Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

explorer.exe & rundll32 startup problem [Solved]


  • This topic is locked This topic is locked

#1
herbaltee

herbaltee

    New Member

  • Member
  • Pip
  • 7 posts
Hi!

I have had issues with the error, "Host Process Rundll32 has stopped working" with my Vista studio xps laptop. This happens approximately 50% of the time when starting up my computer. It did not seem to affect the usage of my computer, and after various researches on the internet I could not find a solution to fixing this (e.g. selective start up using msconfig).
Approximately 1 and a half weeks ago, I encountered another problem in which when starting up my laptop, I was met with a blue screen and no icons etc. After researching on the internet using another computer, I found that using the task manager to "Create New Task" opening explorer.exe brought my icons about, allowing me to use the internet and programs. However, I am unable to view any pictures files, nor watch shows or movies on any of my media players - only the audio plays. Furthermore, I have to continually initiate the explorer.exe whenever I start my computer again. I have tried system restore to the earliest time point possible which did not work, nor did I have any other common problems with explorer.exe such as having a different value in the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon/Shell". I have Norton 360 Security and run "LiveUpdates' when I first start up my computer every time. Furthermore, running a full system scan until no risks are detected does nothing (and such risks cleaned up are usually tracking cookies).

Any help would be much appreciated :)

This is my OTL report:
OTL logfile created on: 10/7/2012 10:21:13 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Estee\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.25 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 53.98% Memory free
4.71 Gb Paging File | 3.68 Gb Available in Paging File | 78.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.66 Gb Total Space | 313.24 Gb Free Space | 69.51% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.56 Gb Free Space | 63.71% Space Free | Partition Type: NTFS

Computer Name: MINT | User Name: Estee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/07 20:03:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Estee\Desktop\OTL.exe
PRC - [2012/09/15 00:23:48 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/14 04:17:40 | 000,476,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011/04/17 11:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.2.2.3\ccsvchst.exe
PRC - [2011/02/20 18:48:17 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2011/02/06 03:20:22 | 000,108,936 | ---- | M] (SecureW2 B.V.) -- C:\Program Files\SecureW2\sw2_service.exe
PRC - [2009/04/11 17:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 17:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 23:25:18 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
PRC - [2009/03/30 23:24:48 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
PRC - [2009/03/07 17:16:00 | 002,360,584 | ---- | M] (Sensible Vision ) -- C:\Program Files\Sensible Vision\Fast Access\FAService.exe
PRC - [2009/02/05 16:57:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/30 03:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/15 00:23:47 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/08 23:33:12 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service -- (GoToAssist)
SRV - [2012/09/15 00:23:47 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/14 04:17:40 | 000,476,112 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/01/03 13:27:59 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/03 12:59:47 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2011/04/17 11:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/02/20 18:48:17 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet)
SRV - [2011/02/06 03:20:22 | 000,108,936 | ---- | M] (SecureW2 B.V.) [Auto | Running] -- C:\Program Files\SecureW2\sw2_service.exe -- (SW2SVC)
SRV - [2009/05/22 02:02:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/05/22 02:02:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/05/22 02:01:19 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2009/03/30 23:25:18 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009/03/30 23:24:48 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2009/03/07 17:16:00 | 002,360,584 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2009/02/05 16:57:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/30 03:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 13:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (ASPI32)
DRV - [2012/10/06 23:07:20 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20121006.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/10/06 23:07:19 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/10/06 23:07:19 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20121006.007\NAVENG.SYS -- (NAVENG)
DRV - [2012/10/05 16:42:14 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20121005.002\IDSvix86.sys -- (IDSVix86)
DRV - [2012/09/28 02:02:52 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120928.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/08/16 15:05:47 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/27 19:20:24 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/01/14 04:08:23 | 000,023,464 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2012/01/14 04:07:30 | 000,057,000 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsmux.sys -- (acsmux)
DRV - [2012/01/14 04:07:30 | 000,038,440 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsint.sys -- (acsint)
DRV - [2011/04/21 12:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symtdiv.sys -- (SYMTDIv)
DRV - [2011/03/31 14:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/31 14:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/15 13:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 17:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 16:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON)
DRV - [2010/03/08 11:02:58 | 000,062,496 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2009/04/29 21:22:32 | 007,572,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/03/30 23:25:32 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/18 19:58:34 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009/03/18 19:58:20 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009/03/18 19:57:58 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/03/08 18:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 08:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/12/22 21:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/11/05 10:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/10/27 23:56:10 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/10/27 22:38:42 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/10/27 22:38:36 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/10/27 22:38:30 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/09/24 22:36:14 | 000,232,832 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\facap.sys -- (FACAP)
DRV - [2008/01/21 13:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 18:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/02/06 14:44:24 | 000,093,664 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2004/09/30 02:27:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctpdusb.sys -- (Jukebox3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17160
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{A8399D59-9FCF-4255-A01F-524AC4769516}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/USCON/19
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/102
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylo....19&affID=17160
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{A8399D59-9FCF-4255-A01F-524AC4769516}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://int.search-re...il&geo=AU&ver=5
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.sciencedaily.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.6.2
FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.1
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Estee\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/10/07 16:56:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_12_1 [2012/10/07 22:17:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/10/03 17:02:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/03 17:02:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 14:19:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/03 17:02:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 14:19:26 | 000,000,000 | ---D | M]

[2012/06/30 23:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Estee\AppData\Roaming\Mozilla\Extensions
[2012/06/30 23:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Estee\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/08/28 20:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Estee\AppData\Roaming\Mozilla\Firefox\Profiles\aki3wj8r.default\extensions
[2012/10/06 17:15:29 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Estee\AppData\Roaming\Mozilla\Firefox\Profiles\aki3wj8r.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/10/06 17:15:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Estee\AppData\Roaming\Mozilla\Firefox\Profiles\aki3wj8r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/06 17:15:29 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Estee\AppData\Roaming\Mozilla\Firefox\Profiles\aki3wj8r.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/10/06 17:15:29 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Estee\AppData\Roaming\Mozilla\Firefox\Profiles\aki3wj8r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/05/30 10:08:42 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Estee\AppData\Roaming\Mozilla\Firefox\Profiles\aki3wj8r.default\extensions\[email protected]
[2009/05/29 20:35:16 | 000,000,931 | ---- | M] () -- C:\Users\Estee\AppData\Roaming\Mozilla\Firefox\Profiles\aki3wj8r.default\searchplugins\dictionary.xml
[2012/09/23 20:45:48 | 000,002,462 | ---- | M] () -- C:\Users\Estee\AppData\Roaming\Mozilla\Firefox\Profiles\aki3wj8r.default\searchplugins\scholar-search.xml
[2012/06/28 23:08:40 | 000,002,519 | ---- | M] () -- C:\Users\Estee\AppData\Roaming\Mozilla\Firefox\Profiles\aki3wj8r.default\searchplugins\Search_Results.xml
[2012/06/28 23:09:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/03 20:52:13 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/09/15 00:23:48 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/06/27 23:32:32 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll
[2012/05/06 20:21:34 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/04/04 21:11:35 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/09/15 00:23:45 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/06 20:21:34 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/06 20:21:34 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/06/28 23:08:40 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/09/15 00:23:45 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/06 20:21:34 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/19 08:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BigDogPath] C:\Windows\VM_STI.EXE (Vimicro)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [RunDLLEntry] C:\Windows\System32\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [SecureW2 Tray] C:\Program Files\SecureW2\sw2_tray.exe (SecureW2 B.V.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\RMTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\Estee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory....ap/PhtPkMSN.cab (PhotoPickConvert Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{708C3CA3-69F5-48E8-BF7B-C9AC1713F2F2}: NameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll ()
O20 - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c98c08b-ebcd-11df-a9b8-002219e7e445}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{5f1128ef-7f8a-11e1-b0de-00242bfbc456}\Shell - "" = AutoRun
O33 - MountPoints2\{5f1128ef-7f8a-11e1-b0de-00242bfbc456}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{bfd7d693-6d0d-11df-9866-9312471e8a6d}\Shell - "" = AutoRun
O33 - MountPoints2\{bfd7d693-6d0d-11df-9866-9312471e8a6d}\Shell\AutoRun\command - "" = F:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/07 20:03:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Estee\Desktop\OTL.exe
[2012/10/07 19:42:53 | 000,000,000 | ---D | C] -- C:\Users\Estee\AppData\Roaming\Malwarebytes
[2012/10/07 19:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/07 19:40:03 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Estee\Documents\mbam-setup-1.65.0.1400.exe
[2012/10/05 21:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/10/05 20:59:05 | 000,000,000 | ---D | C] -- C:\Files
[2012/10/02 08:10:09 | 000,038,912 | ---- | C] (Absolute Software Corporation) -- C:\Windows\System32\identprv.dll
[2012/09/30 23:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced PC Tweaker
[2012/09/22 23:11:27 | 000,000,000 | ---D | C] -- C:\Users\Estee\AppData\Roaming\DivX
[2012/09/22 23:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2012/09/22 23:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/09/22 23:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2012/09/22 22:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/09/22 22:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/09/22 22:54:16 | 000,933,256 | ---- | C] (DivX, LLC) -- C:\Users\Estee\Documents\DivXInstaller.exe
[2012/09/22 21:53:28 | 000,000,000 | -HSD | C] -- C:\found.001
[2009/07/24 09:52:25 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Estee\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/10/07 22:21:09 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/07 22:21:09 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/07 22:18:23 | 000,160,995 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/10/07 22:18:23 | 000,160,995 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/10/07 22:17:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 22:17:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 22:17:07 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2012/10/07 22:17:05 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2012/10/07 22:16:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/07 22:16:50 | 2414,133,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/07 22:15:44 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/10/07 21:03:54 | 000,038,912 | ---- | M] () -- C:\Users\Estee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/07 20:03:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Estee\Desktop\OTL.exe
[2012/10/07 19:41:41 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Estee\Documents\mbam-setup-1.65.0.1400.exe
[2012/10/01 00:12:37 | 000,015,856 | ---- | M] () -- C:\Users\Estee\AppData\Local\d3d9caps.dat
[2012/09/22 22:54:56 | 000,933,256 | ---- | M] (DivX, LLC) -- C:\Users\Estee\Documents\DivXInstaller.exe
[2012/09/21 22:28:12 | 000,000,450 | ---- | M] () -- C:\Users\Estee\Documents\Videos - Shortcut.lnk

========== Files Created - No Company Name ==========

[2012/10/07 20:10:56 | 000,001,800 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012/10/07 20:10:56 | 000,000,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/10/06 22:57:38 | 2414,133,248 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/21 22:28:12 | 000,000,450 | ---- | C] () -- C:\Users\Estee\Documents\Videos - Shortcut.lnk
[2011/04/04 21:12:06 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011/01/05 11:23:21 | 000,001,940 | ---- | C] () -- C:\Users\Estee\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/02 22:29:51 | 000,000,761 | ---- | C] () -- C:\Users\Estee\trents resume.lnk
[2010/12/22 23:58:48 | 000,079,124 | ---- | C] () -- C:\Users\Estee\Baldur.gam
[2010/09/04 11:30:05 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/03 21:42:13 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2010/05/19 22:01:48 | 002,848,087 | ---- | C] () -- C:\Users\Estee\AppData\Roaming\B.O.B ft Hayley Williams - Airplanes.zip
[2010/04/13 23:52:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/04 01:22:09 | 000,038,912 | ---- | C] () -- C:\Users\Estee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/09 15:39:03 | 000,015,856 | ---- | C] () -- C:\Users\Estee\AppData\Local\d3d9caps.dat
[2009/05/28 21:37:27 | 000,000,424 | ---- | C] () -- C:\Users\Estee\AppData\Roaming\wklnhst.dat
[2009/05/22 01:31:04 | 000,160,995 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/05/22 01:29:27 | 000,160,995 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 23:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 17:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 17:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/07 19:41:36 | 000,000,000 | ---D | M] -- C:\Users\Estee\AppData\Roaming\BitTorrent
[2010/03/16 17:07:30 | 000,000,000 | ---D | M] -- C:\Users\Estee\AppData\Roaming\Canon
[2011/08/25 20:46:41 | 000,000,000 | ---D | M] -- C:\Users\Estee\AppData\Roaming\EndNote
[2010/05/04 18:36:15 | 000,000,000 | ---D | M] -- C:\Users\Estee\AppData\Roaming\FTP Explorer
[2012/06/30 23:17:30 | 000,000,000 | ---D | M] -- C:\Users\Estee\AppData\Roaming\LimeWire
[2012/10/06 17:15:30 | 000,000,000 | ---D | M] -- C:\Users\Estee\AppData\Roaming\My Battle for Middle-earth™ II Files
[2010/01/23 16:53:12 | 000,000,000 | ---D | M] -- C:\Users\Estee\AppData\Roaming\ScanSoft
[2009/05/28 21:37:29 | 000,000,000 | ---D | M] -- C:\Users\Estee\AppData\Roaming\Template
[2010/08/22 19:00:55 | 000,000,000 | ---D | M] -- C:\Users\Estee\AppData\Roaming\Tific

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:D287FACF
@Alternate Data Stream - 1014 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You may have a deeper infection there

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17160
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/102
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylo....19&affID=17160
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
[2012/10/06 17:15:29 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Estee\AppData\Roaming\Mozilla\Firefox\Profiles\aki3wj8r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/04/04 21:11:35 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll ()
O20 - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

:Files
C:\Program Files\Searchqu Toolbar
C:\Program Files\Sensible Vision

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
herbaltee

herbaltee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks so much for the quick reply! I just ran ComboFix and it had come up with the warning saying that I have the real time scanner active antispyware: Norton 360, but I had followed your link and disabled it as per the link you sent (i.e. right clicked and disabled both antivirus automatic-protect and smart firewall). I thought because I had the actual norton file open that was interferring with it so I closed it and proceeded. The ComboFix ran and rebooted my computer, but it did not give me any logs. Have I done something wrong? How shall I proceed?

Here is the OTL log:

OTL logfile created on: 10/7/2012 11:10:07 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Estee\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.25 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 56.33% Memory free
4.71 Gb Paging File | 3.74 Gb Available in Paging File | 79.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.66 Gb Total Space | 334.75 Gb Free Space | 74.28% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.56 Gb Free Space | 63.71% Space Free | Partition Type: NTFS

Computer Name: MINT | User Name: Estee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/07 20:03:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Estee\Desktop\OTL.exe
PRC - [2012/09/15 00:23:48 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/14 04:17:40 | 000,476,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011/04/17 11:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.2.2.3\ccsvchst.exe
PRC - [2011/02/20 18:48:17 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2011/02/06 03:20:22 | 000,108,936 | ---- | M] (SecureW2 B.V.) -- C:\Program Files\SecureW2\sw2_service.exe
PRC - [2009/04/11 17:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 17:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 23:25:18 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
PRC - [2009/03/30 23:24:48 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
PRC - [2009/02/05 16:57:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/30 03:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/15 00:23:47 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service -- (GoToAssist)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2012/09/15 00:23:47 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/14 04:17:40 | 000,476,112 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/01/03 13:27:59 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/03 12:59:47 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2011/04/17 11:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/02/20 18:48:17 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet)
SRV - [2011/02/06 03:20:22 | 000,108,936 | ---- | M] (SecureW2 B.V.) [Auto | Running] -- C:\Program Files\SecureW2\sw2_service.exe -- (SW2SVC)
SRV - [2009/05/22 02:02:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/05/22 02:02:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/05/22 02:01:19 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2009/03/30 23:25:18 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009/03/30 23:24:48 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2009/02/05 16:57:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/30 03:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 13:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (ASPI32)
DRV - [2012/10/06 23:07:20 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20121006.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/10/06 23:07:19 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/10/06 23:07:19 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20121006.007\NAVENG.SYS -- (NAVENG)
DRV - [2012/10/05 16:42:14 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20121005.002\IDSvix86.sys -- (IDSVix86)
DRV - [2012/09/28 02:02:52 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120928.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/08/16 15:05:47 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/27 19:20:24 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/01/14 04:08:23 | 000,023,464 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2012/01/14 04:07:30 | 000,057,000 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsmux.sys -- (acsmux)
DRV - [2012/01/14 04:07:30 | 000,038,440 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsint.sys -- (acsint)
DRV - [2011/04/21 12:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symtdiv.sys -- (SYMTDIv)
DRV - [2011/03/31 14:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/31 14:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/15 13:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 17:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 16:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON)
DRV - [2010/03/08 11:02:58 | 000,062,496 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2009/04/29 21:22:32 | 007,572,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/03/30 23:25:32 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/18 19:58:34 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009/03/18 19:58:20 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009/03/18 19:57:58 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/03/08 18:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 08:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/12/22 21:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/11/05 10:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/10/27 23:56:10 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/10/27 22:38:42 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/10/27 22:38:36 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/10/27 22:38:30 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/09/24 22:36:14 | 000,232,832 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\facap.sys -- (FACAP)
DRV - [2008/01/21 13:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 18:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/02/06 14:44:24 | 000,093,664 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2004/09/30 02:27:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctpdusb.sys -- (Jukebox3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{A8399D59-9FCF-4255-A01F-524AC4769516}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/USCON/19
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{A8399D59-9FCF-4255-A01F-524AC4769516}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://int.search-re...il&geo=AU&ver=5
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.sciencedaily.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.6.2
FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.1
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Estee\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/10/07 16:56:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_12_1 [2012/10/07 23:06:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/10/03 17:02:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/03 17:02:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 14:19:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/03 17:02:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 14:19:26 | 000,000,000 | ---D | M]

[2012/06/30 23:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Estee\AppData\Roaming\Mozilla\Extensions
[2012/06/30 23:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Estee\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/10/07 23:09:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Estee\AppData\Roaming\Mozilla\Firefox\Profiles\aki3wj8r.default\extensions
[2012/10/06 17:15:29 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Estee\AppData\Roaming\Mozilla\Firefox\Profiles\aki3wj8r.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/10/06 17:15:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Estee\AppData\Roaming\Mozilla\Firefox\Profiles\aki3wj8r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/06 17:15:29 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Estee\AppData\Roaming\Mozilla\Firefox\Profiles\aki3wj8r.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/05/30 10:08:42 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Estee\AppData\Roaming\Mozilla\Firefox\Profiles\aki3wj8r.default\extensions\[email protected]
[2009/05/29 20:35:16 | 000,000,931 | ---- | M] () -- C:\Users\Estee\AppData\Roaming\Mozilla\Firefox\Profiles\aki3wj8r.default\searchplugins\dictionary.xml
[2012/09/23 20:45:48 | 000,002,462 | ---- | M] () -- C:\Users\Estee\AppData\Roaming\Mozilla\Firefox\Profiles\aki3wj8r.default\searchplugins\scholar-search.xml
[2012/06/28 23:08:40 | 000,002,519 | ---- | M] () -- C:\Users\Estee\AppData\Roaming\Mozilla\Firefox\Profiles\aki3wj8r.default\searchplugins\Search_Results.xml
[2012/06/28 23:09:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/03 20:52:13 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/09/15 00:23:48 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/06/27 23:32:32 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll
[2012/05/06 20:21:34 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/15 00:23:45 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/06 20:21:34 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/06 20:21:34 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/06/28 23:08:40 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/09/15 00:23:45 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/06 20:21:34 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/10/07 23:01:30 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BigDogPath] C:\Windows\VM_STI.EXE (Vimicro)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [RunDLLEntry] C:\Windows\System32\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [SecureW2 Tray] C:\Program Files\SecureW2\sw2_tray.exe (SecureW2 B.V.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\RMTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\Estee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory....ap/PhtPkMSN.cab (PhotoPickConvert Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{708C3CA3-69F5-48E8-BF7B-C9AC1713F2F2}: NameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c98c08b-ebcd-11df-a9b8-002219e7e445}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{5f1128ef-7f8a-11e1-b0de-00242bfbc456}\Shell - "" = AutoRun
O33 - MountPoints2\{5f1128ef-7f8a-11e1-b0de-00242bfbc456}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{bfd7d693-6d0d-11df-9866-9312471e8a6d}\Shell - "" = AutoRun
O33 - MountPoints2\{bfd7d693-6d0d-11df-9866-9312471e8a6d}\Shell\AutoRun\command - "" = F:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/07 23:10:27 | 004,762,471 | ---- | C] (Swearware) -- C:\Users\Estee\Documents\ComboFix.exe
[2012/10/07 23:01:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/07 20:03:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Estee\Desktop\OTL.exe
[2012/10/07 19:42:53 | 000,000,000 | ---D | C] -- C:\Users\Estee\AppData\Roaming\Malwarebytes
[2012/10/07 19:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/07 19:40:03 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Estee\Documents\mbam-setup-1.65.0.1400.exe
[2012/10/05 21:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/10/05 20:59:05 | 000,000,000 | ---D | C] -- C:\Files
[2012/10/02 08:10:09 | 000,038,912 | ---- | C] (Absolute Software Corporation) -- C:\Windows\System32\identprv.dll
[2012/09/30 23:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced PC Tweaker
[2012/09/22 23:11:27 | 000,000,000 | ---D | C] -- C:\Users\Estee\AppData\Roaming\DivX
[2012/09/22 23:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2012/09/22 23:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/09/22 23:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2012/09/22 22:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/09/22 22:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/09/22 22:54:16 | 000,933,256 | ---- | C] (DivX, LLC) -- C:\Users\Estee\Documents\DivXInstaller.exe
[2012/09/22 21:53:28 | 000,000,000 | -HSD | C] -- C:\found.001
[2009/07/24 09:52:25 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Estee\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/10/07 23:11:15 | 004,762,471 | ---- | M] (Swearware) -- C:\Users\Estee\Documents\ComboFix.exe
[2012/10/07 23:10:04 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/07 23:10:04 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/07 23:07:21 | 000,160,995 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/10/07 23:07:21 | 000,160,995 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/10/07 23:06:14 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2012/10/07 23:06:12 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2012/10/07 23:06:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 23:06:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 23:06:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/07 23:06:00 | 2414,120,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/07 23:04:24 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/10/07 23:01:30 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/10/07 21:03:54 | 000,038,912 | ---- | M] () -- C:\Users\Estee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/07 20:03:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Estee\Desktop\OTL.exe
[2012/10/07 19:41:41 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Estee\Documents\mbam-setup-1.65.0.1400.exe
[2012/10/01 00:12:37 | 000,015,856 | ---- | M] () -- C:\Users\Estee\AppData\Local\d3d9caps.dat
[2012/09/22 22:54:56 | 000,933,256 | ---- | M] (DivX, LLC) -- C:\Users\Estee\Documents\DivXInstaller.exe
[2012/09/21 22:28:12 | 000,000,450 | ---- | M] () -- C:\Users\Estee\Documents\Videos - Shortcut.lnk

========== Files Created - No Company Name ==========

[2012/10/07 20:10:56 | 000,001,800 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012/10/07 20:10:56 | 000,000,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/10/06 22:57:38 | 2414,120,960 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/21 22:28:12 | 000,000,450 | ---- | C] () -- C:\Users\Estee\Documents\Videos - Shortcut.lnk
[2011/04/04 21:12:06 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011/01/05 11:23:21 | 000,001,940 | ---- | C] () -- C:\Users\Estee\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/02 22:29:51 | 000,000,761 | ---- | C] () -- C:\Users\Estee\trents resume.lnk
[2010/12/22 23:58:48 | 000,079,124 | ---- | C] () -- C:\Users\Estee\Baldur.gam
[2010/09/04 11:30:05 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/03 21:42:13 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2010/05/19 22:01:48 | 002,848,087 | ---- | C] () -- C:\Users\Estee\AppData\Roaming\B.O.B ft Hayley Williams - Airplanes.zip
[2010/04/13 23:52:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/04 01:22:09 | 000,038,912 | ---- | C] () -- C:\Users\Estee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/09 15:39:03 | 000,015,856 | ---- | C] () -- C:\Users\Estee\AppData\Local\d3d9caps.dat
[2009/05/28 21:37:27 | 000,000,424 | ---- | C] () -- C:\Users\Estee\AppData\Roaming\wklnhst.dat
[2009/05/22 01:31:04 | 000,160,995 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/05/22 01:29:27 | 000,160,995 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 23:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 17:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 17:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/07 19:41:36 | 000,000,000 | ---D | M] -- C:\Users\Estee\AppData\Roaming\BitTorrent
[2010/03/16 17:07:30 | 000,000,000 | ---D | M] -- C:\Users\Estee\AppData\Roaming\Canon
[2011/08/25 20:46:41 | 000,000,000 | ---D | M] -- C:\Users\Estee\AppData\Roaming\EndNote
[2010/05/04 18:36:15 | 000,000,000 | ---D | M] -- C:\Users\Estee\AppData\Roaming\FTP Explorer
[2012/06/30 23:17:30 | 000,000,000 | ---D | M] -- C:\Users\Estee\AppData\Roaming\LimeWire
[2012/10/06 17:15:30 | 000,000,000 | ---D | M] -- C:\Users\Estee\AppData\Roaming\My Battle for Middle-earth™ II Files
[2010/01/23 16:53:12 | 000,000,000 | ---D | M] -- C:\Users\Estee\AppData\Roaming\ScanSoft
[2009/05/28 21:37:29 | 000,000,000 | ---D | M] -- C:\Users\Estee\AppData\Roaming\Template
[2010/08/22 19:00:55 | 000,000,000 | ---D | M] -- C:\Users\Estee\AppData\Roaming\Tific

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:D287FACF
@Alternate Data Stream - 1014 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk

< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The log should be at C:\Combofix.txt

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#5
herbaltee

herbaltee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I couldn't locate the C:\Combofix.txt file. Should I run it again
The Kaspersky TDSSKiller Report is as follows:
23:58:41.0905 2008 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
23:58:43.0137 2008 ============================================================
23:58:43.0137 2008 Current date / time: 2012/10/07 23:58:43.0137
23:58:43.0137 2008 SystemInfo:
23:58:43.0137 2008
23:58:43.0137 2008 OS Version: 6.0.6002 ServicePack: 2.0
23:58:43.0137 2008 Product type: Workstation
23:58:43.0137 2008 ComputerName: MINT
23:58:43.0137 2008 UserName: Estee
23:58:43.0137 2008 Windows directory: C:\Windows
23:58:43.0137 2008 System windows directory: C:\Windows
23:58:43.0137 2008 Processor architecture: Intel x86
23:58:43.0137 2008 Number of processors: 2
23:58:43.0137 2008 Page size: 0x1000
23:58:43.0137 2008 Boot type: Normal boot
23:58:43.0137 2008 ============================================================
23:58:44.0229 2008 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:58:44.0229 2008 ============================================================
23:58:44.0229 2008 \Device\Harddisk0\DR0:
23:58:44.0229 2008 MBR partitions:
23:58:44.0229 2008 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x1E00000
23:58:44.0229 2008 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E33000, BlocksNum 0x38552800
23:58:44.0229 2008 ============================================================
23:58:44.0260 2008 C: <-> \Device\Harddisk0\DR0\Partition2
23:58:44.0323 2008 D: <-> \Device\Harddisk0\DR0\Partition1
23:58:44.0323 2008 ============================================================
23:58:44.0323 2008 Initialize success
23:58:44.0323 2008 ============================================================
23:59:10.0265 3888 ============================================================
23:59:10.0265 3888 Scan started
23:59:10.0265 3888 Mode: Manual; SigCheck; TDLFS;
23:59:10.0265 3888 ============================================================
23:59:10.0905 3888 ================ Scan system memory ========================
23:59:10.0905 3888 System memory - ok
23:59:10.0905 3888 ================ Scan services =============================
23:59:11.0701 3888 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
23:59:11.0872 3888 ACPI - ok
23:59:11.0935 3888 [ C0A9A0BE382321A7A6ADFCC4B305F062 ] acsint C:\Windows\system32\DRIVERS\acsint.sys
23:59:12.0200 3888 acsint - ok
23:59:12.0231 3888 [ 9D4B043FA3A628C6F0D56954A71CD726 ] acsmux C:\Windows\system32\DRIVERS\acsmux.sys
23:59:12.0262 3888 acsmux - ok
23:59:12.0340 3888 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:59:12.0403 3888 adp94xx - ok
23:59:12.0418 3888 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:59:12.0465 3888 adpahci - ok
23:59:12.0496 3888 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:59:12.0527 3888 adpu160m - ok
23:59:12.0543 3888 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:59:12.0559 3888 adpu320 - ok
23:59:12.0652 3888 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:59:12.0839 3888 AeLookupSvc - ok
23:59:13.0183 3888 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
23:59:13.0307 3888 AESTFilters - ok
23:59:13.0401 3888 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
23:59:13.0463 3888 AFD - ok
23:59:13.0541 3888 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:59:13.0557 3888 agp440 - ok
23:59:13.0573 3888 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:59:13.0604 3888 aic78xx - ok
23:59:13.0635 3888 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
23:59:13.0682 3888 ALG - ok
23:59:13.0713 3888 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
23:59:13.0729 3888 aliide - ok
23:59:13.0760 3888 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:59:13.0775 3888 amdagp - ok
23:59:13.0807 3888 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
23:59:13.0822 3888 amdide - ok
23:59:13.0853 3888 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
23:59:13.0931 3888 AmdK7 - ok
23:59:13.0978 3888 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:59:14.0009 3888 AmdK8 - ok
23:59:14.0072 3888 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
23:59:14.0150 3888 Appinfo - ok
23:59:14.0384 3888 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:59:14.0399 3888 Apple Mobile Device - ok
23:59:14.0493 3888 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
23:59:14.0555 3888 arc - ok
23:59:14.0618 3888 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:59:14.0633 3888 arcsas - ok
23:59:14.0665 3888 ASPI32 - ok
23:59:14.0696 3888 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:59:14.0805 3888 AsyncMac - ok
23:59:14.0852 3888 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
23:59:14.0867 3888 atapi - ok
23:59:14.0961 3888 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:59:15.0023 3888 AudioEndpointBuilder - ok
23:59:15.0055 3888 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:59:15.0070 3888 Audiosrv - ok
23:59:15.0117 3888 [ 423C7B87E886AC93D22936EA82665F83 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
23:59:15.0133 3888 BCM42RLY - ok
23:59:15.0211 3888 [ B56999BE8F22BA3071E4CEAFA9E82E26 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
23:59:15.0289 3888 BCM43XX - ok
23:59:15.0351 3888 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
23:59:15.0445 3888 Beep - ok
23:59:15.0507 3888 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
23:59:15.0601 3888 BFE - ok
23:59:16.0022 3888 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120928.001\BHDrvx86.sys
23:59:16.0069 3888 BHDrvx86 - ok
23:59:16.0162 3888 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
23:59:16.0303 3888 BITS - ok
23:59:16.0365 3888 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
23:59:16.0427 3888 blbdrive - ok
23:59:16.0521 3888 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:59:16.0552 3888 Bonjour Service - ok
23:59:16.0615 3888 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:59:16.0630 3888 bowser - ok
23:59:16.0693 3888 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:59:16.0739 3888 BrFiltLo - ok
23:59:16.0771 3888 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:59:16.0817 3888 BrFiltUp - ok
23:59:16.0864 3888 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
23:59:16.0911 3888 Browser - ok
23:59:16.0942 3888 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
23:59:17.0098 3888 Brserid - ok
23:59:17.0145 3888 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:59:17.0207 3888 BrSerWdm - ok
23:59:17.0254 3888 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:59:17.0348 3888 BrUsbMdm - ok
23:59:17.0379 3888 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:59:17.0457 3888 BrUsbSer - ok
23:59:17.0519 3888 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
23:59:17.0566 3888 BthEnum - ok
23:59:17.0613 3888 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:59:17.0691 3888 BTHMODEM - ok
23:59:17.0722 3888 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:59:17.0769 3888 BthPan - ok
23:59:17.0831 3888 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BthPort C:\Windows\system32\Drivers\BTHport.sys
23:59:17.0909 3888 BthPort - ok
23:59:17.0956 3888 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
23:59:17.0987 3888 BthServ - ok
23:59:18.0019 3888 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
23:59:18.0050 3888 BTHUSB - ok
23:59:18.0097 3888 [ 58C4B59D0EBFB637E2E296CF4A686BA0 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
23:59:18.0112 3888 btwaudio - ok
23:59:18.0143 3888 [ E8CC9436CC464D6975ADBC4AECE0BA7B ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
23:59:18.0159 3888 btwavdt - ok
23:59:18.0315 3888 [ AA29BE5BF3D40CA73447639E293FE4C8 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
23:59:18.0424 3888 btwdins - ok
23:59:18.0471 3888 [ ECB98391C756A7B9CFBAE89D9D1235E1 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
23:59:18.0487 3888 btwl2cap - ok
23:59:18.0549 3888 [ 62ED55843F8216EB25A909A820613033 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
23:59:18.0565 3888 btwrchid - ok
23:59:18.0721 3888 catchme - ok
23:59:18.0799 3888 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:59:18.0877 3888 cdfs - ok
23:59:18.0939 3888 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:59:18.0986 3888 cdrom - ok
23:59:19.0033 3888 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
23:59:19.0079 3888 CertPropSvc - ok
23:59:19.0095 3888 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:59:19.0157 3888 circlass - ok
23:59:19.0189 3888 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
23:59:19.0204 3888 CLFS - ok
23:59:19.0267 3888 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:59:19.0298 3888 clr_optimization_v2.0.50727_32 - ok
23:59:19.0407 3888 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:59:19.0454 3888 clr_optimization_v4.0.30319_32 - ok
23:59:19.0485 3888 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:59:19.0532 3888 CmBatt - ok
23:59:19.0547 3888 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:59:19.0563 3888 cmdide - ok
23:59:19.0594 3888 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:59:19.0610 3888 Compbatt - ok
23:59:19.0610 3888 COMSysApp - ok
23:59:19.0641 3888 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:59:19.0657 3888 crcdisk - ok
23:59:19.0719 3888 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
23:59:19.0750 3888 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:59:19.0750 3888 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:59:19.0766 3888 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
23:59:19.0797 3888 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:59:19.0797 3888 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:59:19.0813 3888 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
23:59:19.0875 3888 Crusoe - ok
23:59:19.0922 3888 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:59:19.0984 3888 CryptSvc - ok
23:59:20.0031 3888 [ 24B0B8D3CBB46ED5F16551974AE8D222 ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
23:59:20.0078 3888 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
23:59:20.0078 3888 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
23:59:20.0125 3888 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:59:20.0234 3888 DcomLaunch - ok
23:59:20.0249 3888 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:59:20.0312 3888 DfsC - ok
23:59:20.0421 3888 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
23:59:20.0702 3888 DFSR - ok
23:59:20.0795 3888 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:59:20.0827 3888 Dhcp - ok
23:59:20.0858 3888 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
23:59:20.0889 3888 disk - ok
23:59:20.0951 3888 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:59:20.0983 3888 Dnscache - ok
23:59:21.0092 3888 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
23:59:21.0341 3888 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
23:59:21.0341 3888 DockLoginService - detected UnsignedFile.Multi.Generic (1)
23:59:21.0388 3888 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:59:21.0435 3888 dot3svc - ok
23:59:21.0482 3888 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
23:59:21.0529 3888 DPS - ok
23:59:21.0560 3888 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:59:21.0607 3888 drmkaud - ok
23:59:21.0669 3888 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:59:21.0700 3888 DXGKrnl - ok
23:59:21.0825 3888 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
23:59:21.0887 3888 e1express - ok
23:59:21.0919 3888 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
23:59:21.0981 3888 E1G60 - ok
23:59:22.0012 3888 EagleNT - ok
23:59:22.0059 3888 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
23:59:22.0075 3888 EapHost - ok
23:59:22.0137 3888 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
23:59:22.0168 3888 Ecache - ok
23:59:22.0309 3888 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:59:22.0324 3888 eeCtrl - ok
23:59:22.0402 3888 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:59:22.0433 3888 ehRecvr - ok
23:59:22.0449 3888 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
23:59:22.0511 3888 ehSched - ok
23:59:22.0527 3888 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
23:59:22.0558 3888 ehstart - ok
23:59:22.0605 3888 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:59:22.0636 3888 elxstor - ok
23:59:22.0683 3888 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:59:22.0808 3888 EMDMgmt - ok
23:59:22.0870 3888 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:59:22.0886 3888 EraserUtilRebootDrv - ok
23:59:22.0995 3888 [ F2A80DE2D1B7116052C09CB4D4CA1416 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:59:23.0073 3888 ErrDev - ok
23:59:23.0089 3888 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
23:59:23.0135 3888 EventSystem - ok
23:59:23.0198 3888 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
23:59:23.0260 3888 exfat - ok
23:59:23.0323 3888 [ 3BC40EDD865D903377E5B62A0429CD23 ] FACAP C:\Windows\system32\DRIVERS\facap.sys
23:59:23.0338 3888 FACAP - ok
23:59:23.0369 3888 FAService - ok
23:59:23.0447 3888 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:59:23.0494 3888 fastfat - ok
23:59:23.0541 3888 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:59:23.0588 3888 fdc - ok
23:59:23.0619 3888 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
23:59:23.0650 3888 fdPHost - ok
23:59:23.0666 3888 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
23:59:23.0744 3888 FDResPub - ok
23:59:23.0759 3888 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:59:23.0791 3888 FileInfo - ok
23:59:23.0806 3888 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:59:23.0869 3888 Filetrace - ok
23:59:23.0947 3888 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:59:24.0025 3888 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:59:24.0025 3888 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:59:24.0056 3888 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:59:24.0087 3888 flpydisk - ok
23:59:24.0134 3888 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:59:24.0149 3888 FltMgr - ok
23:59:24.0227 3888 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
23:59:24.0352 3888 FontCache - ok
23:59:24.0539 3888 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:59:24.0555 3888 FontCache3.0.0.0 - ok
23:59:24.0602 3888 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:59:24.0664 3888 Fs_Rec - ok
23:59:24.0695 3888 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:59:24.0711 3888 gagp30kx - ok
23:59:24.0742 3888 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:59:24.0758 3888 GEARAspiWDM - ok
23:59:24.0773 3888 GoToAssist - ok
23:59:24.0820 3888 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
23:59:24.0898 3888 gpsvc - ok
23:59:25.0023 3888 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:59:25.0101 3888 HDAudBus - ok
23:59:25.0148 3888 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:59:25.0226 3888 HidBth - ok
23:59:25.0257 3888 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:59:25.0304 3888 HidIr - ok
23:59:25.0335 3888 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
23:59:25.0366 3888 hidserv - ok
23:59:25.0397 3888 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:59:25.0444 3888 HidUsb - ok
23:59:25.0491 3888 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:59:25.0522 3888 hkmsvc - ok
23:59:25.0538 3888 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:59:25.0553 3888 HpCISSs - ok
23:59:25.0600 3888 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:59:25.0694 3888 HTTP - ok
23:59:25.0756 3888 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:59:25.0772 3888 i2omp - ok
23:59:25.0834 3888 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:59:25.0897 3888 i8042prt - ok
23:59:25.0928 3888 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:59:25.0959 3888 iaStorV - ok
23:59:26.0037 3888 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:59:26.0099 3888 idsvc - ok
23:59:26.0240 3888 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20121005.002\IDSvix86.sys
23:59:26.0318 3888 IDSVix86 - ok
23:59:26.0349 3888 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:59:26.0380 3888 iirsp - ok
23:59:26.0427 3888 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
23:59:26.0521 3888 IKEEXT - ok
23:59:26.0599 3888 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
23:59:26.0614 3888 intelide - ok
23:59:26.0661 3888 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:59:26.0708 3888 intelppm - ok
23:59:26.0770 3888 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:59:26.0848 3888 IPBusEnum - ok
23:59:26.0864 3888 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:59:26.0926 3888 IpFilterDriver - ok
23:59:26.0957 3888 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:59:27.0020 3888 iphlpsvc - ok
23:59:27.0020 3888 IpInIp - ok
23:59:27.0051 3888 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:59:27.0098 3888 IPMIDRV - ok
23:59:27.0129 3888 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:59:27.0223 3888 IPNAT - ok
23:59:27.0347 3888 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:59:27.0410 3888 iPod Service - ok
23:59:27.0441 3888 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:59:27.0488 3888 IRENUM - ok
23:59:27.0519 3888 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:59:27.0535 3888 isapnp - ok
23:59:27.0597 3888 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:59:27.0628 3888 iScsiPrt - ok
23:59:27.0644 3888 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:59:27.0659 3888 iteatapi - ok
23:59:27.0691 3888 [ 20425664E2E196D339CA877E0387C023 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
23:59:27.0706 3888 itecir - ok
23:59:27.0722 3888 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:59:27.0737 3888 iteraid - ok
23:59:27.0800 3888 [ C08C6DCBCFFEA9A92B25622B5EA153AC ] Jukebox3 C:\Windows\system32\DRIVERS\ctpdusb.sys
23:59:27.0862 3888 Jukebox3 - ok
23:59:27.0878 3888 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:59:27.0893 3888 kbdclass - ok
23:59:27.0909 3888 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:59:27.0956 3888 kbdhid - ok
23:59:28.0018 3888 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
23:59:28.0065 3888 KeyIso - ok
23:59:28.0112 3888 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:59:28.0143 3888 KSecDD - ok
23:59:28.0205 3888 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:59:28.0268 3888 KtmRm - ok
23:59:28.0315 3888 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
23:59:28.0361 3888 LanmanServer - ok
23:59:28.0408 3888 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:59:28.0471 3888 LanmanWorkstation - ok
23:59:28.0502 3888 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:59:28.0533 3888 lltdio - ok
23:59:28.0595 3888 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:59:28.0627 3888 lltdsvc - ok
23:59:28.0658 3888 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:59:28.0705 3888 lmhosts - ok
23:59:28.0736 3888 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:59:28.0751 3888 LSI_FC - ok
23:59:28.0767 3888 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:59:28.0783 3888 LSI_SAS - ok
23:59:28.0798 3888 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:59:28.0829 3888 LSI_SCSI - ok
23:59:28.0829 3888 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
23:59:28.0876 3888 luafv - ok
23:59:28.0939 3888 [ D5BA9B816AFEF5292FE13C9A6267B6AB ] Macromedia Licensing Service C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
23:59:28.0970 3888 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:59:28.0970 3888 Macromedia Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:59:28.0985 3888 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:59:29.0017 3888 Mcx2Svc - ok
23:59:29.0048 3888 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
23:59:29.0063 3888 megasas - ok
23:59:29.0110 3888 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
23:59:29.0173 3888 MegaSR - ok
23:59:29.0219 3888 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
23:59:29.0251 3888 MMCSS - ok
23:59:29.0282 3888 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
23:59:29.0344 3888 Modem - ok
23:59:29.0375 3888 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:59:29.0422 3888 monitor - ok
23:59:29.0453 3888 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:59:29.0469 3888 mouclass - ok
23:59:29.0485 3888 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:59:29.0547 3888 mouhid - ok
23:59:29.0578 3888 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:59:29.0594 3888 MountMgr - ok
23:59:29.0703 3888 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:59:29.0719 3888 MozillaMaintenance - ok
23:59:29.0765 3888 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
23:59:29.0781 3888 mpio - ok
23:59:29.0797 3888 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:59:29.0843 3888 mpsdrv - ok
23:59:29.0890 3888 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
23:59:29.0953 3888 MpsSvc - ok
23:59:30.0062 3888 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:59:30.0077 3888 Mraid35x - ok
23:59:30.0140 3888 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:59:30.0171 3888 MRxDAV - ok
23:59:30.0202 3888 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:59:30.0280 3888 mrxsmb - ok
23:59:30.0327 3888 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:59:30.0358 3888 mrxsmb10 - ok
23:59:30.0389 3888 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:59:30.0421 3888 mrxsmb20 - ok
23:59:30.0467 3888 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
23:59:30.0483 3888 msahci - ok
23:59:30.0514 3888 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:59:30.0530 3888 msdsm - ok
23:59:30.0545 3888 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
23:59:30.0592 3888 MSDTC - ok
23:59:30.0623 3888 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:59:30.0655 3888 Msfs - ok
23:59:30.0701 3888 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:59:30.0717 3888 msisadrv - ok
23:59:30.0748 3888 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:59:30.0795 3888 MSiSCSI - ok
23:59:30.0795 3888 msiserver - ok
23:59:30.0857 3888 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:59:30.0904 3888 MSKSSRV - ok
23:59:30.0935 3888 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:59:30.0998 3888 MSPCLOCK - ok
23:59:31.0013 3888 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:59:31.0060 3888 MSPQM - ok
23:59:31.0123 3888 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:59:31.0154 3888 MsRPC - ok
23:59:31.0169 3888 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:59:31.0201 3888 mssmbios - ok
23:59:31.0232 3888 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:59:31.0279 3888 MSTEE - ok
23:59:31.0294 3888 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
23:59:31.0325 3888 Mup - ok
23:59:31.0403 3888 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
23:59:31.0419 3888 N360 - ok
23:59:31.0513 3888 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
23:59:31.0559 3888 napagent - ok
23:59:31.0653 3888 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:59:31.0700 3888 NativeWifiP - ok
23:59:31.0809 3888 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20121006.007\NAVENG.SYS
23:59:31.0825 3888 NAVENG - ok
23:59:31.0918 3888 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20121006.007\NAVEX15.SYS
23:59:31.0996 3888 NAVEX15 - ok
23:59:32.0059 3888 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:59:32.0090 3888 NDIS - ok
23:59:32.0152 3888 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:59:32.0215 3888 NdisTapi - ok
23:59:32.0215 3888 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:59:32.0261 3888 Ndisuio - ok
23:59:32.0308 3888 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:59:32.0355 3888 NdisWan - ok
23:59:32.0386 3888 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:59:32.0417 3888 NDProxy - ok
23:59:32.0449 3888 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:59:32.0480 3888 NetBIOS - ok
23:59:32.0527 3888 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:59:32.0558 3888 netbt - ok
23:59:32.0573 3888 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
23:59:32.0589 3888 Netlogon - ok
23:59:32.0651 3888 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
23:59:32.0714 3888 Netman - ok
23:59:32.0729 3888 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
23:59:32.0792 3888 netprofm - ok
23:59:32.0839 3888 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:59:32.0854 3888 NetTcpPortSharing - ok
23:59:32.0885 3888 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:59:32.0901 3888 nfrd960 - ok
23:59:32.0917 3888 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:59:32.0963 3888 NlaSvc - ok
23:59:33.0010 3888 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:59:33.0026 3888 Npfs - ok
23:59:33.0041 3888 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
23:59:33.0073 3888 nsi - ok
23:59:33.0104 3888 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:59:33.0166 3888 nsiproxy - ok
23:59:33.0385 3888 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:59:33.0463 3888 Ntfs - ok
23:59:33.0509 3888 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
23:59:33.0587 3888 ntrigdigi - ok
23:59:33.0619 3888 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
23:59:33.0665 3888 Null - ok
23:59:33.0837 3888 [ ADB84B1E6B837C45443AA25ABE9E7012 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
23:59:33.0884 3888 NVENETFD - ok
23:59:33.0884 3888 [ FAA22E6256D9FA2C7F77B67C68CDD749 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
23:59:33.0899 3888 NVHDA - ok
23:59:34.0165 3888 [ AB345E76425BAD96AA1F100045E52F85 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:59:34.0820 3888 nvlddmkm - ok
23:59:34.0851 3888 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:59:34.0867 3888 nvraid - ok
23:59:34.0898 3888 [ AF1BD777AF00E96C45C77192D7453369 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
23:59:34.0960 3888 nvsmu - ok
23:59:35.0038 3888 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:59:35.0054 3888 nvstor - ok
23:59:35.0132 3888 [ 8EE374B6FB3CB2BB8D70395218B464A5 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
23:59:35.0147 3888 nvstor32 - ok
23:59:35.0179 3888 [ B3690A09A8F602209C35E0B0F1A9FC79 ] nvsvc C:\Windows\system32\nvvsvc.exe
23:59:35.0194 3888 nvsvc - ok
23:59:35.0210 3888 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:59:35.0225 3888 nv_agp - ok
23:59:35.0241 3888 NwlnkFlt - ok
23:59:35.0241 3888 NwlnkFwd - ok
23:59:35.0303 3888 [ 2CF21D5F8F1B74BB1922135AC2B12DDB ] OA001Ufd C:\Windows\system32\DRIVERS\OA001Ufd.sys
23:59:35.0366 3888 OA001Ufd - ok
23:59:35.0381 3888 [ 4075063D25AF9DA64101769854B83787 ] OA001Vid C:\Windows\system32\DRIVERS\OA001Vid.sys
23:59:35.0428 3888 OA001Vid - ok
23:59:35.0459 3888 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:59:35.0522 3888 ohci1394 - ok
23:59:35.0615 3888 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:59:35.0725 3888 p2pimsvc - ok
23:59:35.0865 3888 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
23:59:35.0912 3888 p2psvc - ok
23:59:35.0990 3888 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
23:59:36.0068 3888 Parport - ok
23:59:36.0130 3888 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:59:36.0146 3888 partmgr - ok
23:59:36.0161 3888 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
23:59:36.0224 3888 Parvdm - ok
23:59:36.0271 3888 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
23:59:36.0333 3888 PcaSvc - ok
23:59:36.0473 3888 [ 42EDE7D217325FF56CB8A9983CD7F73B ] PCD5SRVC{3F6A8B78-EC003E00-05040104} C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms
23:59:36.0614 3888 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok
23:59:36.0661 3888 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
23:59:36.0676 3888 pci - ok
23:59:36.0707 3888 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
23:59:36.0723 3888 pciide - ok
23:59:36.0754 3888 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:59:36.0770 3888 pcmcia - ok
23:59:36.0832 3888 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:59:36.0973 3888 PEAUTH - ok
23:59:37.0144 3888 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
23:59:37.0269 3888 pla - ok
23:59:37.0331 3888 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:59:37.0378 3888 PlugPlay - ok
23:59:37.0456 3888 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:59:37.0503 3888 PNRPAutoReg - ok
23:59:37.0519 3888 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:59:37.0550 3888 PNRPsvc - ok
23:59:37.0581 3888 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:59:37.0659 3888 PolicyAgent - ok
23:59:37.0706 3888 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:59:37.0768 3888 PptpMiniport - ok
23:59:37.0815 3888 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
23:59:37.0862 3888 Processor - ok
23:59:37.0893 3888 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
23:59:37.0909 3888 ProfSvc - ok
23:59:37.0940 3888 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:59:37.0955 3888 ProtectedStorage - ok
23:59:38.0002 3888 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:59:38.0018 3888 PSched - ok
23:59:38.0096 3888 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:59:38.0174 3888 ql2300 - ok
23:59:38.0205 3888 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:59:38.0221 3888 ql40xx - ok
23:59:38.0267 3888 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
23:59:38.0299 3888 QWAVE - ok
23:59:38.0314 3888 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:59:38.0361 3888 QWAVEdrv - ok
23:59:38.0423 3888 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
23:59:38.0626 3888 R300 - ok
23:59:38.0673 3888 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:59:38.0720 3888 RasAcd - ok
23:59:38.0735 3888 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
23:59:38.0782 3888 RasAuto - ok
23:59:38.0798 3888 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:59:38.0829 3888 Rasl2tp - ok
23:59:38.0923 3888 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
23:59:38.0954 3888 RasMan - ok
23:59:39.0001 3888 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:59:39.0063 3888 RasPppoe - ok
23:59:39.0094 3888 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:59:39.0172 3888 RasSstp - ok
23:59:39.0219 3888 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:59:39.0266 3888 rdbss - ok
23:59:39.0313 3888 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:59:39.0359 3888 RDPCDD - ok
23:59:39.0406 3888 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
23:59:39.0437 3888 rdpdr - ok
23:59:39.0453 3888 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:59:39.0500 3888 RDPENCDD - ok
23:59:39.0593 3888 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:59:39.0718 3888 RDPWD - ok
23:59:39.0765 3888 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:59:39.0812 3888 RemoteAccess - ok
23:59:39.0843 3888 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:59:39.0874 3888 RemoteRegistry - ok
23:59:39.0905 3888 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:59:39.0968 3888 RFCOMM - ok
23:59:40.0030 3888 [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
23:59:40.0061 3888 rimmptsk - ok
23:59:40.0124 3888 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
23:59:40.0171 3888 rimsptsk - ok
23:59:40.0186 3888 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
23:59:40.0217 3888 rismxdp - ok
23:59:40.0249 3888 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
23:59:40.0295 3888 RpcLocator - ok
23:59:40.0342 3888 [ 3297445BB9FD3E8363E7559010ED2AE7 ] rpcnet C:\Windows\system32\rpcnet.exe
23:59:40.0358 3888 rpcnet - ok
23:59:40.0436 3888 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\System32\rpcss.dll
23:59:40.0467 3888 RpcSs - ok
23:59:40.0514 3888 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:59:40.0576 3888 rspndr - ok
23:59:40.0607 3888 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
23:59:40.0623 3888 SamSs - ok
23:59:40.0670 3888 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:59:40.0717 3888 sbp2port - ok
23:59:40.0748 3888 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:59:40.0779 3888 SCardSvr - ok
23:59:40.0841 3888 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
23:59:40.0919 3888 Schedule - ok
23:59:40.0966 3888 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:59:40.0982 3888 SCPolicySvc - ok
23:59:41.0029 3888 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
23:59:41.0060 3888 sdbus - ok
23:59:41.0107 3888 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:59:41.0231 3888 SDRSVC - ok
23:59:41.0497 3888 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:59:41.0512 3888 SeaPort - ok
23:59:41.0606 3888 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:59:41.0668 3888 secdrv - ok
23:59:41.0715 3888 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
23:59:41.0746 3888 seclogon - ok
23:59:41.0793 3888 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
23:59:41.0840 3888 SENS - ok
23:59:41.0871 3888 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
23:59:41.0933 3888 Serenum - ok
23:59:41.0949 3888 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
23:59:42.0027 3888 Serial - ok
23:59:42.0058 3888 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:59:42.0089 3888 sermouse - ok
23:59:42.0121 3888 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
23:59:42.0167 3888 SessionEnv - ok
23:59:42.0183 3888 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:59:42.0245 3888 sffdisk - ok
23:59:42.0261 3888 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:59:42.0323 3888 sffp_mmc - ok
23:59:42.0355 3888 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:59:42.0417 3888 sffp_sd - ok
23:59:42.0433 3888 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:59:42.0511 3888 sfloppy - ok
23:59:42.0557 3888 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:59:42.0620 3888 SharedAccess - ok
23:59:42.0682 3888 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:59:42.0760 3888 ShellHWDetection - ok
23:59:42.0791 3888 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:59:42.0807 3888 sisagp - ok
23:59:42.0823 3888 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:59:42.0838 3888 SiSRaid2 - ok
23:59:42.0854 3888 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:59:42.0869 3888 SiSRaid4 - ok
23:59:42.0932 3888 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:59:42.0947 3888 SkypeUpdate - ok
23:59:43.0259 3888 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
23:59:43.0618 3888 slsvc - ok
23:59:43.0665 3888 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:59:43.0727 3888 SLUINotify - ok
23:59:43.0774 3888 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:59:43.0837 3888 Smb - ok
23:59:43.0883 3888 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:59:43.0899 3888 SNMPTRAP - ok
23:59:43.0977 3888 [ 9B24DCA429F819DB314F30EE4C6C80FD ] Sound Blaster X-Fi MB Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
23:59:44.0008 3888 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:59:44.0008 3888 Sound Blaster X-Fi MB Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:59:44.0055 3888 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
23:59:44.0071 3888 spldr - ok
23:59:44.0117 3888 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
23:59:44.0180 3888 Spooler - ok
23:59:44.0227 3888 [ 777115C9CC675BD98127660712D2F784 ] sprtsvc_DellSupportCenter C:\Program Files\Dell Support Center\bin\sprtsvc.exe
23:59:44.0242 3888 sprtsvc_DellSupportCenter - ok
23:59:44.0351 3888 [ 83726CF02ECED69138948083E06B6EAC ] SRTSP C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS
23:59:44.0383 3888 SRTSP - ok
23:59:44.0414 3888 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS
23:59:44.0429 3888 SRTSPX - ok
23:59:44.0461 3888 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:59:44.0507 3888 srv - ok
23:59:44.0570 3888 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:59:44.0617 3888 srv2 - ok
23:59:44.0648 3888 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:59:44.0695 3888 srvnet - ok
23:59:44.0726 3888 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:59:44.0819 3888 SSDPSRV - ok
23:59:44.0897 3888 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:59:44.0913 3888 SstpSvc - ok
23:59:45.0053 3888 [ DDEB942850278D67EDC108D57F774BF8 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
23:59:45.0100 3888 STacSV - ok
23:59:45.0147 3888 [ C4BE9C3AF8AF6F2E4CDD22FCABF77A1B ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
23:59:45.0256 3888 STHDA - ok
23:59:45.0287 3888 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
23:59:45.0334 3888 StillCam - ok
23:59:45.0412 3888 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
23:59:45.0490 3888 stisvc - ok
23:59:45.0521 3888 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:59:45.0537 3888 swenum - ok
23:59:45.0615 3888 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
23:59:45.0646 3888 swprv - ok
23:59:45.0662 3888 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:59:45.0693 3888 Symc8xx - ok
23:59:45.0724 3888 [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS C:\Windows\system32\drivers\N360\0502020.003\SYMDS.SYS
23:59:45.0771 3888 SymDS - ok
23:59:45.0833 3888 [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA C:\Windows\system32\drivers\N360\0502020.003\SYMEFA.SYS
23:59:45.0911 3888 SymEFA - ok
23:59:46.0005 3888 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
23:59:46.0021 3888 SymEvent - ok
23:59:46.0052 3888 [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS
23:59:46.0067 3888 SymIRON - ok
23:59:46.0130 3888 [ D42A7229E333AF725F1445F785E4658D ] SYMTDIv C:\Windows\System32\Drivers\N360\0502020.003\SYMTDIV.SYS
23:59:46.0145 3888 SYMTDIv - ok
23:59:46.0192 3888 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:59:46.0208 3888 Sym_hi - ok
23:59:46.0239 3888 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:59:46.0270 3888 Sym_u3 - ok
23:59:46.0333 3888 [ FB86FDD993A6A0122A2F526221E5161F ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:59:46.0348 3888 SynTP - ok
23:59:46.0473 3888 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
23:59:46.0551 3888 SysMain - ok
23:59:46.0613 3888 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:59:46.0645 3888 TabletInputService - ok
23:59:46.0707 3888 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:59:46.0769 3888 TapiSrv - ok
23:59:46.0832 3888 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
23:59:46.0863 3888 TBS - ok
23:59:47.0019 3888 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:59:47.0128 3888 Tcpip - ok
23:59:47.0284 3888 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:59:47.0378 3888 Tcpip6 - ok
23:59:47.0409 3888 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:59:47.0456 3888 tcpipreg - ok
23:59:47.0471 3888 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:59:47.0518 3888 TDPIPE - ok
23:59:47.0549 3888 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:59:47.0596 3888 TDTCP - ok
23:59:47.0627 3888 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:59:47.0659 3888 tdx - ok
23:59:47.0705 3888 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:59:47.0721 3888 TermDD - ok
23:59:47.0768 3888 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
23:59:47.0861 3888 TermService - ok
23:59:47.0939 3888 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
23:59:47.0955 3888 Themes - ok
23:59:48.0002 3888 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
23:59:48.0033 3888 THREADORDER - ok
23:59:48.0095 3888 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
23:59:48.0127 3888 TrkWks - ok
23:59:48.0220 3888 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:59:48.0267 3888 TrustedInstaller - ok
23:59:48.0314 3888 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:59:48.0376 3888 tssecsrv - ok
23:59:48.0407 3888 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:59:48.0439 3888 tunmp - ok
23:59:48.0485 3888 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:59:48.0501 3888 tunnel - ok
23:59:48.0517 3888 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:59:48.0548 3888 uagp35 - ok
23:59:48.0595 3888 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:59:48.0626 3888 udfs - ok
23:59:48.0657 3888 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:59:48.0688 3888 UI0Detect - ok
23:59:48.0704 3888 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:59:48.0719 3888 uliagpkx - ok
23:59:48.0735 3888 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:59:48.0766 3888 uliahci - ok
23:59:48.0782 3888 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:59:48.0797 3888 UlSata - ok
23:59:48.0813 3888 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:59:48.0829 3888 ulsata2 - ok
23:59:48.0844 3888 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:59:48.0875 3888 umbus - ok
23:59:48.0891 3888 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
23:59:48.0938 3888 upnphost - ok
23:59:49.0000 3888 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:59:49.0031 3888 USBAAPL - ok
23:59:49.0063 3888 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:59:49.0094 3888 usbccgp - ok
23:59:49.0109 3888 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:59:49.0172 3888 usbcir - ok
23:59:49.0234 3888 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:59:49.0265 3888 usbehci - ok
23:59:49.0281 3888 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:59:49.0343 3888 usbhub - ok
23:59:49.0390 3888 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:59:49.0406 3888 usbohci - ok
23:59:49.0421 3888 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
23:59:49.0484 3888 usbprint - ok
23:59:49.0499 3888 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:59:49.0531 3888 USBSTOR - ok
23:59:49.0546 3888 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:59:49.0609 3888 usbuhci - ok
23:59:49.0655 3888 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
23:59:49.0687 3888 UxSms - ok
23:59:49.0765 3888 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
23:59:49.0843 3888 vds - ok
23:59:49.0905 3888 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:59:49.0936 3888 vga - ok
23:59:49.0967 3888 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
23:59:50.0014 3888 VgaSave - ok
23:59:50.0030 3888 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:59:50.0045 3888 viaagp - ok
23:59:50.0061 3888 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:59:50.0108 3888 ViaC7 - ok
23:59:50.0123 3888 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
23:59:50.0155 3888 viaide - ok
23:59:50.0170 3888 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:59:50.0186 3888 volmgr - ok
23:59:50.0248 3888 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:59:50.0279 3888 volmgrx - ok
23:59:50.0326 3888 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:59:50.0357 3888 volsnap - ok
23:59:50.0529 3888 [ D9CC6202D8A3EC84F1516F6CC3E2E6ED ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
23:59:50.0607 3888 vpnagent - ok
23:59:50.0638 3888 [ 0D8DF4058901616A4E716AB67D472581 ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
23:59:50.0654 3888 vpnva - ok
23:59:50.0732 3888 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:59:50.0747 3888 vsmraid - ok
23:59:50.0950 3888 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
23:59:51.0059 3888 VSS - ok
23:59:51.0137 3888 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
23:59:51.0184 3888 W32Time - ok
23:59:51.0215 3888 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:59:51.0293 3888 WacomPen - ok
23:59:51.0325 3888 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:59:51.0340 3888 Wanarp - ok
23:59:51.0356 3888 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:59:51.0371 3888 Wanarpv6 - ok
23:59:51.0418 3888 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:59:51.0496 3888 wcncsvc - ok
23:59:51.0543 3888 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:59:51.0590 3888 WcsPlugInService - ok
23:59:51.0605 3888 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
23:59:51.0621 3888 Wd - ok
23:59:51.0637 3888 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:59:51.0715 3888 Wdf01000 - ok
23:59:51.0761 3888 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:59:51.0808 3888 WdiServiceHost - ok
23:59:51.0824 3888 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:59:51.0855 3888 WdiSystemHost - ok
23:59:51.0933 3888 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
23:59:51.0964 3888 WebClient - ok
23:59:52.0011 3888 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:59:52.0058 3888 Wecsvc - ok
23:59:52.0120 3888 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:59:52.0151 3888 wercplsupport - ok
23:59:52.0183 3888 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
23:59:52.0245 3888 WerSvc - ok
23:59:52.0354 3888 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:59:52.0401 3888 WinDefend - ok
23:59:52.0401 3888 WinHttpAutoProxySvc - ok
23:59:52.0479 3888 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:59:52.0510 3888 Winmgmt - ok
23:59:52.0635 3888 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
23:59:52.0775 3888 WinRM - ok
23:59:52.0916 3888 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:59:53.0009 3888 Wlansvc - ok
23:59:53.0119 3888 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:59:53.0290 3888 wlidsvc - ok
23:59:53.0290 3888 wltrysvc - ok
23:59:53.0368 3888 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:59:53.0431 3888 WmiAcpi - ok
23:59:53.0509 3888 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:59:53.0540 3888 wmiApSrv - ok
23:59:53.0711 3888 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:59:53.0945 3888 WMPNetworkSvc - ok
23:59:53.0992 3888 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:59:54.0070 3888 WPCSvc - ok
23:59:54.0117 3888 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:59:54.0148 3888 WPDBusEnum - ok
23:59:54.0242 3888 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
23:59:54.0289 3888 WpdUsb - ok
23:59:54.0538 3888 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:59:54.0585 3888 WPFFontCache_v0400 - ok
23:59:54.0616 3888 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:59:54.0679 3888 ws2ifsl - ok
23:59:54.0710 3888 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
23:59:54.0741 3888 wscsvc - ok
23:59:54.0741 3888 WSearch - ok
23:59:54.0835 3888 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:59:55.0069 3888 wuauserv - ok
23:59:55.0131 3888 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:59:55.0178 3888 WUDFRd - ok
23:59:55.0240 3888 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:59:55.0287 3888 wudfsvc - ok
23:59:55.0365 3888 [ 4ECBE6F2E10A8DF39FC80963E1188762 ] ZSMC301b C:\Windows\system32\Drivers\usbVM31b.sys
23:59:55.0381 3888 ZSMC301b ( UnsignedFile.Multi.Generic ) - warning
23:59:55.0381 3888 ZSMC301b - detected UnsignedFile.Multi.Generic (1)
23:59:55.0427 3888 ================ Scan global ===============================
23:59:55.0490 3888 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
23:59:55.0552 3888 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:59:55.0568 3888 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:59:55.0646 3888 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
23:59:55.0661 3888 [Global] - ok
23:59:55.0661 3888 ================ Scan MBR ==================================
23:59:55.0677 3888 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
23:59:57.0643 3888 \Device\Harddisk0\DR0 - ok
23:59:57.0643 3888 ================ Scan VBR ==================================
23:59:57.0705 3888 [ 21E2131F5DB647D33AB3F425BAE06A6C ] \Device\Harddisk0\DR0\Partition1
23:59:57.0721 3888 \Device\Harddisk0\DR0\Partition1 - ok
23:59:57.0752 3888 [ 2F53094C68CFBC943EF79E2220DF8C9A ] \Device\Harddisk0\DR0\Partition2
23:59:57.0830 3888 \Device\Harddisk0\DR0\Partition2 - ok
23:59:57.0830 3888 ============================================================
23:59:57.0830 3888 Scan finished
23:59:57.0830 3888 ============================================================
23:59:57.0845 3528 Detected object count: 8
23:59:57.0845 3528 Actual detected object count: 8
00:00:14.0881 3528 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:14.0881 3528 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:14.0881 3528 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:14.0881 3528 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:14.0881 3528 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:14.0881 3528 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:14.0881 3528 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:14.0881 3528 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:14.0881 3528 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:14.0881 3528 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:14.0881 3528 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:14.0881 3528 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:14.0896 3528 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:14.0896 3528 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:14.0896 3528 ZSMC301b ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:14.0896 3528 ZSMC301b ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes please re-run combofix
  • 0

#7
herbaltee

herbaltee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the log:
ComboFix 12-10-04.02 - Estee 10/08/2012 0:13.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.2301.1303 [GMT 11:00]
Running from: c:\users\Estee\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\SecureW2
c:\program files\SecureW2\sw2_rsaproxy.exe
c:\program files\SecureW2\sw2_service.exe
c:\program files\SecureW2\sw2_tray.exe
c:\program files\SecureW2\Uninstall.exe
c:\users\Estee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\users\Estee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SW2SVC
-------\Service_SW2SVC
.
.
((((((((((((((((((((((((( Files Created from 2012-09-07 to 2012-10-07 )))))))))))))))))))))))))))))))
.
.
2012-10-07 13:21 . 2012-10-07 13:21 -------- d-----w- c:\users\Estee\AppData\Local\temp
2012-10-07 13:21 . 2012-10-07 13:21 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-10-07 13:21 . 2012-10-07 13:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-07 12:01 . 2012-10-07 12:01 -------- d-----w- C:\_OTL
2012-10-07 08:42 . 2012-10-07 08:42 -------- d-----w- c:\users\Estee\AppData\Roaming\Malwarebytes
2012-10-07 08:42 . 2012-10-07 08:42 -------- d-----w- c:\programdata\Malwarebytes
2012-10-05 10:01 . 2012-10-05 10:54 -------- d-----w- c:\program files\7-Zip
2012-10-05 09:59 . 2012-10-05 14:11 -------- d-----w- C:\Files
2012-10-01 21:10 . 2012-09-04 18:30 38912 ----a-w- c:\windows\system32\identprv.dll
2012-09-30 12:53 . 2012-09-30 12:57 -------- d-----w- c:\program files\Advanced PC Tweaker
2012-09-22 12:11 . 2012-09-22 12:14 -------- d-----w- c:\users\Estee\AppData\Roaming\DivX
2012-09-22 12:10 . 2012-10-03 06:02 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2012-09-22 12:08 . 2012-10-03 06:02 -------- d-----w- c:\program files\Common Files\DivX Shared
2012-09-22 11:58 . 2012-09-22 12:12 -------- d-----w- c:\program files\DivX
2012-09-22 11:55 . 2012-09-22 12:12 -------- d-----w- c:\programdata\DivX
2012-09-22 10:53 . 2012-09-22 10:53 -------- d-----w- C:\found.001
2012-09-14 13:23 . 2012-09-14 13:23 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-07 12:56 . 2009-05-21 22:15 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-10-07 12:56 . 2009-06-03 09:56 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-08-19 10:03 . 2012-08-19 10:03 161792 ----a-w- c:\windows\system32\msls31.dll
2012-08-19 10:03 . 2012-08-19 10:03 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-08-19 10:03 . 2012-08-19 10:03 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-08-19 10:03 . 2012-08-19 10:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-08-19 10:03 . 2012-08-19 10:02 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-08-19 10:02 . 2012-08-19 10:02 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-08-19 10:02 . 2012-08-19 10:02 367104 ----a-w- c:\windows\system32\html.iec
2012-08-19 10:02 . 2012-08-19 10:02 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-08-19 10:02 . 2012-08-19 10:02 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-19 10:02 . 2012-08-19 10:02 152064 ----a-w- c:\windows\system32\wextract.exe
2012-08-19 10:02 . 2012-08-19 10:02 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-08-19 10:02 . 2012-08-19 10:02 11776 ----a-w- c:\windows\system32\mshta.exe
2012-08-19 10:02 . 2012-08-19 10:02 101888 ----a-w- c:\windows\system32\admparse.dll
2012-08-19 10:02 . 2012-08-19 10:02 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-08-19 10:02 . 2012-08-19 10:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-14 13:23 . 2011-05-27 10:35 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 01:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-10-18 01:26 3908192 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonUtilities"="c:\program files\Norton Utilities 14\RMTray.exe" [2009-09-13 279912]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SightSpeed"="c:\program files\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-29 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-04-29 96800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-29 13552160]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-12-15 40960]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-30 483428]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-12 1422632]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2008-12-17 14848]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-07-29 128296]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-25 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 124512]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-01-13 527312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-09-07 1089608]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
c:\users\Estee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-4-11 603536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
R3 acsint;acsint;c:\windows\system32\DRIVERS\acsint.sys [x]
R3 acsmux;acsmux;c:\windows\system32\DRIVERS\acsmux.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 00939015
*Deregistered* - 00939015
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-02 c:\windows\Tasks\User_Feed_Synchronization-{CDBE0B60-F53E-48D8-952B-4CCEF8E4C96A}.job
- c:\windows\system32\msfeedssync.exe [2012-08-19 10:02]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page = hxxp://www.cooxer.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{708C3CA3-69F5-48E8-BF7B-C9AC1713F2F2}: NameServer = 192.168.0.1
FF - ProfilePath - c:\users\Estee\AppData\Roaming\Mozilla\Firefox\Profiles\aki3wj8r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sciencedaily.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NWEReboot - (no file)
HKLM-Run-SecureW2 Tray - c:\program files\SecureW2\sw2_tray.exe
AddRemove-Searchqu Toolbar - c:\program files\Searchqu Toolbar\uninstall.exe
AddRemove-SecureW2 Enterprise Client - c:\program files\SecureW2\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-08 00:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(676)
c:\windows\system32\FAPassSync.dll
.
- - - - - - - > 'Explorer.exe'(4628)
c:\windows\system32\NVSVC.DLL
c:\program files\Norton 360\Engine\5.2.2.3\ccVrTrst.dll
c:\program files\Norton 360\Engine\5.2.2.3\ccSet.dll
.
Completion time: 2012-10-08 00:23:53
ComboFix-quarantined-files.txt 2012-10-07 13:23
.
Pre-Run: 358,079,602,688 bytes free
Post-Run: 357,997,215,744 bytes free
.
- - End Of File - - 05F029E779CB5C7CE7E197FE7F5BA3D1
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer running now, any problems

Could you now update Malwarebytes, run a quick scan and post the resultant log
  • 0

#9
herbaltee

herbaltee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
My computer still needs a New Task explorer.exe on startup to bring about all the icons unfortunately :( The Malwarebytes log is as follows:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.07.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Estee :: MINT [administrator]

Protection: Enabled

10/8/2012 11:06:42 AM
mbam-log-2012-10-08 (11-06-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224331
Time elapsed: 5 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try to repair the system

Download Windows Repair (all in one) from this site

Install the programme then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab click start
Posted Image

Select the following items and tick restart system when finished
Posted Image
  • 0

#11
herbaltee

herbaltee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
That did it! Computer has restarted (as well as after I turned it off and on to check) with explorer.exe loading upon starting up, and videos are playing completely! Thank you so much for all your help!! I'm so grateful and happy! :D :D :D
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#13
herbaltee

herbaltee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
All done - once again thank you so much for all your help and effort! :) :)
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP