapiSrv - ok

22:07:05.0022 5048 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll

22:07:05.0024 5048 TBS - ok

22:07:05.0090 5048 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys

22:07:05.0099 5048 Tcpip - ok

22:07:05.0118 5048 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

22:07:05.0127 5048 Tcpip6 - ok

22:07:05.0154 5048 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

22:07:05.0155 5048 tcpipreg - ok

22:07:05.0198 5048 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

22:07:05.0199 5048 TDPIPE - ok

22:07:05.0204 5048 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

22:07:05.0204 5048 TDTCP - ok

22:07:05.0303 5048 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

22:07:05.0304 5048 tdx - ok

22:07:05.0343 5048 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

22:07:05.0344 5048 TermDD - ok

22:07:05.0391 5048 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll

22:07:05.0396 5048 TermService - ok

22:07:05.0408 5048 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll

22:07:05.0411 5048 Themes - ok

22:07:05.0439 5048 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll

22:07:05.0441 5048 THREADORDER - ok

22:07:05.0466 5048 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll

22:07:05.0469 5048 TrkWks - ok

22:07:05.0519 5048 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

22:07:05.0519 5048 TrustedInstaller - ok

22:07:05.0525 5048 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

22:07:05.0525 5048 tssecsrv - ok

22:07:05.0549 5048 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

22:07:05.0550 5048 tunmp - ok

22:07:05.0579 5048 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

22:07:05.0580 5048 tunnel - ok

22:07:05.0623 5048 [ E4722DFBD6232ACF17543EF2C2DCE8D2 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

22:07:05.0624 5048 uagp35 - ok

22:07:05.0661 5048 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

22:07:05.0663 5048 udfs - ok

22:07:05.0707 5048 [ 0FB030C397E97811CA141355541C8F41 ] UGURU C:\Windows\system32\drivers\uGuru.sys

22:07:05.0707 5048 UGURU - ok

22:07:05.0740 5048 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe

22:07:05.0742 5048 UI0Detect - ok

22:07:05.0770 5048 [ 5663D7696ABBE71F8C9D915C5374118A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

22:07:05.0771 5048 uliagpkx - ok

22:07:05.0811 5048 [ 6030B68E86A30D1B315B51C4D7778B16 ] uliahci C:\Windows\system32\drivers\uliahci.sys

22:07:05.0813 5048 uliahci - ok

22:07:05.0840 5048 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys

22:07:05.0841 5048 UlSata - ok

22:07:05.0882 5048 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

22:07:05.0884 5048 ulsata2 - ok

22:07:05.0925 5048 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

22:07:05.0926 5048 umbus - ok

22:07:05.0967 5048 [ 01ABE05C401E70795B43A8933B44831E ] UMPass C:\Windows\system32\DRIVERS\umpass.sys

22:07:05.0968 5048 UMPass - ok

22:07:06.0010 5048 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll

22:07:06.0014 5048 upnphost - ok

22:07:06.0063 5048 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

22:07:06.0063 5048 USBAAPL64 - ok

22:07:06.0091 5048 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

22:07:06.0092 5048 usbaudio - ok

22:07:06.0140 5048 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

22:07:06.0141 5048 usbccgp - ok

22:07:06.0163 5048 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys

22:07:06.0164 5048 usbcir - ok

22:07:06.0180 5048 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

22:07:06.0181 5048 usbehci - ok

22:07:06.0198 5048 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

22:07:06.0200 5048 usbhub - ok

22:07:06.0215 5048 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys

22:07:06.0216 5048 usbohci - ok

22:07:06.0232 5048 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

22:07:06.0232 5048 usbprint - ok

22:07:06.0266 5048 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

22:07:06.0266 5048 usbscan - ok

22:07:06.0287 5048 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:07:06.0288 5048 USBSTOR - ok

22:07:06.0316 5048 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

22:07:06.0316 5048 usbuhci - ok

22:07:06.0346 5048 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll

22:07:06.0348 5048 UxSms - ok

22:07:06.0390 5048 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe

22:07:06.0395 5048 vds - ok

22:07:06.0428 5048 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

22:07:06.0429 5048 vga - ok

22:07:06.0433 5048 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys

22:07:06.0434 5048 VgaSave - ok

22:07:06.0451 5048 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys

22:07:06.0452 5048 viaide - ok

22:07:06.0467 5048 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys

22:07:06.0468 5048 volmgr - ok

22:07:06.0498 5048 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

22:07:06.0501 5048 volmgrx - ok

22:07:06.0531 5048 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys

22:07:06.0533 5048 volsnap - ok

22:07:06.0553 5048 [ 410AE2C141142C58BC617FC2C677F8B0 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

22:07:06.0554 5048 vsmraid - ok

22:07:06.0608 5048 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe

22:07:06.0618 5048 VSS - ok

22:07:06.0682 5048 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll

22:07:06.0686 5048 W32Time - ok

22:07:06.0699 5048 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

22:07:06.0700 5048 WacomPen - ok

22:07:06.0726 5048 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

22:07:06.0726 5048 Wanarp - ok

22:07:06.0730 5048 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

22:07:06.0731 5048 Wanarpv6 - ok

22:07:06.0750 5048 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll

22:07:06.0755 5048 wcncsvc - ok

22:07:06.0777 5048 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

22:07:06.0779 5048 WcsPlugInService - ok

22:07:06.0792 5048 [ 59B501B0A04C9672142B7FFA2BDBF663 ] Wd C:\Windows\system32\drivers\wd.sys

22:07:06.0793 5048 Wd - ok

22:07:06.0833 5048 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

22:07:06.0839 5048 Wdf01000 - ok

22:07:06.0874 5048 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll

22:07:06.0876 5048 WdiServiceHost - ok

22:07:06.0880 5048 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll

22:07:06.0882 5048 WdiSystemHost - ok

22:07:06.0896 5048 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll

22:07:06.0898 5048 WebClient - ok

22:07:06.0962 5048 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll

22:07:06.0965 5048 Wecsvc - ok

22:07:06.0976 5048 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll

22:07:06.0978 5048 wercplsupport - ok

22:07:07.0010 5048 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll

22:07:07.0013 5048 WerSvc - ok

22:07:07.0071 5048 [ BF2A954160CB155DF0DF433929E9102B ] Winflash C:\Program Files (x86)\U-ABIT\FlashMenu\WinFlash64.sys

22:07:07.0071 5048 Winflash - ok

22:07:07.0074 5048 WinHttpAutoProxySvc - ok

22:07:07.0129 5048 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

22:07:07.0131 5048 Winmgmt - ok

22:07:07.0268 5048 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Users\Daddy\Documents\Computer Utilities\RealTemp_2.87\WinRing0x64.sys

22:07:07.0268 5048 WinRing0_1_2_0 - ok

22:07:07.0336 5048 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll

22:07:07.0353 5048 WinRM - ok

22:07:07.0422 5048 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll

22:07:07.0426 5048 Wlansvc - ok

22:07:07.0526 5048 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

22:07:07.0527 5048 wlcrasvc - ok

22:07:07.0632 5048 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

22:07:07.0641 5048 wlidsvc - ok

22:07:07.0662 5048 [ AE34218455D5DC12D1E45DE85F160346 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

22:07:07.0663 5048 WmiAcpi - ok

22:07:07.0690 5048 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

22:07:07.0692 5048 wmiApSrv - ok

22:07:07.0724 5048 WMPNetworkSvc - ok

22:07:07.0754 5048 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll

22:07:07.0756 5048 WPCSvc - ok

22:07:07.0799 5048 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

22:07:07.0802 5048 WPDBusEnum - ok

22:07:07.0834 5048 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

22:07:07.0835 5048 WpdUsb - ok

22:07:07.0970 5048 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

22:07:07.0976 5048 WPFFontCache_v0400 - ok

22:07:08.0012 5048 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

22:07:08.0013 5048 ws2ifsl - ok

22:07:08.0016 5048 WSearch - ok

22:07:08.0094 5048 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

22:07:08.0109 5048 wuauserv - ok

22:07:08.0167 5048 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

22:07:08.0168 5048 WUDFRd - ok

22:07:08.0201 5048 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll

22:07:08.0203 5048 wudfsvc - ok

22:07:08.0283 5048 [ DA1C23F65EF1894AB5B6FF79D81F544A ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys

22:07:08.0288 5048 xnacc - ok

22:07:08.0329 5048 [ 47AEA795C67B7440E60D1F7542CB3D38 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys

22:07:08.0330 5048 xusb21 - ok

22:07:08.0336 5048 ================ Scan global ===============================

22:07:08.0384 5048 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll

22:07:08.0426 5048 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll

22:07:08.0437 5048 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll

22:07:08.0488 5048 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe

22:07:08.0491 5048 [Global] - ok

22:07:08.0491 5048 ================ Scan MBR ==================================

22:07:08.0502 5048 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

22:07:08.0712 5048 \Device\Harddisk0\DR0 - ok

22:07:08.0712 5048 ================ Scan VBR ==================================

22:07:08.0714 5048 [ 32845E0F1D454BCA0298C6FB92AC0F08 ] \Device\Harddisk0\DR0\Partition1

22:07:08.0715 5048 \Device\Harddisk0\DR0\Partition1 - ok

22:07:08.0716 5048 ============================================================

22:07:08.0716 5048 Scan finished

22:07:08.0716 5048 ============================================================

22:07:08.0723 4944 Detected object count: 0

22:07:08.0723 4944 Actual detected object count: 0

22:07:18.0698 4756 Deinitialize success

Link to post
Share on other sites

Step 3 - OTL.exe (very long so will be 2 posts)

OTL logfile created on: 9/14/2012 10:09:43 PM - Run 2

OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\Daddy\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.76 Gb Available Physical Memory | 72.07% Memory free

16.05 Gb Paging File | 14.00 Gb Available in Paging File | 87.23% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 64.87 Gb Free Space | 13.93% Space Free | Partition Type: NTFS

Computer Name: RODGERS-PC | User Name: Daddy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/14 21:37:16 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Daddy\Desktop\OTL.exe

PRC - [2012/08/18 13:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Management\Engine\3.1.0.24\ccSvcHst.exe

PRC - [2012/06/29 16:41:52 | 000,553,800 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe

PRC - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccsvchst.exe

PRC - [2012/05/20 23:45:26 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011/09/05 17:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2010/10/12 17:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

PRC - [2010/10/12 17:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/30 00:18:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTMUI.dll

MOD - [2012/06/30 00:18:04 | 000,335,872 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTHAL.dll

MOD - [2012/06/30 00:17:48 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTCore.dll

MOD - [2012/06/30 00:17:40 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTUI.dll

MOD - [2012/06/30 00:17:34 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTFC.dll

MOD - [2012/06/29 16:41:52 | 000,553,800 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe

MOD - [2011/05/01 02:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTTSH.dll

========== Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2012/08/23 14:53:33 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/08/22 23:12:37 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/08/18 13:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Management\Engine\3.1.0.24\ccSvcHst.exe -- (MCLIENT)

SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe -- (N360)

SRV - [2012/06/04 20:52:18 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/05/20 23:45:26 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011/09/05 17:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe -- (PCCUJobMgr)

SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/25 23:33:08 | 000,077,944 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/06 13:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MCLIENTx64\0301000.018\ccSetx64.sys -- (ccSet_MCLIENT)

DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SRTSPX64.SYS -- (SRTSPX)

DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\0603000.00E\SRTSP64.SYS -- (SRTSP)

DRV:64bit: - [2012/07/03 18:18:09 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)

DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccSetx64.sys -- (ccSet_N360)

DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SYMEFA64.SYS -- (SymEFA)

DRV:64bit: - [2012/04/28 07:34:26 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/17 18:46:01 | 000,445,560 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0603000.00E\SYMTDIV.SYS -- (SYMTDIv)

DRV:64bit: - [2012/01/17 18:46:00 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)

DRV:64bit: - [2012/01/17 18:45:55 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SYMDS64.SYS -- (SymDS)

DRV:64bit: - [2012/01/17 18:35:24 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Ironx64.SYS -- (SymIRON)

DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/07/14 12:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ctxusbm.sys -- (ctxusbm)

DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2009/11/16 04:13:26 | 000,271,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/06/17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009/06/17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2008/01/19 02:30:09 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)

DRV:64bit: - [2007/08/28 17:04:20 | 000,067,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)

DRV:64bit: - [2007/06/29 14:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)

DRV:64bit: - [2007/05/24 06:30:02 | 000,072,192 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)

DRV:64bit: - [2007/05/09 09:37:52 | 000,484,736 | ---- | M] (Pinnacle a division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\MarvinAVS64.sys -- (PinnacleMarvinAVS)

DRV:64bit: - [2007/05/03 13:15:12 | 000,021,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTictwl.sys -- (NCPro)

DRV:64bit: - [2006/11/10 09:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATITool64.sys -- (ATITool)

DRV:64bit: - [2006/09/20 04:37:22 | 000,022,064 | ---- | M] (ABIT) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uGuru.sys -- (UGURU)

DRV - [2012/09/14 17:37:34 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120914.002\ex64.sys -- (NAVEX15)

DRV - [2012/09/14 17:37:33 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120914.002\eng64.sys -- (NAVENG)

DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120914.001\IDSviA64.sys -- (IDSVia64)

DRV - [2012/08/31 18:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120905.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2012/08/09 01:44:47 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012/08/09 01:44:47 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/06/29 16:41:52 | 000,015,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision X\RTCore64.sys -- (RTCore64)

DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2008/12/17 22:27:35 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Users\Daddy\Documents\Computer Utilities\RealTemp_2.87\WinRing0x64.sys -- (WinRing0_1_2_0)

DRV - [2006/11/08 13:43:56 | 000,011,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\U-ABIT\FlashMenu\WinFlash64.sys -- (Winflash)

DRV - [2005/10/21 07:25:32 | 000,013,396 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\MTictwl.sys -- (NCPro)

DRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}

IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2612669

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 8D CC 1C A6 69 CB 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig

IE - HKCU\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {EE171C03-A2C3-44C5-8DB8-D468274AF87F}

IE - HKCU\..\SearchScopes\{467BBA57-ECFE-4412-A3F0-FCDE1C45C3AB}: "URL" = http://search.espn.go.com/results?searchString={searchTerms}&fromForm=true

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}

IE - HKCU\..\SearchScopes\{EE171C03-A2C3-44C5-8DB8-D468274AF87F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGHP_en

IE - HKCU\..\SearchScopes\{F05C35F5-7733-4FA0-85CD-BFA4498B6BF6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"

FF - prefs.js..browser.search.defaultthis.engineName: "IMVU Inc Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9

FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 1

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: textlinks@gamevance.com:1.0.0

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.3.6

FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found

FF - HKLM\Software\MozillaPlugins\@dyyno.com/vlc;version=0.8.6f: C:\Program Files (x86)\Dyyno\Dyyno Player\npvlc.dll (Dyyno)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Daddy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Daddy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daddy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daddy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\IPSFFPlgn\ [2012/04/28 07:39:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\coFFPlgn\ [2012/09/14 21:34:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.40\coFFFw\

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/23 13:59:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/23 13:59:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension

[2012/01/02 19:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daddy\AppData\Roaming\Mozilla\Extensions

[2012/05/04 05:50:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\qm5g6rc1.default\extensions

[2012/03/31 23:02:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\qm5g6rc1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011/04/12 16:15:16 | 000,002,014 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\qm5g6rc1.default\searchplugins\bing-zugo.xml

[2012/08/31 14:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/04/28 07:39:38 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\IPSFFPLGN

[2010/06/11 22:03:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2012/06/04 20:52:18 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll

[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll

[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll

[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll

[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll

[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll

[2012/02/25 14:27:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/03/27 13:42:57 | 000,002,051 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchstonicus.xml

[2012/01/02 19:10:39 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

[2012/02/25 14:27:26 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Calorie Count Plus Toolbar) - {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - C:\Program Files (x86)\ccptb\ccptb.dll ( )

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Calorie Count Plus Toolbar) - {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - C:\Program Files (x86)\ccptb\ccptb.dll ( )

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Calorie Count Plus Toolbar) - {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - C:\Program Files (x86)\ccptb\ccptb.dll ( )

O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: mcleancont.com ([citrix] https in Trusted sites)

O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.26.0.cab (SysInfo Class)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)

O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB (Wizard101GameLauncher)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40236.725474537 (Update Class)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)

O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39C63FB6-02E5-47FE-B86F-9AA44F31660C}: DhcpNameServer = 192.168.1.1 71.252.0.12

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found

O18:64bit: - Protocol\Filter\ica - No CLSID value found

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Daddy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Daddy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/05/22 23:21:14 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{2e9af24b-e11e-11e1-bc8d-00508dba6a8e}\Shell - "" = AutoRun

O33 - MountPoints2\{2e9af24b-e11e-11e1-bc8d-00508dba6a8e}\Shell\AutoRun\command - "" = H:\MotoCastSetup.exe -a

O33 - MountPoints2\{32a8c8aa-2840-11df-ae6f-00508dba6a8e}\Shell - "" = AutoRun

O33 - MountPoints2\{32a8c8aa-2840-11df-ae6f-00508dba6a8e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{601a3923-dbcb-11e1-a149-00508dba6a8e}\Shell - "" = AutoRun

O33 - MountPoints2\{601a3923-dbcb-11e1-a149-00508dba6a8e}\Shell\AutoRun\command - "" = I:\MotoCastSetup.exe -a

O33 - MountPoints2\{6f95fd69-7944-11de-912b-00508dba6a8e}\Shell - "" = AutoRun

O33 - MountPoints2\{6f95fd69-7944-11de-912b-00508dba6a8e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{774672dd-5f2f-11e1-a8a8-00508dba6a8e}\Shell - "" = AutoRun

O33 - MountPoints2\{774672dd-5f2f-11e1-a8a8-00508dba6a8e}\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a

O33 - MountPoints2\{8a6a1de8-bb67-11dd-a8ea-00508dba6a8e}\Shell - "" = AutoRun

O33 - MountPoints2\{8a6a1de8-bb67-11dd-a8ea-00508dba6a8e}\Shell\AutoRun\command - "" = F:\Setup.exe

O33 - MountPoints2\{d3021943-e1a7-11e0-bf48-00508dba6a8e}\Shell - "" = AutoRun

O33 - MountPoints2\{d3021943-e1a7-11e0-bf48-00508dba6a8e}\Shell\AutoRun\command - "" = F:\setup.exe -a

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk - C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe - (Autodesk, Inc)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk - - File not found

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor for SD.lnk - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe - (PIXELA CORPORATION)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe - (Eastman Kodak Company)

MsConfig:64bit - StartUpFolder: C:^Users^Mommy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()

MsConfig:64bit - StartUpFolder: C:^Users^Mommy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()

MsConfig:64bit - StartUpFolder: C:^Users^Mommy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()

MsConfig:64bit - StartUpFolder: C:^Users^Nick^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk - - File not found

MsConfig:64bit - StartUpFolder: C:^Users^Nick^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()

MsConfig:64bit - StartUpReg: 4StoryPrePatch - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Akamai NetSession Interface - hkey= - key= - C:\Users\Daddy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: ConnectionCenter - hkey= - key= - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

MsConfig:64bit - StartUpReg: Gamevance - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

MsConfig:64bit - StartUpReg: HLBackupScheduler - hkey= - key= - C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()

MsConfig:64bit - StartUpReg: hpqSRMon - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: MotoCast - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: RivaTunerStartupDaemon - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: Shockwave Updater - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: Spotify - hkey= - key= - C:\Users\Mommy\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)

MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\Mommy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

MsConfig:64bit - StartUpReg: VerizonServicepoint.exe - hkey= - key= - C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe (Verizon)

MsConfig:64bit - StartUpReg: Verizon_McciTrayApp - hkey= - key= - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)

MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: WLSync - hkey= - key= - C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= - File not found

MsConfig:64bit - State: "bootini" - Reg Error: Key error.

MsConfig:64bit - State: "startup" - Reg Error: Key error.

MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: WinDefend - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: BFE - Service

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: MPSSvc - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: WinDefend - Service

SafeBootNet:64bit: WudfPf - Driver

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: BFE - Service

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: MPSSvc - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - Service

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

Link to post
Share on other sites

Step 3 - OTL.exe Continued

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player

ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)

Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()

Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

Drivers32: vidc.i420 - vdrcodec.dll File not found

Drivers32: VIDC.MJPG - C:\Windows\SysWow64\pvmjpg30.dll (Pegasus Imaging Corporation)

Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/14 21:37:15 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Daddy\Desktop\OTL.exe

[2012/09/14 21:23:38 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Daddy\Desktop\tdsskiller.exe

[2012/09/14 19:46:44 | 000,000,000 | ---D | C] -- C:\Users\Daddy\Desktop\RK_Quarantine

[2012/09/14 19:16:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/09/14 19:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/09/14 19:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2012/09/14 18:25:45 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{4A3DD88C-1CAA-4CCA-BB61-FE51983C6D6F}

[2012/09/13 21:14:53 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{B6B2F80B-3534-4921-A772-5B9492633838}

[2012/09/12 21:00:08 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{3E3F0CA4-C5A5-4BB4-AB81-716441C5F7E9}

[2012/09/12 08:59:34 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{19FA9E90-07E7-4262-BD44-570F46E89F31}

[2012/09/12 08:42:24 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Daddy\Desktop\dds.com

[2012/09/05 06:11:22 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{57F24FA5-6F5D-4297-8240-BE1CD2C9144D}

[2012/09/03 16:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek

[2012/09/03 16:48:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2012/09/03 16:46:29 | 000,525,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll

[2012/09/03 16:46:19 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll

[2012/09/03 16:46:19 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll

[2012/09/03 16:46:19 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll

[2012/09/03 16:46:19 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll

[2012/09/03 16:46:18 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2012/09/03 16:46:18 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2012/09/03 16:46:18 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2012/09/03 16:46:18 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2012/09/03 16:46:18 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll

[2012/09/03 16:46:16 | 000,220,776 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll

[2012/09/03 16:46:15 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll

[2012/09/03 16:46:15 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll

[2012/09/03 16:46:14 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll

[2012/09/03 16:46:14 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll

[2012/09/03 16:46:13 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll

[2012/09/03 16:46:13 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl

[2012/09/03 16:46:13 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll

[2012/09/03 16:46:12 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll

[2012/09/03 16:46:12 | 005,096,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat

[2012/09/03 16:46:12 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll

[2012/09/03 16:46:12 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll

[2012/09/03 16:46:12 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll

[2012/09/03 16:46:12 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll

[2012/09/03 16:46:12 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll

[2012/09/03 16:46:12 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2012/09/03 16:46:12 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2012/09/03 16:46:12 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll

[2012/09/03 16:46:12 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll

[2012/09/03 16:46:12 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll

[2012/09/03 16:46:12 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll

[2012/09/03 16:46:12 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll

[2012/09/03 16:46:12 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll

[2012/09/03 16:46:12 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll

[2012/09/03 16:46:12 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll

[2012/09/03 16:46:12 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll

[2012/09/03 16:46:11 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll

[2012/09/03 16:46:11 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll

[2012/09/03 16:46:10 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll

[2012/09/03 16:46:10 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll

[2012/09/03 16:46:10 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll

[2012/09/03 16:46:09 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll

[2012/09/03 16:46:09 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll

[2012/09/03 16:46:09 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2012/09/03 16:46:08 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

[2012/09/03 16:46:08 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll

[2012/09/03 16:46:08 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll

[2012/09/03 16:46:08 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll

[2012/09/03 16:46:08 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll

[2012/09/03 16:46:08 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll

[2012/09/03 16:46:08 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll

[2012/09/03 16:46:08 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll

[2012/09/03 16:46:08 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll

[2012/09/03 16:46:08 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll

[2012/09/03 16:46:08 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll

[2012/09/03 16:46:08 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll

[2012/09/03 16:46:08 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll

[2012/09/03 16:46:08 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll

[2012/09/03 16:46:08 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll

[2012/09/03 16:46:08 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll

[2012/09/03 16:46:07 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll

[2012/09/03 16:46:07 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll

[2012/09/03 16:46:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek

[2012/09/03 16:46:00 | 001,706,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll

[2012/09/02 13:38:41 | 000,000,000 | ---D | C] -- C:\Users\Daddy\Documents\Podcast

[2012/09/02 13:29:16 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\Motorola

[2012/09/02 13:28:24 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Roaming\Motorola Mobility

[2012/09/02 13:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola Mobility

[2012/09/01 13:37:29 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{418F8885-4FE1-408A-B90D-9537524FA9F3}

[2012/09/01 07:58:11 | 000,000,000 | ---D | C] -- C:\Users\Daddy\Documents\Cheerleading

[2012/08/31 14:12:36 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{E4916322-22DC-4B88-864D-F2F57F602A06}

[2012/08/23 15:06:28 | 000,039,424 | ---- | C] (AMD, Inc.) -- C:\Windows\SysNative\drivers\AmdLLD64.sys

[2012/08/23 15:06:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD

[2012/08/23 11:05:35 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{36823A00-5521-4646-9F17-A3442FBD94C9}

[2012/08/22 12:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls

[2012/08/21 15:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios

[2012/08/21 15:52:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios

[2012/08/20 18:44:15 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{7C7A8F9C-5A04-4737-9272-2F582ED2A214}

[2012/08/18 08:20:23 | 000,000,000 | ---D | C] -- C:\Users\Daddy\Documents\Home Improvement

[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/14 21:39:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-53450069-800913693-2988721728-1000UA.job

[2012/09/14 21:37:16 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Daddy\Desktop\OTL.exe

[2012/09/14 21:31:20 | 000,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/09/14 21:31:20 | 000,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/09/14 21:31:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/09/14 21:23:38 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Daddy\Desktop\tdsskiller.exe

[2012/09/14 20:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/09/14 19:45:26 | 001,378,816 | ---- | M] () -- C:\Users\Daddy\Desktop\RogueKiller.exe

[2012/09/14 19:33:39 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-53450069-800913693-2988721728-1000Core.job

[2012/09/14 19:14:27 | 000,000,723 | ---- | M] () -- C:\Users\Daddy\Desktop\NTREGOPT.lnk

[2012/09/14 19:14:26 | 000,000,704 | ---- | M] () -- C:\Users\Daddy\Desktop\ERUNT.lnk

[2012/09/13 05:26:20 | 000,716,864 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/09/13 05:26:20 | 000,613,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/09/13 05:26:20 | 000,108,228 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/09/12 09:04:30 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI

[2012/09/12 08:58:51 | 000,015,095 | ---- | M] () -- C:\Users\Daddy\Documents\forgotthedamnedloginCSV.ods

[2012/09/12 08:42:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Daddy\Desktop\dds.com

[2012/09/11 21:29:01 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/09/03 16:46:43 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll

[2012/09/02 21:52:36 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job

[2012/09/01 13:33:37 | 000,075,753 | ---- | M] () -- C:\Users\Daddy\Documents\2012.09.01rodgersaccountbalance.pdf

[2012/08/31 14:28:31 | 000,123,624 | ---- | M] () -- C:\Users\Daddy\Documents\birthcertorder.pdf

[2012/08/30 21:03:26 | 000,018,693 | ---- | M] () -- C:\Users\Daddy\Documents\Cheerleading Snack Schedule.ods

[2012/08/30 19:19:36 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW

[2012/08/27 15:06:53 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\MCLIENTx64\0301000.018\isolate.ini

[2012/08/22 23:12:37 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/08/22 23:12:37 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/08/15 23:12:52 | 845,034,621 | ---- | M] () -- C:\Windows\MEMORY.DMP

[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/14 19:45:26 | 001,378,816 | ---- | C] () -- C:\Users\Daddy\Desktop\RogueKiller.exe

[2012/09/14 19:14:26 | 000,000,723 | ---- | C] () -- C:\Users\Daddy\Desktop\NTREGOPT.lnk

[2012/09/14 19:14:26 | 000,000,704 | ---- | C] () -- C:\Users\Daddy\Desktop\ERUNT.lnk

[2012/09/11 21:29:01 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/03 16:46:12 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT

[2012/09/01 13:33:36 | 000,075,753 | ---- | C] () -- C:\Users\Daddy\Documents\2012.09.01rodgersaccountbalance.pdf

[2012/08/31 14:28:30 | 000,123,624 | ---- | C] () -- C:\Users\Daddy\Documents\birthcertorder.pdf

[2012/08/30 21:01:05 | 000,018,693 | ---- | C] () -- C:\Users\Daddy\Documents\Cheerleading Snack Schedule.ods

[2012/08/30 19:19:36 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW

[2012/08/15 23:12:52 | 845,034,621 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/07/14 18:44:20 | 000,002,086 | ---- | C] () -- C:\Users\Daddy\.recently-used.xbel

[2012/05/24 00:03:34 | 000,109,108 | ---- | C] () -- C:\Users\Daddy\AppData\Roaming\icarus-dxdiag.xml

[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2012/01/16 22:32:24 | 000,009,310 | ---- | C] () -- C:\Users\Daddy\AppData\Roaming\beda7ebd

[2012/01/16 22:32:24 | 000,009,233 | ---- | C] () -- C:\ProgramData\84e2a78c

[2012/01/16 22:32:24 | 000,009,179 | ---- | C] () -- C:\Users\Daddy\AppData\Local\a37c1552

[2011/09/24 07:49:43 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2011/08/26 18:21:30 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll

[2011/07/08 22:27:04 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

[2011/03/18 17:01:58 | 000,000,827 | ---- | C] () -- C:\Windows\BTI.INI

[2011/03/18 17:01:52 | 000,206,848 | ---- | C] () -- C:\Windows\SysWow64\DBSETUP.EXE

[2011/03/18 17:01:52 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\DBU_UI.DLL

[2011/03/18 17:01:51 | 000,101,888 | ---- | C] () -- C:\Windows\SysWow64\BUTIL.DLL

[2011/03/18 17:01:50 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\WDBUUI32.DLL

[2011/03/18 17:01:50 | 000,038,576 | ---- | C] () -- C:\Windows\SysWow64\NWLOCALE.DLL

[2011/03/18 17:01:49 | 000,009,136 | ---- | C] () -- C:\Windows\SysWow64\INETWH16.DLL

[2011/03/16 21:06:23 | 000,320,512 | ---- | C] () -- C:\Windows\SysWow64\W32MKDE.EXE

[2011/03/16 21:06:23 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\W32MKRC.DLL

[2010/08/23 22:53:06 | 000,023,676 | ---- | C] () -- C:\Users\Daddy\AppData\Roaming\UserTile.png

[2010/02/25 23:21:29 | 000,005,198 | -HS- | C] () -- C:\Users\Daddy\AppData\Local\JjrT1QIkQ3n

[2009/05/09 22:48:30 | 000,000,760 | ---- | C] () -- C:\Users\Daddy\AppData\Roaming\setup_ldm.iss

[2009/03/13 21:51:50 | 000,000,552 | ---- | C] () -- C:\Users\Daddy\AppData\Local\d3d8caps.dat

[2009/03/04 17:07:13 | 000,000,680 | ---- | C] () -- C:\Users\Daddy\AppData\Local\d3d9caps.dat

[2008/12/13 17:45:08 | 000,000,632 | RHS- | C] () -- C:\Users\Daddy\ntuser.pol

[2008/03/23 13:38:55 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2008/03/23 01:07:01 | 000,081,408 | ---- | C] () -- C:\Users\Daddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/03/22 01:31:47 | 000,000,093 | ---- | C] () -- C:\Users\Daddy\AppData\Local\fusioncache.dat

[2008/03/21 01:39:39 | 000,001,460 | ---- | C] () -- C:\Users\Daddy\AppData\Local\d3d9caps64.dat

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %ALLUSERSPROFILE%\Application Data\*.dll /s >

< %APPDATA%\*. >

[2011/03/26 08:02:38 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Adobe

[2011/11/19 22:05:15 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Apple Computer

[2011/03/06 15:59:13 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\ArcSoft

[2008/11/25 23:39:57 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Autodesk

[2008/08/30 21:50:31 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\AVS4YOU

[2008/07/03 20:27:03 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\BitZipper

[2010/04/11 14:08:15 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\BonkEnc

[2009/01/24 20:21:12 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Bullzip

[2010/07/10 13:58:11 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\CameraWindowDC

[2011/09/25 11:38:43 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Canon

[2010/02/12 11:01:57 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\CANON INC

[2010/06/15 22:25:02 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\ccptb

[2009/07/22 05:39:01 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Citrix

[2008/11/25 23:06:01 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\DAEMON Tools

[2012/07/09 21:30:09 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\DAEMON Tools Lite

[2008/08/19 22:15:00 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\DeepBurner

[2011/02/28 22:09:14 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\DivX

[2008/11/29 00:45:59 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\dyyno-vlc

[2011/04/06 21:49:43 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Engius, LLC

[2012/01/12 22:07:33 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\FileZilla

[2011/03/28 21:43:59 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\GeoVid

[2011/02/18 21:15:26 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Google

[2012/07/14 18:20:14 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\gtk-2.0

[2009/01/02 23:17:10 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Help

[2010/02/19 13:45:22 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\HLSW

[2011/07/22 20:16:27 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\ICAClient

[2008/03/21 01:39:44 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Identities

[2008/03/31 22:33:29 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\ImgBurn

[2008/03/21 23:21:24 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\InstallShield

[2008/12/27 10:59:37 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Intuit

[2011/03/06 16:01:20 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\KodakCredentialStore

[2009/08/10 18:17:19 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\KompoZer

[2008/05/06 22:54:40 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Leadertech

[2010/04/11 00:21:01 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Logishrd

[2010/04/11 00:24:38 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Logitech

[2008/03/21 22:55:50 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Macromedia

[2012/01/17 00:04:19 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Malwarebytes

[2006/11/02 11:07:25 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Media Center Programs

[2011/03/26 08:02:38 | 000,000,000 | --SD | M] -- C:\Users\Daddy\AppData\Roaming\Microsoft

[2010/06/16 19:57:22 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Microsoft Games

[2010/09/17 05:34:28 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Motive

[2012/09/02 13:46:03 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Motorola

[2012/09/02 13:28:24 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Motorola Mobility

[2012/01/16 22:53:35 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Move Networks

[2012/09/12 18:34:56 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Mozilla

[2010/05/21 11:23:50 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\My Games

[2011/09/29 12:31:10 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\NVIDIA

[2009/01/12 22:21:47 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Nvu

[2011/04/12 16:15:23 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\ooVoo Details

[2009/01/05 22:51:19 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org

[2009/01/05 20:57:55 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org2

[2010/08/23 22:53:05 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\PeerNetworking

[2008/12/26 09:41:51 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Roxio

[2008/08/24 20:30:03 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Skinux

[2008/12/25 12:37:32 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Sony

[2008/12/25 12:27:45 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Sony Setup

[2011/10/23 15:04:29 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\StreamTorrent

[2009/09/13 22:57:23 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Sun

[2012/04/15 22:11:39 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\SystemRequirementsLab

[2011/09/04 17:15:19 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Temp

[2012/02/04 05:57:17 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\The Creative Assembly

[2010/05/28 10:38:19 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Tific

[2009/07/25 14:02:28 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\U3

[2011/04/12 21:29:27 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Ventrilo

[2009/03/30 18:03:39 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Verizon

[2012/09/02 13:30:57 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\vlc

[2010/10/24 19:02:10 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Windows Live Writer

[2011/08/30 21:17:49 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Xfire

[2010/09/04 11:13:54 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\ZoomBrowser EX

< %APPDATA%\*.exe /s >

[2010/04/11 00:24:25 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Daddy\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

[2008/04/20 01:24:00 | 000,021,630 | R--- | M] () -- C:\Users\Daddy\AppData\Roaming\Microsoft\Installer\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}\_6FEFF9B68218417F98F549.exe

[2008/04/20 01:24:00 | 000,006,462 | R--- | M] () -- C:\Users\Daddy\AppData\Roaming\Microsoft\Installer\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}\_7128E1F9F222A8E24D3CAA.exe

[2008/04/20 01:24:00 | 000,021,630 | R--- | M] () -- C:\Users\Daddy\AppData\Roaming\Microsoft\Installer\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}\_CFD6D42B6B589B419C4C1C.exe

[2008/04/20 01:24:00 | 000,021,630 | R--- | M] () -- C:\Users\Daddy\AppData\Roaming\Microsoft\Installer\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}\_ED5A694DDDFCA3353724A2.exe

[2008/05/23 22:53:10 | 000,015,086 | R--- | M] () -- C:\Users\Daddy\AppData\Roaming\Microsoft\Installer\{CEF736FF-8133-42F3-8E18-BDFE293B87FF}\ARPPRODUCTICON.exe

[2009/08/29 15:08:27 | 000,015,086 | R--- | M] () -- C:\Users\Daddy\AppData\Roaming\Microsoft\Installer\{D761BBA0-FBDD-4E81-96E1-43B957D91BD8}\ARPPRODUCTICON.exe

[2009/08/29 15:11:06 | 000,015,086 | R--- | M] () -- C:\Users\Daddy\AppData\Roaming\Microsoft\Installer\{F82E9B29-EE4B-418F-9CA4-A70DA610553D}\ARPPRODUCTICON.exe

[2009/06/16 02:35:42 | 000,097,144 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe

[2008/12/25 12:29:43 | 027,288,880 | ---- | M] (Apple Inc.) -- C:\Users\Daddy\AppData\Roaming\Sony Setup\A189E68E-2253-4C3B-86B7-D77E36F13C55\QuickTimeInstaller.exe

< %APPDATA%\*.dll /s >

[2012/01/15 18:55:46 | 005,494,272 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\Adobe\Flash Player\NativeCache\4C35D13E7986AF668024429FA6710AC1\500dfefe\adobecp-300592-2.dll

[2012/08/24 13:58:36 | 000,325,144 | ---- | M] (Google) -- C:\Users\Daddy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

[2012/08/24 13:58:40 | 004,736,024 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

[2012/08/24 13:22:56 | 003,734,536 | ---- | M] (Microsoft Corporation) -- C:\Users\Daddy\AppData\Roaming\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll

[2012/06/24 19:15:25 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sveieot.tmp_\presentation-minimizer.oxt\msvcm90.dll

[2012/06/24 19:15:25 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sveieot.tmp_\presentation-minimizer.oxt\msvcp90.dll

[2012/06/24 19:15:25 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sveieot.tmp_\presentation-minimizer.oxt\msvcr90.dll

[2012/06/24 19:15:25 | 000,245,248 | ---- | M] (Apache Software Foundation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sveieot.tmp_\presentation-minimizer.oxt\SunPresentationMinimizer.uno.dll

[2012/06/24 19:15:32 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sveihlf.tmp_\presenter-screen.oxt\msvcm90.dll

[2012/06/24 19:15:35 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sveihlf.tmp_\presenter-screen.oxt\msvcp90.dll

[2012/06/24 19:15:35 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sveihlf.tmp_\presenter-screen.oxt\msvcr90.dll

[2012/06/24 19:15:35 | 000,709,632 | ---- | M] (Apache Software Foundation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions\sveihlf.tmp_\presenter-screen.oxt\PresenterScreen.uno.dll

[2012/06/24 19:15:26 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\sveifev.tmp_\presentation-minimizer.oxt\msvcm90.dll

[2012/06/24 19:15:26 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\sveifev.tmp_\presentation-minimizer.oxt\msvcp90.dll

[2012/06/24 19:15:26 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\sveifev.tmp_\presentation-minimizer.oxt\msvcr90.dll

[2012/06/24 19:15:26 | 000,245,248 | ---- | M] (Apache Software Foundation) -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\sveifev.tmp_\presentation-minimizer.oxt\SunPresentationMinimizer.uno.dll

[2010/10/30 15:41:04 | 000,092,280 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.3.1.0A.dll

[2011/02/04 21:06:08 | 000,094,008 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.4.16.0A.dll

[2012/04/15 22:11:39 | 000,094,488 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.5.1.0A.dll

[2011/01/23 00:44:10 | 000,290,816 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll

[2011/01/23 00:44:10 | 000,290,816 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll

[2011/01/23 00:44:10 | 000,290,816 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll

[2011/01/23 00:44:10 | 000,290,816 | ---- | M] () -- C:\Users\Daddy\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll

< %SYSTEMDRIVE%\*.exe >

[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: AGP440.SYS >

[2006/11/02 08:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys

[2008/01/19 04:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

[2008/01/19 04:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >

[2008/03/22 09:57:31 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=05001E1FACCE49DB895B8526B05C7302 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_37cb142cf6008bc1\atapi.sys

[2008/01/19 04:07:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

[2008/03/22 09:57:31 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=BB55C79E0595D8CFBE4A80A3C9EB77EA -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\atapi.sys

[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys

[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >

[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll

[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll

[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll

[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >

[2008/01/19 04:11:31 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

[2006/11/02 07:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys

< MD5 for: NETLOGON.DLL >

[2008/01/19 04:03:01 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll

[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll

[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll

[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll

[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll

[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll

[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

[2006/11/02 07:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2006/11/02 08:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys

[2008/01/19 04:08:50 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >

[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll

[2006/11/02 07:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll

[2008/01/19 04:03:55 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll

[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll

[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll

[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll

[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll

[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< MD5 for: SERVICES.EXE >

[2006/11/02 07:16:09 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=0A87F57DFC2C0EB9BBA8BE1C87BAFE1A -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_294799ef88bb616c\services.exe

[2008/01/19 03:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe

[2006/11/02 05:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe

[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe

[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe

[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe

[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

[2008/01/19 04:00:35 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

< MD5 for: THEMEUI.DLL >

[2006/11/02 07:19:10 | 000,688,128 | ---- | M] (Microsoft Corporation) MD5=43E84A3B0F06A7B1B1D071BEE20C3685 -- C:\Windows\winsxs\amd64_microsoft-windows-themeui_31bf3856ad364e35_6.0.6000.16386_none_dee66ffad6f3899d\themeui.dll

[2009/04/11 02:28:24 | 000,615,424 | ---- | M] (Microsoft Corporation) MD5=4CF66D8014ECB3BF517E38C5B90AAC74 -- C:\Windows\SysWOW64\themeui.dll

[2009/04/11 02:28:24 | 000,615,424 | ---- | M] (Microsoft Corporation) MD5=4CF66D8014ECB3BF517E38C5B90AAC74 -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.0.6002.18005_none_86ea0f7f18a2f487\themeui.dll

[2008/01/19 03:36:40 | 000,615,424 | ---- | M] (Microsoft Corporation) MD5=56BA1BD7176DBBFBD037275819DA4AE3 -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.0.6001.18000_none_84fe96731b81293b\themeui.dll

[2006/11/02 05:46:13 | 000,615,424 | ---- | M] (Microsoft Corporation) MD5=57662420C44382D612E40043DA492616 -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.0.6000.16386_none_82c7d4771e961867\themeui.dll

[2009/04/11 03:11:27 | 000,688,640 | ---- | M] (Microsoft Corporation) MD5=A83ABA8C35FC10E8CECF4A241ECAFA9F -- C:\Windows\SysNative\themeui.dll

[2009/04/11 03:11:27 | 000,688,640 | ---- | M] (Microsoft Corporation) MD5=A83ABA8C35FC10E8CECF4A241ECAFA9F -- C:\Windows\winsxs\amd64_microsoft-windows-themeui_31bf3856ad364e35_6.0.6002.18005_none_e308ab02d10065bd\themeui.dll

[2008/01/19 04:04:16 | 000,688,128 | ---- | M] (Microsoft Corporation) MD5=DAE68AD95119FF3DE58B72B44CA2DDC8 -- C:\Windows\winsxs\amd64_microsoft-windows-themeui_31bf3856ad364e35_6.0.6001.18000_none_e11d31f6d3de9a71\themeui.dll

< MD5 for: USERINIT.EXE >

[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe

[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

[2006/11/02 07:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe

[2008/01/19 04:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe

[2008/01/19 04:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< c:|services.ex;true;true;true; /FP >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A1063995

@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:6DFF1A8A

< End of report >

Link to post
Share on other sites

Step 4 - FSS.exe

Farbar Service Scanner Version: 06-08-2012

Ran by Daddy (administrator) on 14-09-2012 at 22:30:20

Running from "C:\Users\Daddy\Desktop"

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

wscsvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcsvc.dll

[2009-07-17 06:09] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys

[2012-02-14 17:17] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2012-05-10 15:24] - [2012-03-30 08:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll

[2011-04-14 19:26] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll

[2009-07-17 06:09] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll

[2009-07-17 06:09] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe

[2009-07-17 06:10] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll

[2009-07-17 06:09] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll

[2009-07-17 06:09] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll

[2009-07-17 06:10] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll

[2009-07-17 06:09] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll

[2012-06-14 07:17] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll

[2009-07-17 06:10] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

**** End of log ****

What a tremendous amount of text to go through. Thanks again for your help.

Link to post
Share on other sites

Reminder: Do not do any websurfing, online games, online banking, online transactions of any sort.

Only go to this forum and the websites I guide you to.

Yes, the logs were lengthy, but very much needed. There are a handful of Windows services "awol" which have your system at risk, and need fixing.

There will be lots more to do later. Have patience. We will address the issues.

This is just a starter.

Download these 4 registry-fixes and SAVE them to your DESKTOP

http://download.bleepingcomputer.com/win-services/vista/BFE.reg

http://download.bleepingcomputer.com/win-services/vista/MpsSvc.reg

http://download.bleepingcomputer.com/win-services/vista/WinDefend.reg

http://download.bleepingcomputer.com/win-services/vista/wscsvc.reg

For each one, do a RIGHT-click on the reg-file and select MERGE to merge them into the registry.

If you run into an issue, STOP and report.

When done with this phase, Logoff and Restart the system.

Let me know the results.

Link to post
Share on other sites

We still have a lot more to do !

Make a new run of FSS and copy/paste the log

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

Link to post
Share on other sites

Farbar Service Scanner Version: 06-08-2012

Ran by Daddy (administrator) on 15-09-2012 at 11:17:35

Running from "C:\Users\Daddy\Desktop"

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:

The start type of bfe service is OK.

The ImagePath of bfe service is OK.

The ServiceDll of bfe service is OK.

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is OK.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcsvc.dll

[2009-07-17 06:09] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys

[2012-02-14 17:17] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2012-05-10 15:24] - [2012-03-30 08:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll

[2011-04-14 19:26] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll

[2009-07-17 06:09] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll

[2009-07-17 06:09] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe

[2009-07-17 06:10] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll

[2009-07-17 06:09] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll

[2009-07-17 06:09] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll

[2009-07-17 06:10] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll

[2009-07-17 06:09] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll

[2012-06-14 07:17] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll

[2009-07-17 06:10] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

**** End of log ****

Link to post
Share on other sites

Turn off your Norton360 antivirus

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :files
    recycler /alldrives
    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e9af24b-e11e-11e1-bc8d-00508dba6a8e}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32a8c8aa-2840-11df-ae6f-00508dba6a8e}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{601a3923-dbcb-11e1-a149-00508dba6a8e}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f95fd69-7944-11de-912b-00508dba6a8e}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{774672dd-5f2f-11e1-a8a8-00508dba6a8e}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a6a1de8-bb67-11dd-a8ea-00508dba6a8e}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3021943-e1a7-11e0-bf48-00508dba6a8e}]
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [EMPTYFLASH]
    [emptyjava]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button runFixbutton.png.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

NEXT

Do this batch run and advise me after it is completed.

Windows services

This will be a batch-fix .

  • Press the Windows-key on keyboard.
  • In the 10-16-2011%204-33-46%20PM.png box, type notepad and press Enter.
  • Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    @Echo off
    sc stop msiserver
    sc config msiserver start= manual
    sc start msiserver
    sc config dcomlaunch start= auto
    sc config nsi start= auto
    sc config dhcp start= auto
    sc config rpcss start= auto
    sc config winmgmt start= auto
    sc config wscsvc start= delayed-auto
    sc config bits start= delayed-auto
    sc config wuauserv start= delayed-auto
    sc config sdrsvc start= manual
    sc config vss start= auto
    sc config eventlog start= auto
    sc start mpsdrv
    sc start mpssvc
    shutdown -r -t 1
    del %0


  • Select File -> Save AS.
  • Press the Desktop button on the left side of the save dialog.
  • In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.
  • Press 10-16-2011%204-36-39%20PM.png.
  • Close Notepad.
  • Right click Fix.bat on your desktop, and choose 10-16-2011%204-40-48%20PM.png.
  • Press Yes if prompted by User Account Control.

This procedure will do its tasks and then it will Restart Windows.

Link to post
Share on other sites

Houston we have a problem!

I disabled Norton360 per instructions and copied and pasted the lines between the **** below the blue bar, closed my browser, and clicked "Run Fix"

Everything seemed to be going swimmingly until it got to the [CLEARALLRESTOREPOINTS]

Message at the bottom of the OTL window said "Clearing Restore Points Do Not Interrupt"

All of a sudden the program crashed and a windows error message popped up that said "OTL has stopped working A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available."

I looked to see if there was a log in C:\_OTL\MovedFiles and there isn't.

I did not attempt to re-run it or move on to the next step pending further instructions.

Thanks again for your help.

Link to post
Share on other sites

I copied and pasted the text into notepad and it all came out on one line like:


@Echo offsc stop msiserversc config msiserver start=manualsc start msiserversc..........

I thought it was odd but went with it and when I ran it as administrator a box flashed on the screen and nothing happened for a very long time. I then edited the file so each "command" was on a separate line as shown in your codebox. I right clicked it and a command window popped up for a quick couple of seconds, ran through a bunch of steps (the commands I'm assuming) quicker than I could read, and then the fix.bat file deleted itself. I waited about 10 minutes for the system to re-start but it never did. I then restarted it myself via the start menu.

The system seems great. I checked my wifes user account and can access the public pictures folder. I then checked out the Control Panel from my user account and I don't get any "service missing" type messages when clicking around in there. I think startup is faster now too.

Link to post
Share on other sites

Verify a setting in NOTEPAD. Start it.

Then on main menu, select Format. Make sure that Word wrap is NOT checkmarked (on).

IF and only if, it is, then click that selection one-time so that it is "cleared".

Close Notepad.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Hemi425HP only. If you are a casual viewer, do NOT try this on your system!

If you are not Hemi425HP and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Edited by Maurice Naggar
Link to post
Share on other sites

Disabled Norton360 per the instructions and Cobofix still put up a warning. I went into the Norton360 settings and unchecked everything in the "Quick Controls" then clicked OK to let Combofix do it's thing. It took about 12 minutes to run through the 50 stages and the system re-start happened automatically. No "illegal operation" message upon coming back. Combofix took a short while to generate the log and do whatever it does upon re-start. Haven't done much but the system seems really good, windows and files definitely open faster than they did before. Differences I've noticed are there is now an internet explorer icon on my desktop with the name "The Internet". Also I noticed that my network and volume icons are gone from the notification area of my taskbar. I right clicked the taskbar > properties > notification area and under System Icons the options to always show Volume, Network, and Power are greyed out (clock is available and checked). All in all though I wasn't really expecting my computer to be running this much better. It's noticeably faster. Thanks a ton. Combofix log below.

ComboFix 12-09-15.02 - Daddy 09/15/2012 21:28:34.1.4 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.5819 [GMT -4:00]

Running from: c:\users\Daddy\Desktop\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\programdata\84e2a78c

c:\programdata\xmlA757.tmp

c:\programdata\xmlAB6F.tmp

c:\programdata\xmlADD1.tmp

c:\users\Daddy\AppData\Roaming\beda7ebd

c:\users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\qm5g6rc1.default\searchplugins\bing-zugo.xml

c:\windows\SysWow64\AC2005DLL.dll

c:\windows\SysWow64\FlashPlayerInstaller.exe

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-08-16 to 2012-09-16 )))))))))))))))))))))))))))))))

.

.

2012-09-16 01:39 . 2012-09-16 01:44 -------- d-----w- c:\users\Daddy\AppData\Local\temp

2012-09-16 01:39 . 2012-09-16 01:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-09-16 01:39 . 2012-09-16 01:39 -------- d-----w- c:\users\UpdatusUser.Rodgers-PC\AppData\Local\temp

2012-09-16 01:39 . 2012-09-16 01:39 -------- d-----w- c:\users\UpdatusUser.Rodgers-PC.000\AppData\Local\temp

2012-09-16 01:39 . 2012-09-16 01:39 -------- d-----w- c:\users\TEMP.Rodgers-PC\AppData\Local\temp

2012-09-16 01:39 . 2012-09-16 01:39 -------- d-----w- c:\users\Nick\AppData\Local\temp

2012-09-16 01:39 . 2012-09-16 01:39 -------- d-----w- c:\users\Mommy\AppData\Local\temp

2012-09-16 01:39 . 2012-09-16 01:39 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2012-09-16 01:39 . 2012-09-16 01:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-16 01:39 . 2012-09-16 01:39 -------- d-----w- c:\users\Brooke\AppData\Local\temp

2012-09-15 21:05 . 2012-09-15 21:05 -------- d-----w- C:\_OTL

2012-09-14 23:14 . 2012-09-14 23:14 -------- d-----w- c:\program files (x86)\ERUNT

2012-09-13 20:54 . 2012-09-13 20:54 -------- d-----w- c:\windows\system32\drivers\MCLIENTx64\0301000.018

2012-09-03 20:48 . 2012-09-03 20:48 -------- d-----w- c:\program files\Realtek

2012-09-03 20:48 . 2012-09-03 20:48 -------- d-----w- c:\windows\SysWow64\RTCOM

2012-09-02 17:29 . 2012-09-02 17:29 -------- d-----w- c:\users\Daddy\AppData\Local\Motorola

2012-09-02 17:28 . 2012-09-02 17:28 -------- d-----w- c:\users\Daddy\AppData\Roaming\Motorola Mobility

2012-09-02 17:27 . 2012-09-02 17:45 -------- d-----w- c:\program files (x86)\Motorola Mobility

2012-08-23 19:48 . 2012-08-23 19:48 -------- d-----w- c:\users\Nick\AppData\Local\Chromium

2012-08-23 19:06 . 2007-06-29 18:48 39424 ----a-w- c:\windows\system32\drivers\AmdLLD64.sys

2012-08-23 19:06 . 2012-08-23 19:06 -------- d-----w- c:\program files (x86)\AMD

2012-08-23 19:06 . 2012-08-23 19:06 -------- d-----w- c:\users\Nick\AppData\Local\Downloaded Installations

2012-08-22 16:10 . 2012-08-22 16:10 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls

2012-08-21 19:52 . 2012-09-12 22:21 -------- d-----w- c:\programdata\Hi-Rez Studios

2012-08-21 19:52 . 2012-09-12 22:21 -------- d-----w- c:\program files (x86)\Hi-Rez Studios

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-12 10:08 . 2006-11-02 12:35 64462936 ----a-w- c:\windows\system32\mrt.exe

2012-09-07 21:04 . 2012-01-17 04:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-23 03:12 . 2012-03-31 01:17 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-23 03:12 . 2011-05-17 21:46 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-08 22:11 . 2009-02-22 00:28 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-07-08 22:11 . 2009-02-20 22:18 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-07-06 02:17 . 2012-08-15 04:11 37536 ----a-w- c:\windows\system32\drivers\N360x64\0603000.00E\srtspx64.sys

2012-07-06 02:17 . 2012-08-15 04:11 737952 ----a-w- c:\windows\system32\drivers\N360x64\0603000.00E\srtsp64.sys

2012-07-04 14:33 . 2012-08-15 10:08 2769408 ----a-w- c:\windows\system32\win32k.sys

2012-07-03 22:18 . 2008-11-26 03:06 560184 ----a-w- c:\windows\system32\drivers\sptd.sys

2012-07-02 00:27 . 2012-07-02 00:28 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-07-02 00:27 . 2011-02-27 20:52 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-06-29 16:20 . 2012-08-15 09:45 648192 ----a-w- c:\windows\system32\netapi32.dll

2012-06-28 04:10 . 2012-08-15 10:08 17809920 ----a-w- c:\windows\system32\mshtml.dll

2012-06-28 03:39 . 2012-08-15 10:08 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-06-28 03:28 . 2012-08-15 10:08 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-06-28 03:22 . 2012-08-15 10:08 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-28 03:21 . 2012-08-15 10:08 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-28 03:20 . 2012-08-15 10:08 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-28 03:19 . 2012-08-15 10:08 237056 ----a-w- c:\windows\system32\url.dll

2012-06-28 03:17 . 2012-08-15 10:08 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-28 03:16 . 2012-08-15 10:08 816640 ----a-w- c:\windows\system32\jscript.dll

2012-06-28 03:16 . 2012-08-15 10:08 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-28 03:14 . 2012-08-15 10:08 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-28 03:13 . 2012-08-15 10:08 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-28 03:12 . 2012-08-15 10:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-28 03:08 . 2012-08-15 10:08 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-28 00:27 . 2012-08-15 10:08 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-28 00:19 . 2012-08-15 10:08 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-28 00:18 . 2012-08-15 10:08 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-28 00:12 . 2012-08-15 10:08 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-28 00:07 . 2012-08-15 10:08 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 138240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-09-05 2232752]

.

c:\users\Brooke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

IMVU.lnk - c:\users\Daddy\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [N/A]

OpenOffice.org 3.0.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

OpenOffice.org 3.4.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 250568]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 17:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 03:12]

.

2012-09-03 c:\windows\Tasks\EasyShare Registration Task.job

- c:\windows\system32\rundll32.exe [2006-11-02 09:45]

.

2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-13 20:38]

.

2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-13 20:38]

.

2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-53450069-800913693-2988721728-1000Core.job

- c:\users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 02:44]

.

2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-53450069-800913693-2988721728-1000UA.job

- c:\users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 02:44]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]

"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/ig

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;192.168.*.*;<local>

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: mcleancont.com\citrix

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1 71.252.0.12

DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB

DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\qm5g6rc1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)

Toolbar-10 - (no file)

ShellIconOverlayIdentifiers-{2D7E38A6-A604-45AE-9A87-4F5F25760650} - (no file)

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

Toolbar-10 - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MCLIENT]

"ImagePath"="\"c:\program files (x86)\Norton Management\Engine\3.1.0.24\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files (x86)\Norton Management\Engine\3.1.0.24\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.4.131\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9}"=hex:51,66,7a,6c,4c,1d,38,12,6a,a1,44,

a4,fe,f4,48,08,a0,d2,28,ee,8e,f3,79,dd

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{59C6F12B-F004-43E5-9997-08F2123119B6}"=hex:51,66,7a,6c,4c,1d,38,12,45,f2,d5,

5d,36,be,8b,06,e6,81,4b,b2,17,6f,5d,a2

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,

36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:05,bb,7f,09,77,f9,cb,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\FLAGS]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\HELPDIR]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\FLAGS]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\HELPDIR]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

c:\program files (x86)\Common Files\Motive\McciCMService.exe

c:\program files (x86)\Norton Management\Engine\3.1.0.24\ccSvcHst.exe

c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe

c:\program files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Norton Management\Engine\3.1.0.24\ccSvcHst.exe

c:\program files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe

c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe

c:\program files (x86)\EVGA Precision X\EVGAPrecision.exe

c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

c:\program files (x86)\Google\Update\Install\{8764DC4E-ED1C-44AD-8D00-1907FEBB55DD}\GoogleUpdateSetup.exe

c:\program files (x86)\GUM251A.tmp\GoogleUpdate.exe

.

**************************************************************************

.

Completion time: 2012-09-15 21:50:35 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-16 01:50

.

Pre-Run: 59,077,595,136 bytes free

Post-Run: 58,857,312,256 bytes free

.

- - End Of File - - FED5D85C60EBB1FDA0CE37AE3D0930BC

Link to post
Share on other sites

That's a very good summary note from you. I believe some of the "snappier" performance is due to getting a handful of windows services back in order.

We do need a bit more follow-up. One of the things is that there's a few "search" settings for your browsers that need cleaning.

Let's have you do the following.

Step 1

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2

You have FSS.exe from before.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

Step 3

Next, a new run of OTL

Locate the OTL.exe on your Desktop

Right-click OTL.exe otlDesktopIcon.png & select Run as Administrator to start it.

Look at the upper left of window. Press the pink color Quick Scan button.

Have patience while it runs.

It will produce a new log. Save it.

Copy and paste back here a copy of the new OTL.txt

Link to post
Share on other sites

STEP 1 - SECURITY CHECK

Results of screen317's Security Check version 0.99.50

Windows Vista Service Pack 2 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

Norton 360

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.0.1400

Java 6 Update 22

Java 6 Update 33

Java 6 Update 3

Java 6 Update 4

Java 6 Update 5

Java 6 Update 7

Java version out of Date!

Adobe Flash Player 11.3.300.271

Adobe Reader X 10.1.0 Adobe Reader out of Date!

Mozilla Firefox 12.0 Firefox out of Date!

Google Chrome 12.0.742.100

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

STEP 2 - FSS

Farbar Service Scanner Version: 06-08-2012

Ran by Daddy (administrator) on 16-09-2012 at 08:23:11

Running from "C:\Users\Daddy\Desktop"

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcsvc.dll

[2009-07-17 06:09] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys

[2012-02-14 17:17] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2012-05-10 15:24] - [2012-03-30 08:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll

[2011-04-14 19:26] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll

[2009-07-17 06:09] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll

[2009-07-17 06:09] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe

[2009-07-17 06:10] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll

[2009-07-17 06:09] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll

[2009-07-17 06:09] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll

[2009-07-17 06:10] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll

[2009-07-17 06:09] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll

[2012-06-14 07:17] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll

[2009-07-17 06:10] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

**** End of log ****

STEP 3 - OTL (QUICK SCAN)

OTL logfile created on: 9/16/2012 8:24:53 AM - Run 3

OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\Daddy\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.12 Gb Available Physical Memory | 64.03% Memory free

16.18 Gb Paging File | 13.17 Gb Available in Paging File | 81.40% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 55.32 Gb Free Space | 11.88% Space Free | Partition Type: NTFS

Drive F: | 8.92 Gb Total Space | 8.60 Gb Free Space | 96.39% Space Free | Partition Type: FAT32

Drive G: | 7.39 Gb Total Space | 5.88 Gb Free Space | 79.49% Space Free | Partition Type: FAT32

Computer Name: RODGERS-PC | User Name: Daddy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/14 21:37:16 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Daddy\Desktop\OTL.exe

PRC - [2012/08/18 13:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Management\Engine\3.1.0.24\ccSvcHst.exe

PRC - [2012/06/29 16:41:52 | 000,553,800 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe

PRC - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccsvchst.exe

PRC - [2012/05/20 23:45:26 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011/09/05 17:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2010/10/12 17:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

PRC - [2010/10/12 17:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/30 00:18:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTMUI.dll

MOD - [2012/06/30 00:18:04 | 000,335,872 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTHAL.dll

MOD - [2012/06/30 00:17:48 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTCore.dll

MOD - [2012/06/30 00:17:40 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTUI.dll

MOD - [2012/06/30 00:17:34 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTFC.dll

MOD - [2012/06/29 16:41:52 | 000,553,800 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe

MOD - [2011/05/01 02:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTTSH.dll

========== Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2008/01/19 04:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/08/23 14:53:33 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/08/22 23:12:37 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/08/18 13:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Management\Engine\3.1.0.24\ccSvcHst.exe -- (MCLIENT)

SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe -- (N360)

SRV - [2012/06/04 20:52:18 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/05/20 23:45:26 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011/09/05 17:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe -- (PCCUJobMgr)

SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/25 23:33:08 | 000,077,944 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/06 13:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MCLIENTx64\0301000.018\ccSetx64.sys -- (ccSet_MCLIENT)

DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SRTSPX64.SYS -- (SRTSPX)

DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\0603000.00E\SRTSP64.SYS -- (SRTSP)

DRV:64bit: - [2012/07/03 18:18:09 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)

DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccSetx64.sys -- (ccSet_N360)

DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SYMEFA64.SYS -- (SymEFA)

DRV:64bit: - [2012/04/28 07:34:26 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/17 18:46:01 | 000,445,560 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0603000.00E\SYMTDIV.SYS -- (SYMTDIv)

DRV:64bit: - [2012/01/17 18:46:00 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)

DRV:64bit: - [2012/01/17 18:45:55 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SYMDS64.SYS -- (SymDS)

DRV:64bit: - [2012/01/17 18:35:24 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Ironx64.SYS -- (SymIRON)

DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/07/14 12:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ctxusbm.sys -- (ctxusbm)

DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2009/11/16 04:13:26 | 000,271,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/06/17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009/06/17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2008/01/19 02:30:09 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)

DRV:64bit: - [2007/08/28 17:04:20 | 000,067,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)

DRV:64bit: - [2007/06/29 14:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)

DRV:64bit: - [2007/05/24 06:30:02 | 000,072,192 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)

DRV:64bit: - [2007/05/09 09:37:52 | 000,484,736 | ---- | M] (Pinnacle a division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\MarvinAVS64.sys -- (PinnacleMarvinAVS)

DRV:64bit: - [2007/05/03 13:15:12 | 000,021,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTictwl.sys -- (NCPro)

DRV:64bit: - [2006/11/10 09:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATITool64.sys -- (ATITool)

DRV:64bit: - [2006/09/20 04:37:22 | 000,022,064 | ---- | M] (ABIT) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uGuru.sys -- (UGURU)

DRV - [2012/09/16 01:12:55 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120915.008\ex64.sys -- (NAVEX15)

DRV - [2012/09/16 01:12:55 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120915.008\eng64.sys -- (NAVENG)

DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120914.001\IDSviA64.sys -- (IDSVia64)

DRV - [2012/08/31 18:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120905.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2012/08/09 01:44:47 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012/08/09 01:44:47 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/06/29 16:41:52 | 000,015,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision X\RTCore64.sys -- (RTCore64)

DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2008/12/17 22:27:35 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Users\Daddy\Documents\Computer Utilities\RealTemp_2.87\WinRing0x64.sys -- (WinRing0_1_2_0)

DRV - [2006/11/08 13:43:56 | 000,011,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\U-ABIT\FlashMenu\WinFlash64.sys -- (Winflash)

DRV - [2005/10/21 07:25:32 | 000,013,396 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\MTictwl.sys -- (NCPro)

DRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}

IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2612669

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 8D CC 1C A6 69 CB 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {EE171C03-A2C3-44C5-8DB8-D468274AF87F}

IE - HKCU\..\SearchScopes\{467BBA57-ECFE-4412-A3F0-FCDE1C45C3AB}: "URL" = http://search.espn.go.com/results?searchString={searchTerms}&fromForm=true

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}

IE - HKCU\..\SearchScopes\{EE171C03-A2C3-44C5-8DB8-D468274AF87F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGHP_en

IE - HKCU\..\SearchScopes\{F05C35F5-7733-4FA0-85CD-BFA4498B6BF6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"

FF - prefs.js..browser.search.defaultthis.engineName: "IMVU Inc Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9

FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 1

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: textlinks@gamevance.com:1.0.0

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.3.6

FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found

FF - HKLM\Software\MozillaPlugins\@dyyno.com/vlc;version=0.8.6f: C:\Program Files (x86)\Dyyno\Dyyno Player\npvlc.dll (Dyyno)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Daddy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Daddy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daddy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daddy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\IPSFFPlgn\ [2012/04/28 07:39:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\coFFPlgn\ [2012/09/15 22:48:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.40\coFFFw\

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/23 13:59:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/23 13:59:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension

[2012/01/02 19:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daddy\AppData\Roaming\Mozilla\Extensions

[2012/05/04 05:50:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\qm5g6rc1.default\extensions

[2012/03/31 23:02:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\qm5g6rc1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012/08/31 14:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/04/28 07:39:38 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\IPSFFPLGN

[2010/06/11 22:03:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2012/06/04 20:52:18 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll

[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll

[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll

[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll

[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll

[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll

[2012/02/25 14:27:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/03/27 13:42:57 | 000,002,051 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchstonicus.xml

[2012/01/02 19:10:39 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

[2012/02/25 14:27:26 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/15 21:42:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Calorie Count Plus Toolbar) - {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - C:\Program Files (x86)\ccptb\ccptb.dll ( )

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Calorie Count Plus Toolbar) - {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - C:\Program Files (x86)\ccptb\ccptb.dll ( )

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Calorie Count Plus Toolbar) - {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - C:\Program Files (x86)\ccptb\ccptb.dll ( )

O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: mcleancont.com ([citrix] https in Trusted sites)

O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.26.0.cab (SysInfo Class)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)

O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB (Wizard101GameLauncher)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40236.725474537 (Update Class)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)

O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39C63FB6-02E5-47FE-B86F-9AA44F31660C}: DhcpNameServer = 192.168.1.1 71.252.0.12

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found

O18:64bit: - Protocol\Filter\ica - No CLSID value found

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Daddy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Daddy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/05/22 23:21:14 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2012/04/08 17:08:38 | 000,000,000 | ---D | M] - F:\AutoGuideFree_download -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/16 08:10:44 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{C0FEA711-98A2-483B-9CA7-D2375BEDC050}

[2012/09/15 21:50:44 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/09/15 21:50:43 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\temp

[2012/09/15 21:42:36 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012/09/15 21:25:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/09/15 21:25:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/09/15 21:25:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/09/15 21:18:56 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/09/15 19:20:57 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1

[2012/09/15 18:48:14 | 000,000,000 | ---D | C] -- C:\Users\Daddy\Desktop\Malware Fighting Stuff

[2012/09/15 17:54:57 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{CC4EA27F-8D10-402D-AE1B-2A607B2270C5}

[2012/09/15 17:05:44 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/09/14 22:28:55 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Daddy\Desktop\FSS.exe

[2012/09/14 21:37:15 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Daddy\Desktop\OTL.exe

[2012/09/14 19:16:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/09/14 19:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/09/14 19:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2012/09/14 18:25:45 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{4A3DD88C-1CAA-4CCA-BB61-FE51983C6D6F}

[2012/09/13 21:14:53 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{B6B2F80B-3534-4921-A772-5B9492633838}

[2012/09/12 21:00:08 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{3E3F0CA4-C5A5-4BB4-AB81-716441C5F7E9}

[2012/09/12 08:59:34 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{19FA9E90-07E7-4262-BD44-570F46E89F31}

[2012/09/05 06:11:22 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{57F24FA5-6F5D-4297-8240-BE1CD2C9144D}

[2012/09/03 16:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek

[2012/09/03 16:48:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2012/09/03 16:46:19 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll

[2012/09/03 16:46:18 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2012/09/03 16:46:18 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2012/09/03 16:46:18 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2012/09/03 16:46:18 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2012/09/03 16:46:15 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll

[2012/09/03 16:46:15 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll

[2012/09/03 16:46:14 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll

[2012/09/03 16:46:14 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll

[2012/09/03 16:46:12 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll

[2012/09/03 16:46:12 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll

[2012/09/03 16:46:12 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll

[2012/09/03 16:46:12 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2012/09/03 16:46:12 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2012/09/03 16:46:12 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll

[2012/09/03 16:46:12 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll

[2012/09/03 16:46:12 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll

[2012/09/03 16:46:12 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll

[2012/09/03 16:46:12 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll

[2012/09/03 16:46:12 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll

[2012/09/03 16:46:11 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll

[2012/09/03 16:46:11 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll

[2012/09/03 16:46:10 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll

[2012/09/03 16:46:10 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll

[2012/09/03 16:46:10 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll

[2012/09/03 16:46:09 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll

[2012/09/03 16:46:09 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll

[2012/09/03 16:46:09 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2012/09/03 16:46:08 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

[2012/09/03 16:46:08 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll

[2012/09/03 16:46:08 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll

[2012/09/03 16:46:08 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll

[2012/09/03 16:46:08 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll

[2012/09/03 16:46:08 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll

[2012/09/03 16:46:08 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll

[2012/09/03 16:46:08 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll

[2012/09/03 16:46:08 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll

[2012/09/03 16:46:08 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll

[2012/09/03 16:46:08 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll

[2012/09/03 16:46:08 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll

[2012/09/03 16:46:08 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll

[2012/09/03 16:46:08 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll

[2012/09/03 16:46:08 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll

[2012/09/03 16:46:08 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll

[2012/09/03 16:46:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek

[2012/09/02 13:38:41 | 000,000,000 | ---D | C] -- C:\Users\Daddy\Documents\Podcast

[2012/09/02 13:29:16 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\Motorola

[2012/09/02 13:28:24 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Roaming\Motorola Mobility

[2012/09/02 13:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola Mobility

[2012/09/01 13:37:29 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{418F8885-4FE1-408A-B90D-9537524FA9F3}

[2012/09/01 07:58:11 | 000,000,000 | ---D | C] -- C:\Users\Daddy\Documents\Cheerleading

[2012/08/31 14:12:36 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{E4916322-22DC-4B88-864D-F2F57F602A06}

[2012/08/23 15:06:28 | 000,039,424 | ---- | C] (AMD, Inc.) -- C:\Windows\SysNative\drivers\AmdLLD64.sys

[2012/08/23 15:06:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD

[2012/08/23 11:05:35 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{36823A00-5521-4646-9F17-A3442FBD94C9}

[2012/08/22 12:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls

[2012/08/21 15:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios

[2012/08/21 15:52:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios

[2012/08/20 18:44:15 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\{7C7A8F9C-5A04-4737-9272-2F582ED2A214}

[2012/08/18 08:20:23 | 000,000,000 | ---D | C] -- C:\Users\Daddy\Documents\Home Improvement

========== Files - Modified Within 30 Days ==========

[2012/09/16 08:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/09/16 08:16:03 | 000,854,156 | ---- | M] () -- C:\Users\Daddy\Desktop\SecurityCheck.exe

[2012/09/16 08:09:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/09/16 08:09:56 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-53450069-800913693-2988721728-1000UA.job

[2012/09/16 02:44:54 | 000,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/09/16 02:44:54 | 000,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/09/15 22:44:55 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/09/15 22:44:55 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/09/15 21:42:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/09/15 21:41:40 | 000,392,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/09/14 22:28:55 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Daddy\Desktop\FSS.exe

[2012/09/14 21:37:16 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Daddy\Desktop\OTL.exe

[2012/09/14 19:33:39 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-53450069-800913693-2988721728-1000Core.job

[2012/09/13 05:26:20 | 000,716,864 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/09/13 05:26:20 | 000,613,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/09/13 05:26:20 | 000,108,228 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/09/12 09:04:30 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI

[2012/09/12 08:58:51 | 000,015,095 | ---- | M] () -- C:\Users\Daddy\Documents\forgotthedamnedloginCSV.ods

[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/09/02 21:52:36 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job

[2012/09/01 13:33:37 | 000,075,753 | ---- | M] () -- C:\Users\Daddy\Documents\2012.09.01rodgersaccountbalance.pdf

[2012/08/31 14:28:31 | 000,123,624 | ---- | M] () -- C:\Users\Daddy\Documents\birthcertorder.pdf

[2012/08/30 21:03:26 | 000,018,693 | ---- | M] () -- C:\Users\Daddy\Documents\Cheerleading Snack Schedule.ods

[2012/08/30 19:19:36 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW

[2012/08/27 15:06:53 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\MCLIENTx64\0301000.018\isolate.ini

========== Files Created - No Company Name ==========

[2012/09/16 08:16:03 | 000,854,156 | ---- | C] () -- C:\Users\Daddy\Desktop\SecurityCheck.exe

[2012/09/15 21:25:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/09/15 21:25:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/09/15 21:25:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/09/15 21:25:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/09/15 21:25:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/09/03 16:46:12 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT

[2012/09/01 13:33:36 | 000,075,753 | ---- | C] () -- C:\Users\Daddy\Documents\2012.09.01rodgersaccountbalance.pdf

[2012/08/31 14:28:30 | 000,123,624 | ---- | C] () -- C:\Users\Daddy\Documents\birthcertorder.pdf

[2012/08/30 21:01:05 | 000,018,693 | ---- | C] () -- C:\Users\Daddy\Documents\Cheerleading Snack Schedule.ods

[2012/08/30 19:19:36 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW

[2012/07/14 18:44:20 | 000,002,086 | ---- | C] () -- C:\Users\Daddy\.recently-used.xbel

[2012/05/24 00:03:34 | 000,109,108 | ---- | C] () -- C:\Users\Daddy\AppData\Roaming\icarus-dxdiag.xml

[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2012/01/16 22:32:24 | 000,009,179 | ---- | C] () -- C:\Users\Daddy\AppData\Local\a37c1552

[2011/09/24 07:49:43 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2011/08/26 18:21:30 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll

[2011/07/08 22:27:04 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

[2011/03/18 17:01:58 | 000,000,827 | ---- | C] () -- C:\Windows\BTI.INI

[2011/03/18 17:01:52 | 000,206,848 | ---- | C] () -- C:\Windows\SysWow64\DBSETUP.EXE

[2011/03/18 17:01:52 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\DBU_UI.DLL

[2011/03/18 17:01:51 | 000,101,888 | ---- | C] () -- C:\Windows\SysWow64\BUTIL.DLL

[2011/03/18 17:01:50 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\WDBUUI32.DLL

[2011/03/18 17:01:50 | 000,038,576 | ---- | C] () -- C:\Windows\SysWow64\NWLOCALE.DLL

[2011/03/18 17:01:49 | 000,009,136 | ---- | C] () -- C:\Windows\SysWow64\INETWH16.DLL

[2011/03/16 21:06:23 | 000,320,512 | ---- | C] () -- C:\Windows\SysWow64\W32MKDE.EXE

[2011/03/16 21:06:23 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\W32MKRC.DLL

[2010/08/23 22:53:06 | 000,023,676 | ---- | C] () -- C:\Users\Daddy\AppData\Roaming\UserTile.png

[2010/02/25 23:21:29 | 000,005,198 | -HS- | C] () -- C:\Users\Daddy\AppData\Local\JjrT1QIkQ3n

[2009/05/09 22:48:30 | 000,000,760 | ---- | C] () -- C:\Users\Daddy\AppData\Roaming\setup_ldm.iss

[2009/03/13 21:51:50 | 000,000,552 | ---- | C] () -- C:\Users\Daddy\AppData\Local\d3d8caps.dat

[2009/03/04 17:07:13 | 000,000,680 | ---- | C] () -- C:\Users\Daddy\AppData\Local\d3d9caps.dat

[2008/12/13 17:45:08 | 000,000,632 | RHS- | C] () -- C:\Users\Daddy\ntuser.pol

[2008/03/23 13:38:55 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2008/03/23 01:07:01 | 000,081,408 | ---- | C] () -- C:\Users\Daddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/03/22 01:31:47 | 000,000,093 | ---- | C] () -- C:\Users\Daddy\AppData\Local\fusioncache.dat

[2008/03/21 01:39:39 | 000,001,460 | ---- | C] () -- C:\Users\Daddy\AppData\Local\d3d9caps64.dat

========== LOP Check ==========

[2008/11/25 23:39:57 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Autodesk

[2008/07/03 20:27:03 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\BitZipper

[2010/04/11 14:08:15 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\BonkEnc

[2009/01/24 20:21:12 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Bullzip

[2011/09/25 11:38:43 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Canon

[2010/06/15 22:25:02 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\ccptb

[2009/07/22 05:39:01 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Citrix

[2008/11/25 23:06:01 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\DAEMON Tools

[2012/07/09 21:30:09 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\DAEMON Tools Lite

[2008/08/19 22:15:00 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\DeepBurner

[2008/11/29 00:45:59 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\dyyno-vlc

[2011/04/06 21:49:43 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Engius, LLC

[2012/01/12 22:07:33 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\FileZilla

[2011/03/28 21:43:59 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\GeoVid

[2012/07/14 18:20:14 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\gtk-2.0

[2010/02/19 13:45:22 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\HLSW

[2011/07/22 20:16:27 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\ICAClient

[2008/03/31 22:33:29 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\ImgBurn

[2009/08/10 18:17:19 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\KompoZer

[2008/05/06 22:54:40 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Leadertech

[2012/09/02 13:46:03 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Motorola

[2012/09/02 13:28:24 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Motorola Mobility

[2010/05/21 11:23:50 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\My Games

[2009/01/12 22:21:47 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Nvu

[2011/04/12 16:15:23 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\ooVoo Details

[2009/01/05 22:51:19 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\OpenOffice.org

[2010/08/23 22:53:05 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\PeerNetworking

[2008/08/24 20:30:03 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Skinux

[2008/12/25 12:37:32 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Sony

[2008/12/25 12:27:45 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Sony Setup

[2011/10/23 15:04:29 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\StreamTorrent

[2012/04/15 22:11:39 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\SystemRequirementsLab

[2011/09/04 17:15:19 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Temp

[2012/02/04 05:57:17 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\The Creative Assembly

[2010/05/28 10:38:19 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Tific

[2010/10/24 19:02:10 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Windows Live Writer

[2012/09/02 21:52:36 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job

[2012/09/15 22:43:49 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A1063995

@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:6DFF1A8A

< End of report >

Link to post
Share on other sites

Go to Control Panel >> Programs and Features

1 by 1 select each of the following and Uninstall

Adobe Reader

Java™ 6 Update 3

Java™ 6 Update 4

Java™ 6 Update 5

Java™ 6 Update 22

Java™ 6 Update 33

Exit Control Panel

Now, Logoff and Restart Windows.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

Now, turn off your Norton360 so that it does not interfere

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :otl
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...&q={searchTerms}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...&q={searchTerms}
    IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2612669
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...&q={searchTerms}
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [emptyjava]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button runFixbutton.png.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next:

To Reset Firefox to its default state:

Start Firefox

in the address bar, type in

about:support

Click on the Reset Firefox button at top right of screen.

Also see http://support.mozilla.org/en-US/kb/reset-preferences-fix-problems?s=reset+search+options&r=2&as=s

Still In Firefox, from main menu select Help >> About Firefox

Click on the Check for Updates button.

Allow it time to search & get the latest update.

Allow it to Apply it and to restart Firefox

Re-enable your Norton360

Now, tell me, How is the system now ?

Link to post
Share on other sites

Uninstall Java Updates - Done

Restart

Update Adobe Reader - Done

Norton 360 Disabled - Done

OTL Fix - Done

All processes killed

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

========== COMMANDS ==========

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

->Temp folder emptied: 0 bytes

User: Brooke

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Daddy

->Temp folder emptied: 41646 bytes

->Temporary Internet Files folder emptied: 161841311 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 1724 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Mcx1

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Mommy

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Nick

->Temp folder emptied: 31832 bytes

->Temporary Internet Files folder emptied: 13989822 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 647 bytes

User: Public

->Temp folder emptied: 0 bytes

User: TEMP

->Temp folder emptied: 0 bytes

User: TEMP.Rodgers-PC

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: UpdatusUser.Rodgers-PC

->Temp folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: UpdatusUser.Rodgers-PC.000

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 119047633 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 281.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: AppData

User: Brooke

->Flash cache emptied: 0 bytes

User: Daddy

->Flash cache emptied: 0 bytes

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Mcx1

->Flash cache emptied: 0 bytes

User: Mommy

->Flash cache emptied: 0 bytes

User: Nick

->Flash cache emptied: 0 bytes

User: Public

User: TEMP

User: TEMP.Rodgers-PC

->Flash cache emptied: 0 bytes

User: UpdatusUser

->Flash cache emptied: 0 bytes

User: UpdatusUser.Rodgers-PC

->Flash cache emptied: 0 bytes

User: UpdatusUser.Rodgers-PC.000

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: AppData

User: Brooke

->Java cache emptied: 0 bytes

User: Daddy

->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Mcx1

User: Mommy

->Java cache emptied: 0 bytes

User: Nick

->Java cache emptied: 0 bytes

User: Public

User: TEMP

User: TEMP.Rodgers-PC

User: UpdatusUser

User: UpdatusUser.Rodgers-PC

User: UpdatusUser.Rodgers-PC.000

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.61.4 log created on 09162012_164447

Files\Folders moved on Reboot...

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Update & Reset Firefox - Done

Norton360 Re-enabled - Done

The system is like new. Startup is faster by 20% I'd guess. Windows is very responsive. All in all fantastic.

Java wanted to do an update so I let it (Update 35)

Very Truly Thank You for taking the time to help me. You do wonderful work.

Link to post
Share on other sites

Thank you for the compliment. Glad to be of help. ^_^

Awesome. Kudos Hemi425HP slap.gif

After the cleanups, make a mirror-image backup to offline media. {see below}

Make backups at least once a week. Backups are your system's best friend.

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix icon_exclaim.gif),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Highlight the line in this CODEBOX.
    Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
    c:\users\Daddy\Desktop\ComboFix.exe /uninstall


  • Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
    Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
    Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

NEXT

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

RogueKiller.exe

TDSSKILLER.exe

FSS.exe

SecurityCheck.exe

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.