Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible Malware? DLL initialization routine failed

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible Malware? DLL initialization routine failed

Unread postby ldydarsheva » June 17th, 2013, 4:48 pm

Hello, my dad is having a couple of problems with his computer after he clicked on something he thought was an automatic system update. he has been receiving a pop up that says internet explorer is not responding right after starting up his computer. And then he gets a message that pops up and says: C:\users\hender~1\appdata\local\temp\sristep\sywqsip\wow.dll dynamic link library (dll) initialization routine failed. He also receives this message when trying to open windows explorer or right clicking on anything. I googled the error and found that it may be a possible malware problem??

I have run dds on his computer and below are the logs. Any help will be appreciated.

DDS log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.21.2
Run by Henderson at 15:25:40 on 2013-06-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3933.2314 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Users\Henderson\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe
C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe
C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\syswow64\rundll32.exe
C:\windows\syswow64\svchost.exe -k netsvcs
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\taskeng.exe
C:\windows\explorer.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\ytbb.exe
C:\windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\RunDll32.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: <No Name>: {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll
uURLSearchHooks: SearchFlyBar3 Toolbar: {489d3a56-53d9-44c2-a113-5820cdab4206} - C:\Program Files (x86)\SearchFlyBar3\prxtbSear.dll
mURLSearchHooks: SearchFlyBar3 Toolbar: {489d3a56-53d9-44c2-a113-5820cdab4206} - C:\Program Files (x86)\SearchFlyBar3\prxtbSear.dll
mWinlogon: Userinit = userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SearchFlyBar3 Toolbar: {489d3a56-53d9-44c2-a113-5820cdab4206} - C:\Program Files (x86)\SearchFlyBar3\prxtbSear.dll
BHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\IPS\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: TelevisionFanatic: {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
TB: SearchFlyBar3 Toolbar: {489D3A56-53D9-44C2-A113-5820CDAB4206} - C:\Program Files (x86)\SearchFlyBar3\prxtbSear.dll
TB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll
TB: SearchFlyBar3 Toolbar: {489d3a56-53d9-44c2-a113-5820cdab4206} - C:\Program Files (x86)\SearchFlyBar3\prxtbSear.dll
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "C:\Users\Henderson\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [SearchProtect] C:\Users\Henderson\AppData\Roaming\SearchProtect\bin\cltmng.exe
mRun: [SVPWUTIL] "C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"
mRun: [TelevisionFanatic Browser Plugin Loader] C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe
mRun: [lxddmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe"
mRun: [lxddamon] "C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{4AAC1865-70C9-4D56-A74C-C1609AA0102E} : DHCPNameServer = 8.8.8.8 8.8.4.4 4.2.2.1
TCP: Interfaces\{F3DEC357-4DED-4D5D-9782-5CCD32F770A4} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F3DEC357-4DED-4D5D-9782-5CCD32F770A4}\0596E6B6541676C656D27657563747 : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
TCP: Interfaces\{F3DEC357-4DED-4D5D-9782-5CCD32F770A4}\16474777966696 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{F3DEC357-4DED-4D5D-9782-5CCD32F770A4}\3456E647572797C496E6B633231383 : DHCPNameServer = 192.168.0.1 64.91.3.60
TCP: Interfaces\{F3DEC357-4DED-4D5D-9782-5CCD32F770A4}\452554E444E65647731313 : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{F3DEC357-4DED-4D5D-9782-5CCD32F770A4}\C4942425142595 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{F3DEC357-4DED-4D5D-9782-5CCD32F770A4}\F4D616861602354757469713 : DHCPNameServer = 192.168.2.1 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] "C:\windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] "C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe"
x64-Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\windows\System32\rundll32.exe C:\windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1403010.016\SymDS64.sys [2013-5-25 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1403010.016\SymEFA64.sys [2013-5-25 1139800]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-3-24 482384]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [2013-5-31 1393240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\drivers\NISx64\1403010.016\ccSetx64.sys [2013-5-25 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130614.001\IDSviA64.sys [2013-6-14 513184]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1403010.016\Ironx64.sys [2013-5-25 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1403010.016\symnets.sys [2013-5-25 432800]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-5-8 97056]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe [2013-5-25 144520]
R2 TelevisionFanaticService;TelevisionFanaticService;C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe [2011-5-30 42504]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-6-4 138912]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-3-24 215040]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;C:\windows\System32\drivers\RTL8187B.sys [2010-3-24 446976]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\windows\System32\drivers\nmwcdnsux64.sys [2011-8-17 171008]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-3-24 222208]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-3-24 51512]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\windows\System32\drivers\lgx64gps.sys [2010-12-16 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-5-22 1255736]
.
=============== Created Last 30 ================
.
2013-06-17 13:35:46 796760 ----a-w- C:\windows\System32\drivers\NISx64\1404000.028\srtsp64.sys
2013-06-17 13:35:46 493656 ----a-w- C:\windows\System32\drivers\NISx64\1404000.028\symds64.sys
2013-06-17 13:35:46 433752 ----a-w- C:\windows\System32\drivers\NISx64\1404000.028\symnets.sys
2013-06-17 13:35:46 36952 ----a-w- C:\windows\System32\drivers\NISx64\1404000.028\srtspx64.sys
2013-06-17 13:35:46 23448 ----a-r- C:\windows\System32\drivers\NISx64\1404000.028\symelam.sys
2013-06-17 13:35:46 224416 ----a-w- C:\windows\System32\drivers\NISx64\1404000.028\ironx64.sys
2013-06-17 13:35:46 169048 ----a-w- C:\windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys
2013-06-17 13:35:46 1139800 ----a-w- C:\windows\System32\drivers\NISx64\1404000.028\symefa64.sys
2013-06-17 13:35:27 -------- d-----w- C:\windows\System32\drivers\NISx64\1404000.028
2013-06-14 12:15:38 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2013-06-12 20:33:17 -------- d-----w- C:\Program Files (x86)\Conduit
2013-06-12 20:33:14 -------- d-----w- C:\Users\Henderson\AppData\Local\Conduit
2013-06-12 20:33:14 -------- d-----w- C:\Program Files (x86)\SearchFlyBar3
2013-06-12 20:32:54 770384 ----a-w- C:\windows\SysWow64\msvcr100.dll
2013-06-12 20:32:54 421200 ----a-w- C:\windows\SysWow64\msvcp100.dll
2013-06-12 20:32:54 -------- d-----w- C:\Program Files (x86)\SearchProtect
2013-06-12 20:32:44 -------- d-----w- C:\Users\Henderson\AppData\Roaming\SearchProtect
2013-06-12 20:32:43 -------- d-----w- C:\Users\Henderson\AppData\Local\CRE
2013-06-12 20:32:38 -------- d-----w- C:\ProgramData\Oberon Media
2013-06-12 10:19:25 -------- d-----w- C:\Users\Henderson\AppData\Local\{2FB7968F-7915-4FF5-8E4C-2AAD04A4AFD5}
2013-06-09 03:22:46 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-04 13:36:34 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 13:11:18 177312 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2013-05-25 13:11:18 -------- d-----w- C:\Program Files\Symantec
2013-05-25 13:11:18 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2013-05-25 13:10:57 493656 ----a-r- C:\windows\System32\drivers\NISx64\1403010.016\SymDS64.sys
2013-05-25 13:10:57 432800 ----a-r- C:\windows\System32\drivers\NISx64\1403010.016\symnets.sys
2013-05-25 13:10:57 36952 ----a-r- C:\windows\System32\drivers\NISx64\1403010.016\srtspx64.sys
2013-05-25 13:10:57 23448 ----a-r- C:\windows\System32\drivers\NISx64\1403010.016\SymELAM.sys
2013-05-25 13:10:57 1139800 ----a-r- C:\windows\System32\drivers\NISx64\1403010.016\SymEFA64.sys
2013-05-25 13:10:56 796248 ----a-r- C:\windows\System32\drivers\NISx64\1403010.016\srtsp64.sys
2013-05-25 13:10:56 224416 ----a-r- C:\windows\System32\drivers\NISx64\1403010.016\Ironx64.sys
2013-05-25 13:10:56 168096 ----a-r- C:\windows\System32\drivers\NISx64\1403010.016\ccSetx64.sys
2013-05-25 13:10:48 -------- d-----w- C:\windows\System32\drivers\NISx64\1403010.016
2013-05-25 13:10:48 -------- d-----w- C:\windows\System32\drivers\NISx64
2013-05-25 13:10:47 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2013-05-25 13:08:22 -------- d-----w- C:\Program Files (x86)\NortonInstaller
.
==================== Find3M ====================
.
2013-06-11 21:13:43 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 21:13:43 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-09 03:22:24 866720 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
2013-06-09 03:22:24 788896 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-06-08 12:28:46 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-06-08 11:13:19 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-06-04 13:36:34 9728 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-17 01:25:57 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-05-02 15:29:56 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-04-26 05:51:36 751104 ----a-w- C:\windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\windows\SysWow64\d3d11.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-04-02 14:09:52 4550656 ----a-w- C:\windows\SysWow64\GPhotos.scr
2013-03-31 22:52:16 1887232 ----a-w- C:\windows\System32\d3d11.dll
.
============= FINISH: 15:26:30.40 ===============


Attach Log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/10/2010 12:04:20 PM
System Uptime: 6/17/2013 3:11:24 PM (0 hours ago)
.
Motherboard: TOSHIBA | | NBWAA
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | U2E1 | 2200/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 186.42 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP668: 5/21/2013 10:58:40 AM - Windows Update
RP669: 5/25/2013 8:02:49 AM - Windows Update
RP670: 6/1/2013 11:38:37 AM - Scheduled Checkpoint
RP671: 6/4/2013 8:32:22 AM - Windows Update
RP672: 6/8/2013 10:21:01 PM - Removed Java(TM) 6 Update 39
RP673: 6/8/2013 10:22:09 PM - Installed Java 7 Update 21
RP674: 6/14/2013 7:13:33 AM - Windows Update
RP675: 6/15/2013 4:32:47 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.3
Apple Application Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
Best Buy Software Installer
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 3.3.1.98
ConvertXtoDVD 4.1.12.352
D3DX10
GIMP 2.6.8
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java 7 Update 21
Java Auto Updater
Java(TM) 6 Update 18
LG USB Modem driver
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Norton Internet Security
OpenOffice.org 3.2
Picasa 3
PlayReady PC Runtime amd64
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Roxio Express Labeler 3
Search Protect by conduit
SearchFlyBar3 Toolbar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Synaptics Pointing Device Driver
TelevisionFanatic
The Weather Channel App
The Weather Channel Desktop 6
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Utility Common Driver
VSO Burning SDK 4.0.21.489
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/14/2013 7:57:15 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user ROGERS-PC\Henderson SID (S-1-5-21-1329925755-3460995418-3139510053-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
ldydarsheva
Active Member
 
Posts: 10
Joined: June 17th, 2013, 4:30 pm
Advertisement
Register to Remove

Re: Possible Malware? DLL initialization routine failed

Unread postby askey127 » June 20th, 2013, 7:30 pm

Hi ldydarsheva,
-----------------------------------------------
It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like µTorrent, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
Criminals have "planted" thousands upon thousands of infections in the "free" torrent files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

Search Protect by conduit
SearchFlyBar3 Toolbar
Java(TM) 6 Update 18
Ask Toolbar
Ask Toolbar Updater
Adobe Reader 9.5.3
µTorrent

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator" to run it.
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possible Malware? DLL initialization routine failed

Unread postby ldydarsheva » June 23rd, 2013, 11:23 pm

ok I uninstalled all that and ran the OTL.exe. Here are the logs:

OTL.txt:
OTL logfile created on: 6/23/2013 9:49:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Henderson\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 64.08% Memory free
7.68 Gb Paging File | 6.22 Gb Available in Paging File | 81.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.64 Gb Total Space | 186.89 Gb Free Space | 64.97% Space Free | Partition Type: NTFS

Computer Name: ROGERS-PC | User Name: Henderson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/23 21:43:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Henderson\Desktop\OTL.exe
PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/02/12 06:26:59 | 013,102,080 | ---- | M] (The Weather Channel) -- C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
PRC - [2011/05/30 12:59:36 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe
PRC - [2011/05/30 12:59:36 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe
PRC - [2009/07/14 21:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
PRC - [2009/04/27 14:37:18 | 000,025,256 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe
PRC - [2009/04/27 14:37:16 | 000,291,496 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe
PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2009/01/13 23:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/16 10:08:48 | 018,080,256 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\be692307d47b83000bba8bb6b484aff0\System.ServiceModel.ni.dll
MOD - [2013/05/16 10:06:52 | 000,189,440 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\8ebc2c39ce8bdb20e3a463391aac936c\System.Windows.Input.Manipulations.ni.dll
MOD - [2013/05/16 10:06:40 | 001,021,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/05/16 10:06:39 | 002,647,040 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll
MOD - [2013/05/16 10:06:36 | 000,393,216 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8732d692f02402dbd81280b0d3c4f6a9\System.Xml.Linq.ni.dll
MOD - [2013/05/16 10:06:04 | 001,880,576 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\17ec73d37a1405aa495cd114bdbf660f\System.Deployment.ni.dll
MOD - [2013/05/16 09:33:02 | 018,002,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll
MOD - [2013/05/16 09:33:01 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013/05/16 09:32:33 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013/05/16 09:32:28 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll
MOD - [2013/05/16 09:32:17 | 007,069,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll
MOD - [2013/05/16 09:32:11 | 003,858,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll
MOD - [2013/05/16 09:24:56 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/16 09:24:12 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/01/10 04:35:12 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 04:34:33 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 04:34:11 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 04:34:06 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 04:33:55 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/10 04:29:22 | 000,196,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\00b3e4fe5239ad310594f6a6ea0951da\UIAutomationTypes.ni.dll
MOD - [2013/01/10 04:29:22 | 000,096,768 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll
MOD - [2013/01/10 04:29:08 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 04:29:03 | 000,143,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013/01/10 04:28:34 | 001,801,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013/01/10 04:13:19 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/10 04:13:16 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 04:13:15 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/10 04:12:58 | 009,094,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/10 04:12:51 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
MOD - [2010/06/01 11:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2009/04/27 14:37:18 | 000,025,256 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe
MOD - [2009/04/27 14:37:16 | 000,291,496 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe
MOD - [2008/05/16 13:35:22 | 000,040,960 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\App4R.Monitor.Core.dll
MOD - [2008/05/16 13:35:22 | 000,028,672 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\App4R.Monitor.Common.dll
MOD - [2008/05/16 13:34:18 | 000,057,344 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll
MOD - [2007/04/30 09:20:26 | 000,011,776 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
MOD - [2007/04/30 09:19:52 | 000,020,480 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll
MOD - [2007/04/30 09:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll
MOD - [2007/03/06 09:16:48 | 000,589,824 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxdddatr.dll
MOD - [2007/01/09 18:10:06 | 000,278,528 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddscw.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/08/21 11:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/03 21:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/18 21:07:52 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2011/05/30 12:59:36 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe -- (TelevisionFanaticService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/17 12:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 21:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/14 21:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/17 18:37:18 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/23 00:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/21 00:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/16 00:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/24 19:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 21:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/03/04 20:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/04 20:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/17 10:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/19 01:53:58 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 01:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009/08/27 10:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/20 18:04:06 | 000,446,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 23:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 19:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/24 17:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 19:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/11/11 14:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 14:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64gps.sys -- (UsbGps)
DRV:64bit: - [2008/11/11 14:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 14:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV - [2013/05/31 11:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/05/24 17:24:40 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130621.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/05/24 01:00:00 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130623.002\ex64.sys -- (NAVEX15)
DRV - [2013/05/24 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/05/24 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/05/24 01:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130623.002\eng64.sys -- (NAVENG)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {51B7A03F-BF5D-4EC3-B3CC-7B181277942F}
IE:64bit: - HKLM\..\SearchScopes\{51B7A03F-BF5D-4EC3-B3CC-7B181277942F}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {97749830-5D95-488A-8633-70613E503E4E}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{CBD433A0-16A2-4263-B463-A379058F6324}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
IE - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000\..\SearchScopes,DefaultScope = {97749830-5D95-488A-8633-70613E503E4E}
IE - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000\..\SearchScopes\{55F52A1A-E62F-432F-8BEA-C43BA37D5BCC}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000\..\SearchScopes\{714E246D-F72D-48E6-97A4-2BF83AD9EBDF}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000\..\SearchScopes\{97749830-5D95-488A-8633-70613E503E4E}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3292716&CUI=UN29676081345624894&UM=2
IE - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
IE - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000\..\SearchScopes\{C6655417-5559-42AB-ADBD-5CCE5F1EFD1E}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000\..\SearchScopes\{CBD433A0-16A2-4263-B463-A379058F6324}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS379US379
IE - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000\..\SearchScopes\{E61E72F3-8DE8-4E4F-8936-F8D5405DFA26}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=69F871C1-C3A4-4555-8C4A-D62CCB05FA6F&apn_sauid=87D8B03D-3026-4FEF-B4B1-F78F22DC7578
IE - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Henderson\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Henderson\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\64ffxtbr@TelevisionFanatic.com: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin [2011/10/21 07:14:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\ [2013/06/23 21:40:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFFPlgn\ [2013/05/25 08:11:42 | 000,000,000 | ---D | M]

[2010/12/12 21:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Henderson\AppData\Roaming\mozilla\Extensions
[2012/05/10 06:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Henderson\AppData\Roaming\mozilla\Firefox\Profiles\m7invvx1.default\extensions
[2011/10/21 07:14:31 | 000,000,000 | ---D | M] (TelevisionFanatic) -- C:\Users\Henderson\AppData\Roaming\mozilla\Firefox\Profiles\m7invvx1.default\extensions\64ffxtbr@TelevisionFanatic.com
[2011/08/23 22:16:36 | 000,002,333 | ---- | M] () -- C:\Users\Henderson\AppData\Roaming\mozilla\firefox\profiles\m7invvx1.default\searchplugins\askcom.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.conduit.com/?ctid=CT32927 ... 26625&UM=2
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Henderson\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Henderson\AppData\Local\Google\Chrome\Application\27.0.1453.110\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Henderson\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2010/08/22 09:59:46 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
O2 - BHO: (Search Assistant BHO) - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (COMPANYVERS_NAME)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Toolbar BHO) - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (TelevisionFanatic) - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000\..\Toolbar\WebBrowser: (TelevisionFanatic) - {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [lxddamon] C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TelevisionFanatic Browser Plugin Loader] C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe (VER_COMPANY_NAME)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000..\Run: [DW7] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
O4 - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AAC1865-70C9-4D56-A74C-C1609AA0102E}: DhcpNameServer = 8.8.8.8 8.8.4.4 4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3DEC357-4DED-4D5D-9782-5CCD32F770A4}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b5e50ae8-7a86-11e2-951b-705ab68515d1}\Shell - "" = AutoRun
O33 - MountPoints2\{b5e50ae8-7a86-11e2-951b-705ab68515d1}\Shell\AutoRun\command - "" = E:\TLBootstrap_WPP.exe
O33 - MountPoints2\{b5e50ae9-7a86-11e2-951b-705ab68515d1}\Shell - "" = AutoRun
O33 - MountPoints2\{b5e50ae9-7a86-11e2-951b-705ab68515d1}\Shell\AutoRun\command - "" = F:\TLBootstrap_WPP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/23 21:43:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Henderson\Desktop\OTL.exe
[2013/06/23 21:37:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/06/19 03:53:54 | 000,000,000 | ---D | C] -- C:\Users\Henderson\AppData\Local\{B04F9425-4B2F-4100-92A1-DDC706DABB2F}
[2013/06/17 08:35:46 | 001,139,800 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys
[2013/06/17 08:35:46 | 000,796,760 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys
[2013/06/17 08:35:46 | 000,493,656 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\symds64.sys
[2013/06/17 08:35:46 | 000,433,752 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\symnets.sys
[2013/06/17 08:35:46 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys
[2013/06/17 08:35:46 | 000,169,048 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys
[2013/06/17 08:35:46 | 000,036,952 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys
[2013/06/17 08:35:46 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1404000.028\symelam.sys
[2013/06/17 08:35:27 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64\1404000.028
[2013/06/15 16:33:48 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/06/15 16:33:47 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/06/14 07:15:37 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/06/14 07:15:37 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/06/14 07:15:37 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/06/14 07:15:37 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/14 07:15:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/06/14 07:15:37 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/06/14 07:15:37 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/06/14 07:15:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/06/14 07:15:37 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/06/14 07:15:36 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/06/14 07:15:35 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/06/14 07:15:35 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/06/14 07:15:35 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/06/12 15:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/06/12 15:33:14 | 000,000,000 | ---D | C] -- C:\Users\Henderson\AppData\Local\Conduit
[2013/06/12 15:32:54 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcr100.dll
[2013/06/12 15:32:54 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcp100.dll
[2013/06/12 15:32:43 | 000,000,000 | ---D | C] -- C:\Users\Henderson\AppData\Local\CRE
[2013/06/12 15:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media
[2013/06/12 06:41:54 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/06/12 06:41:54 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013/06/12 06:41:48 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptdlg.dll
[2013/06/12 06:41:48 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cryptdlg.dll
[2013/06/12 06:41:44 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013/06/12 06:41:39 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certutil.exe
[2013/06/12 06:41:38 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/06/12 06:41:38 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certutil.exe
[2013/06/12 06:41:38 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/06/12 06:41:38 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certenc.dll
[2013/06/12 06:41:38 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certenc.dll
[2013/06/12 06:41:33 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013/06/12 06:41:33 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013/06/12 05:19:25 | 000,000,000 | ---D | C] -- C:\Users\Henderson\AppData\Local\{2FB7968F-7915-4FF5-8E4C-2AAD04A4AFD5}
[2013/06/08 22:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/06/08 22:22:55 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/06/08 22:22:46 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/06/08 22:22:46 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/06/08 22:22:46 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/06/04 08:38:22 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/06/04 08:38:22 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/06/04 08:38:22 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/06/04 08:38:21 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/06/04 08:38:21 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/06/04 08:38:21 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/06/04 08:38:21 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/06/04 08:38:21 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/06/04 08:38:21 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/06/04 08:38:21 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/06/04 08:38:21 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/06/04 08:38:21 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/06/04 08:38:21 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/06/04 08:38:21 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/06/04 08:38:21 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/06/04 08:38:21 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/06/04 08:38:21 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/06/04 08:38:21 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/06/04 08:38:21 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/06/04 08:38:21 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/06/04 08:38:21 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/06/04 08:38:21 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/06/04 08:38:21 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/06/04 08:38:21 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/06/04 08:38:21 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/06/04 08:38:21 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/06/04 08:38:21 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/06/04 08:38:21 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/06/04 08:38:21 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/06/04 08:38:21 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/06/04 08:38:21 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/06/04 08:38:21 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/06/04 08:38:21 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/06/04 08:38:21 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/06/04 08:38:21 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/06/04 08:38:21 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/06/04 08:38:21 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/06/04 08:38:21 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/06/04 08:38:21 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/06/04 08:38:21 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/06/04 08:38:21 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/06/04 08:38:21 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/06/04 08:38:21 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/06/04 08:38:21 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/06/04 08:38:21 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/06/04 08:38:21 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/06/04 08:38:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/06/04 08:38:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/06/04 08:38:21 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/06/04 08:38:21 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/06/04 08:38:21 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/06/04 08:38:21 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/06/04 08:38:21 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/06/04 08:36:34 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2013/06/04 08:36:34 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msmpeg2vdec.dll
[2013/06/04 08:36:34 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2013/06/04 08:36:34 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msmpeg2vdec.dll
[2013/06/04 08:36:34 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2013/06/04 08:36:34 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/06/04 08:36:34 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10.dll
[2013/06/04 08:36:34 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2013/06/04 08:36:34 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2013/06/04 08:36:34 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013/06/04 08:36:34 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013/06/04 08:36:34 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/06/04 08:36:34 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013/06/04 08:36:34 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxgi.dll
[2013/06/04 08:36:34 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll
[2013/06/04 08:36:34 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10core.dll
[2013/06/04 08:36:34 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecsExt.dll
[2013/06/04 08:36:34 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UIAnimation.dll
[2013/06/04 08:36:34 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll
[2013/06/04 08:36:34 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UIAnimation.dll
[2013/06/04 08:36:34 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/06/04 08:36:34 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/06/04 08:36:34 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/06/04 08:36:34 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/06/04 08:36:34 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/06/04 08:36:34 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/06/04 08:36:34 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/06/04 08:36:34 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/06/04 08:36:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/06/04 08:36:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/06/04 08:36:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/06/04 08:36:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/06/04 08:36:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/06/04 08:36:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/06/04 08:36:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/06/04 08:36:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/06/04 08:36:34 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/06/04 08:36:34 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/05/25 08:13:13 | 000,000,000 | ---D | C] -- C:\Users\Henderson\Documents\Symantec
[2013/05/25 08:11:18 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/05/25 08:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/05/25 08:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/05/25 08:10:48 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64
[2013/05/25 08:10:47 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013/05/25 08:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2013/05/25 08:08:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/05/25 08:03:35 | 000,000,000 | ---D | C] -- C:\Users\Henderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/02/19 01:53:58 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Henderson\AppData\Roaming\pcouffin.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/23 21:48:01 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/23 21:48:01 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/23 21:43:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Henderson\Desktop\OTL.exe
[2013/06/23 21:41:00 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/23 21:40:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/06/23 21:40:11 | 3092,942,848 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/23 21:26:46 | 000,000,872 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1329925755-3460995418-3139510053-1000Core.job
[2013/06/23 21:26:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/23 21:22:34 | 000,041,365 | ---- | M] () -- C:\Users\Henderson\Documents\2013 payment spreadsheet for car.ods
[2013/06/23 21:20:24 | 000,000,924 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1329925755-3460995418-3139510053-1000UA.job
[2013/06/23 21:20:23 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/06/20 22:56:52 | 000,000,113 | ---- | M] () -- C:\Users\Henderson\Desktop\White Trader.url
[2013/06/20 14:04:13 | 000,002,401 | ---- | M] () -- C:\Users\Henderson\Desktop\Google Chrome.lnk
[2013/06/19 03:00:11 | 000,002,431 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/06/19 02:59:48 | 002,479,018 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
[2013/06/19 02:58:51 | 000,014,818 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\VT20130115.021
[2013/06/18 21:07:50 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/06/18 21:07:50 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/17 18:37:18 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/06/17 18:37:18 | 000,007,631 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/06/17 18:37:18 | 000,000,854 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/06/14 08:03:59 | 000,779,306 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/06/14 08:03:59 | 000,660,546 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/06/14 08:03:59 | 000,121,442 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/06/12 15:33:42 | 000,000,009 | ---- | M] () -- C:\END
[2013/06/08 22:22:24 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npdeployJava1.dll
[2013/06/08 22:22:24 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2013/06/08 22:22:24 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/06/08 22:22:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/06/08 22:22:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/06/08 22:22:24 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/06/08 09:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/06/08 06:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/06/04 08:38:22 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/06/04 08:38:22 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/06/04 08:38:22 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/06/04 08:38:21 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/06/04 08:38:21 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/06/04 08:38:21 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/06/04 08:38:21 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/06/04 08:38:21 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/06/04 08:38:21 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/06/04 08:38:21 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/06/04 08:38:21 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/06/04 08:38:21 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/06/04 08:38:21 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/06/04 08:38:21 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/06/04 08:38:21 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/06/04 08:38:21 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/06/04 08:38:21 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/06/04 08:38:21 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/06/04 08:38:21 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/06/04 08:38:21 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/06/04 08:38:21 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/06/04 08:38:21 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/06/04 08:38:21 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/06/04 08:38:21 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/06/04 08:38:21 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/06/04 08:38:21 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/06/04 08:38:21 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/06/04 08:38:21 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/06/04 08:38:21 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/06/04 08:38:21 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/06/04 08:38:21 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/06/04 08:38:21 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/06/04 08:38:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/06/04 08:38:21 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/06/04 08:38:21 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/06/04 08:38:21 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/06/04 08:38:21 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/06/04 08:38:21 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/06/04 08:38:21 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/06/04 08:38:21 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/06/04 08:38:21 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/06/04 08:38:21 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/06/04 08:38:21 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/06/04 08:38:21 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/06/04 08:38:21 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/06/04 08:38:21 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/06/04 08:38:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/06/04 08:38:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/06/04 08:38:21 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/06/04 08:38:21 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/06/04 08:38:21 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/06/04 08:38:21 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/06/04 08:38:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/06/04 08:38:21 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/06/04 08:38:21 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/06/04 08:36:34 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2013/06/04 08:36:34 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msmpeg2vdec.dll
[2013/06/04 08:36:34 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2013/06/04 08:36:34 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msmpeg2vdec.dll
[2013/06/04 08:36:34 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2013/06/04 08:36:34 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/06/04 08:36:34 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10.dll
[2013/06/04 08:36:34 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2013/06/04 08:36:34 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2013/06/04 08:36:34 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013/06/04 08:36:34 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013/06/04 08:36:34 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/06/04 08:36:34 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013/06/04 08:36:34 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxgi.dll
[2013/06/04 08:36:34 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll
[2013/06/04 08:36:34 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10core.dll
[2013/06/04 08:36:34 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecsExt.dll
[2013/06/04 08:36:34 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\UIAnimation.dll
[2013/06/04 08:36:34 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll
[2013/06/04 08:36:34 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\UIAnimation.dll
[2013/06/04 08:36:34 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/06/04 08:36:34 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/06/04 08:36:34 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/06/04 08:36:34 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/06/04 08:36:34 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/06/04 08:36:34 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/06/04 08:36:34 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/06/04 08:36:34 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/06/04 08:36:34 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/06/04 08:36:34 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/06/04 08:36:34 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/06/04 08:36:34 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/06/04 08:36:34 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/06/04 08:36:34 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/06/04 08:36:34 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/06/04 08:36:34 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/06/04 08:36:34 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/06/04 08:36:34 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/06/04 01:34:29 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\isolate.ini
[2013/05/31 14:22:58 | 000,027,474 | ---- | M] () -- C:\Users\Henderson\Desktop\trust.jpg
[2013/05/25 08:09:45 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/20 22:56:52 | 000,000,113 | ---- | C] () -- C:\Users\Henderson\Desktop\White Trader.url
[2013/06/19 02:58:51 | 002,479,018 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
[2013/06/19 02:58:51 | 000,014,818 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\VT20130115.021
[2013/06/17 15:12:40 | 000,002,401 | ---- | C] () -- C:\Users\Henderson\Desktop\Google Chrome.lnk
[2013/06/17 08:35:46 | 000,009,670 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symelam64.cat
[2013/06/17 08:35:46 | 000,008,067 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symnet64.cat
[2013/06/17 08:35:46 | 000,007,667 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.cat
[2013/06/17 08:35:46 | 000,007,593 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\iron.cat
[2013/06/17 08:35:46 | 000,007,589 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\srtspx64.cat
[2013/06/17 08:35:46 | 000,007,587 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symefa64.cat
[2013/06/17 08:35:46 | 000,003,434 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symefa.inf
[2013/06/17 08:35:46 | 000,002,852 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symds.inf
[2013/06/17 08:35:46 | 000,001,440 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symnet.inf
[2013/06/17 08:35:46 | 000,001,437 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\srtsp64.inf
[2013/06/17 08:35:46 | 000,001,420 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\srtspx64.inf
[2013/06/17 08:35:46 | 000,000,996 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symelam.inf
[2013/06/17 08:35:46 | 000,000,853 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.inf
[2013/06/17 08:35:46 | 000,000,767 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\iron.inf
[2013/06/17 08:35:27 | 000,014,818 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symvtcer.dat
[2013/06/17 08:35:27 | 000,008,067 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\srtsp64.cat
[2013/06/17 08:35:27 | 000,008,063 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\symds64.cat
[2013/06/17 08:35:27 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\isolate.ini
[2013/06/12 15:32:15 | 000,000,009 | ---- | C] () -- C:\END
[2013/06/04 08:38:21 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/06/04 08:38:21 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/05/31 14:24:44 | 000,027,474 | ---- | C] () -- C:\Users\Henderson\Desktop\trust.jpg
[2013/05/25 08:11:18 | 000,007,631 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/05/25 08:11:18 | 000,000,854 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/05/25 08:11:13 | 000,002,431 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/11/17 17:04:48 | 000,385,024 | ---- | C] () -- C:\windows\SysWow64\lxddcomx.dll
[2011/11/17 17:04:48 | 000,286,720 | ---- | C] () -- C:\windows\SysWow64\LXDDinst.dll
[2011/11/17 17:04:47 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxddpmui.dll
[2011/11/17 17:04:47 | 000,413,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxddinpa.dll
[2011/11/17 17:04:47 | 000,397,312 | ---- | C] ( ) -- C:\windows\SysWow64\lxddiesc.dll
[2011/11/17 17:04:46 | 001,232,896 | ---- | C] ( ) -- C:\windows\SysWow64\lxddserv.dll
[2011/11/17 17:04:46 | 000,999,424 | ---- | C] ( ) -- C:\windows\SysWow64\lxddusb1.dll
[2011/11/17 17:04:46 | 000,181,168 | ---- | C] ( ) -- C:\windows\SysWow64\lxddppls.exe
[2011/11/17 17:04:46 | 000,163,840 | ---- | C] ( ) -- C:\windows\SysWow64\lxddprox.dll
[2011/11/17 17:04:45 | 000,700,416 | ---- | C] ( ) -- C:\windows\SysWow64\lxddhbn3.dll
[2011/11/17 17:04:45 | 000,585,728 | ---- | C] ( ) -- C:\windows\SysWow64\lxddlmpm.dll
[2011/11/17 17:04:45 | 000,537,520 | ---- | C] ( ) -- C:\windows\SysWow64\lxddcoms.exe
[2011/11/17 17:04:45 | 000,385,968 | ---- | C] ( ) -- C:\windows\SysWow64\lxddih.exe
[2011/11/17 17:04:45 | 000,094,208 | ---- | C] ( ) -- C:\windows\SysWow64\lxddpplc.dll
[2011/11/17 17:04:44 | 000,684,032 | ---- | C] ( ) -- C:\windows\SysWow64\lxddcomc.dll
[2011/11/17 17:04:44 | 000,425,984 | ---- | C] ( ) -- C:\windows\SysWow64\lxddcomm.dll
[2011/11/17 17:04:44 | 000,394,160 | ---- | C] ( ) -- C:\windows\SysWow64\lxddcfg.exe
[2011/07/21 14:04:43 | 000,000,000 | ---- | C] () -- C:\Users\Henderson\AppData\Local\{5C81104D-5EC6-4B9D-815D-548E5CC5C11E}
[2011/06/04 01:12:43 | 000,018,504 | ---- | C] () -- C:\Users\Henderson\LG-systems Inc.ods
[2011/02/19 01:54:42 | 000,001,044 | ---- | C] () -- C:\Users\Henderson\AppData\Roaming\vso_ts_preview.xml
[2011/02/19 01:53:58 | 000,099,384 | ---- | C] () -- C:\Users\Henderson\AppData\Roaming\inst.exe
[2011/02/19 01:53:58 | 000,007,859 | ---- | C] () -- C:\Users\Henderson\AppData\Roaming\pcouffin.cat
[2011/02/19 01:53:58 | 000,001,167 | ---- | C] () -- C:\Users\Henderson\AppData\Roaming\pcouffin.inf
[2011/01/11 12:19:35 | 000,019,791 | ---- | C] () -- C:\Users\Henderson\.recently-used.xbel
[2010/12/17 10:31:57 | 000,000,000 | ---- | C] () -- C:\Users\Henderson\AppData\Roaming\wklnhst.dat
[2010/07/31 11:48:19 | 000,000,017 | ---- | C] () -- C:\Users\Henderson\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"" = C:\Users\HENDER~1\AppData\Local\Temp\sristep\sywqsip\wow64.dll -- [2013/06/04 11:23:11 | 000,002,560 | -HS- | M] ()

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/08/06 10:40:00 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Toshiba
[2012/07/22 15:07:54 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\uTorrent
[2010/12/17 09:29:24 | 000,000,000 | ---D | M] -- C:\Users\Henderson\AppData\Roaming\FixCleaner
[2011/01/10 09:32:41 | 000,000,000 | ---D | M] -- C:\Users\Henderson\AppData\Roaming\gtk-2.0
[2010/05/12 14:28:37 | 000,000,000 | ---D | M] -- C:\Users\Henderson\AppData\Roaming\OpenOffice.org
[2010/07/25 09:09:29 | 000,000,000 | ---D | M] -- C:\Users\Henderson\AppData\Roaming\Quark
[2011/02/18 23:39:25 | 000,000,000 | ---D | M] -- C:\Users\Henderson\AppData\Roaming\Toshiba
[2013/06/23 21:38:55 | 000,000,000 | ---D | M] -- C:\Users\Henderson\AppData\Roaming\uTorrent
[2013/01/19 01:22:24 | 000,000,000 | ---D | M] -- C:\Users\Henderson\AppData\Roaming\Vso
[2010/05/10 12:04:49 | 000,000,000 | ---D | M] -- C:\Users\Henderson\AppData\Roaming\WinBatch
[2010/10/11 19:42:50 | 000,000,000 | ---D | M] -- C:\Users\Henderson\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >


Over Maximum characters so the Extras.txt is in the 2nd reply.
ldydarsheva
Active Member
 
Posts: 10
Joined: June 17th, 2013, 4:30 pm

Re: Possible Malware? DLL initialization routine failed

Unread postby ldydarsheva » June 23rd, 2013, 11:25 pm

Extras.txt:
OTL Extras logfile created on: 6/23/2013 9:49:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Henderson\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 64.08% Memory free
7.68 Gb Paging File | 6.22 Gb Available in Paging File | 81.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.64 Gb Total Space | 186.89 Gb Free Space | 64.97% Space Free | Partition Type: NTFS

Computer Name: ROGERS-PC | User Name: Henderson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1329925755-3460995418-3139510053-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{075CE690-E809-4BDC-868C-09AC100542A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{09148223-FBA7-4DB4-9F07-57EE5C74D25C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0FC0EFDE-7637-4A11-B6EF-CB051D29EE32}" = lport=138 | protocol=17 | dir=in | app=system |
"{2C45DEDB-5E62-47CF-939D-53678C3E43A9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{308CFFDB-0AA5-43BD-B9F5-5306BD160B5E}" = rport=137 | protocol=17 | dir=out | app=system |
"{6EA80DF4-73C9-4A6C-81F6-6056767CDF3D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AA895354-7B1F-48A2-A374-23B322D3A853}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AFB8434B-9515-480B-BE83-001F49BE065D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B1214E3E-C8C6-472E-9EFA-62E1A92EC2D8}" = lport=63532 | protocol=6 | dir=in | name=akamai netsession interface |
"{B1A36229-2AEF-48EC-BC3C-7BCF8F8A64A0}" = rport=139 | protocol=6 | dir=out | app=system |
"{B2242B39-77DD-46D5-AE50-FA2BF5771A37}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B7CAB789-441D-48F0-A1DD-93B6446C078D}" = rport=445 | protocol=6 | dir=out | app=system |
"{BB4D3B96-1B3A-4C51-B2FE-04E247A43859}" = lport=137 | protocol=17 | dir=in | app=system |
"{BF1615CD-5F93-4A83-BCF1-1DF75A05315C}" = lport=445 | protocol=6 | dir=in | app=system |
"{C207BA6E-3403-40E6-AA81-7F33B682FF07}" = rport=138 | protocol=17 | dir=out | app=system |
"{C656758F-49E0-4238-BFB7-FB09FFDBEBE0}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E3174953-2CD0-4972-B05D-6129BB2BF027}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FDE079B9-5A67-4900-8C11-0A4378E0EE76}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052201AD-CD8E-430A-B557-0C620D80006A}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0C8A6D3D-B4EF-4529-9BC2-25646C8DF8C4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0EAFE47A-B5C9-473A-8558-45EC1324530B}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxddcoms.exe |
"{1CC8AD65-B48E-4DF7-903D-2F254235E8D9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1E130B25-5FBF-44A1-9947-43D5AED75312}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxddcoms.exe |
"{2BFF0CF8-1319-4185-BED1-A50DA3B2C9B1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{449081BB-49E5-4D28-BFE3-321370E32D41}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{495C7E22-9C26-470B-A59F-A3E865A56149}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2500 series\app4r.exe |
"{5E75AF03-0800-453A-8DD2-AAF7F6DDA53B}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{66C7D19E-B323-4E09-83C6-6DAA05AFA494}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{69C59BC6-B191-4A0A-AF5E-B8DD647F75C2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7316999F-6F17-482C-9E56-6962DAF9AF7D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8ACDC5EA-8B5E-4EC8-833E-E2C741948BDF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9A89B5C0-98F0-443A-B7ED-91E88A66A184}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A1F66AB2-9502-46A5-A3CF-E3688A951576}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AEC8C550-9FE4-4378-B357-67E6B99E9734}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{B64744F5-F352-4175-BDB8-7853B7362BA8}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2500 series\lxddamon.exe |
"{B700861A-9EEC-4F23-8336-DCAABBC7F361}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B86EA696-F602-4CF2-AA5C-4F647D205DB3}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2500 series\lxddmon.exe |
"{BE9B2FA8-52FA-442A-BBE9-BE2277790046}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2500 series\lxddmon.exe |
"{C0008B54-48D0-4A96-814C-C25B9860A44B}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2500 series\lxddamon.exe |
"{DA19CCC5-3221-4C81-AD24-B93B364A3589}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2500 series\app4r.exe |
"{DB3B0680-B45D-43F6-A000-6532A8B6C207}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E305ED89-EFF3-4039-939C-2CC52690A305}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED7023AE-B22C-41B2-B2B9-BB210B17098F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED8D7B27-B9C0-4AC9-92B3-1013D0236E5D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F9D7945D-11B8-44DE-B728-A7ECBDD0E9BA}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{344FD21B-CF4F-48FD-B40C-15F959705FDD}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{AC24BD12-C644-4088-AC3C-D4EA8BB4119A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{BBFD0A82-C00C-47C8-87AB-65C92398D1B2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{30C928D0-98B3-48E1-ACAE-48A9510C490C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{A4BDA64D-A336-4869-9460-AB9FA9FC025A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{DDE03D9D-D5BA-4198-B410-93D758124C91}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy Software Installer
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.1.98
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.12.352
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Best Buy Software Installer" = Best Buy Software Installer
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
"NIS" = Norton Internet Security
"Picasa 3" = Picasa 3
"TelevisionFanaticbar Uninstall" = TelevisionFanatic
"The Weather Channel App" = The Weather Channel App
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"VSO Burning SDK_is1" = VSO Burning SDK 4.0.21.489
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1329925755-3460995418-3139510053-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/16/2013 9:49:59 PM | Computer Name = Rogers-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 94c Start
Time: 01ce6afc85f3dab3 Termination Time: 88 Application Path: C:\windows\Explorer.EXE

Report
Id: eab2175e-d6ef-11e2-b951-705ab68515d1

Error - 6/16/2013 9:50:14 PM | Computer Name = Rogers-PC | Source = Application Hang | ID = 1002
Description = The program TWCApp.exe version 7.5.2.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: ac8 Start Time:
01ce6afc8a60e9b5 Termination Time: 61 Application Path: C:\Program Files (x86)\The
Weather Channel\The Weather Channel App\TWCApp.exe Report Id:

Error - 6/16/2013 11:32:46 PM | Computer Name = Rogers-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: a78 Start
Time: 01ce6b0b14dc204c Termination Time: 53 Application Path: C:\windows\Explorer.EXE

Report
Id: 8cf4aae4-d6fe-11e2-b9a3-705ab68515d1

Error - 6/16/2013 11:42:23 PM | Computer Name = Rogers-PC | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 122c Start
Time: 01ce6b0b55a1d408 Termination Time: 58 Application Path: C:\windows\explorer.exe

Report
Id: e713929e-d6ff-11e2-b9a3-705ab68515d1

Error - 6/16/2013 11:53:37 PM | Computer Name = Rogers-PC | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1120 Start
Time: 01ce6b0cad5b4b87 Termination Time: 41 Application Path: C:\windows\explorer.exe

Report
Id: 7933b176-d701-11e2-b9a3-705ab68515d1

Error - 6/17/2013 12:11:59 AM | Computer Name = Rogers-PC | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 99c Start
Time: 01ce6b0e3ef19eea Termination Time: 63 Application Path: C:\windows\explorer.exe

Report
Id: 061b2c86-d704-11e2-b9a3-705ab68515d1

Error - 6/17/2013 4:16:58 PM | Computer Name = Rogers-PC | Source = Application Hang | ID = 1002
Description = The program TWCApp.exe version 7.5.2.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: ae4 Start Time:
01ce6b96ffb4d013 Termination Time: 32 Application Path: C:\Program Files (x86)\The
Weather Channel\The Weather Channel App\TWCApp.exe Report Id:

Error - 6/17/2013 4:17:15 PM | Computer Name = Rogers-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 9e0 Start
Time: 01ce6b96fe54f161 Termination Time: 32 Application Path: C:\windows\Explorer.EXE

Report
Id: e0e115e4-d78a-11e2-879f-705ab68515d1

Error - 6/19/2013 4:01:42 AM | Computer Name = Rogers-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ad4 Start
Time: 01ce6cc30822c43e Termination Time: 172 Application Path: C:\windows\Explorer.EXE

Report
Id: 6bfa046c-d8b6-11e2-b960-705ab68515d1

Error - 6/23/2013 10:42:10 PM | Computer Name = Rogers-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: b24 Start
Time: 01ce7084414d88db Termination Time: 20 Application Path: C:\windows\Explorer.EXE

Report
Id: 9bb40b91-dc77-11e2-89ba-705ab68515d1

[ Media Center Events ]
Error - 3/9/2013 1:06:49 AM | Computer Name = Rogers-PC | Source = MCUpdate | ID = 0
Description = 11:06:44 PM - Error connecting to the internet. 11:06:44 PM - Unable
to contact server..

Error - 3/9/2013 11:23:45 AM | Computer Name = Rogers-PC | Source = MCUpdate | ID = 0
Description = 9:23:44 AM - Error connecting to the internet. 9:23:44 AM - Unable
to contact server..

Error - 6/10/2013 9:33:01 PM | Computer Name = Rogers-PC | Source = MCUpdate | ID = 0
Description = 8:33:01 PM - Error connecting to the internet. 8:33:01 PM - Unable
to contact server..

Error - 6/10/2013 9:33:36 PM | Computer Name = Rogers-PC | Source = MCUpdate | ID = 0
Description = 8:33:30 PM - Error connecting to the internet. 8:33:30 PM - Unable
to contact server..

Error - 6/10/2013 10:34:29 PM | Computer Name = Rogers-PC | Source = MCUpdate | ID = 0
Description = 9:34:29 PM - Error connecting to the internet. 9:34:29 PM - Unable
to contact server..

Error - 6/10/2013 10:34:59 PM | Computer Name = Rogers-PC | Source = MCUpdate | ID = 0
Description = 9:34:58 PM - Error connecting to the internet. 9:34:58 PM - Unable
to contact server..

Error - 6/10/2013 11:35:50 PM | Computer Name = Rogers-PC | Source = MCUpdate | ID = 0
Description = 10:35:50 PM - Error connecting to the internet. 10:35:50 PM - Unable
to contact server..

Error - 6/10/2013 11:36:20 PM | Computer Name = Rogers-PC | Source = MCUpdate | ID = 0
Description = 10:36:19 PM - Error connecting to the internet. 10:36:19 PM - Unable
to contact server..

Error - 6/14/2013 10:30:11 AM | Computer Name = Rogers-PC | Source = MCUpdate | ID = 0
Description = 9:29:16 AM - Failed to retrieve SportsSchedule (Error: The request
failed with HTTP status 403: Forbidden.)

Error - 6/14/2013 11:30:19 AM | Computer Name = Rogers-PC | Source = MCUpdate | ID = 0
Description = 10:30:16 AM - Failed to retrieve SportsSchedule (Error: The request
failed with HTTP status 403: Forbidden.)

[ System Events ]
Error - 6/14/2013 8:56:43 AM | Computer Name = Rogers-PC | Source = DCOM | ID = 10016
Description =

Error - 6/14/2013 8:56:52 AM | Computer Name = Rogers-PC | Source = DCOM | ID = 10016
Description =

Error - 6/14/2013 8:56:57 AM | Computer Name = Rogers-PC | Source = DCOM | ID = 10016
Description =

Error - 6/14/2013 8:57:01 AM | Computer Name = Rogers-PC | Source = DCOM | ID = 10016
Description =

Error - 6/14/2013 8:57:01 AM | Computer Name = Rogers-PC | Source = DCOM | ID = 10016
Description =

Error - 6/14/2013 8:57:04 AM | Computer Name = Rogers-PC | Source = DCOM | ID = 10016
Description =

Error - 6/14/2013 8:57:15 AM | Computer Name = Rogers-PC | Source = DCOM | ID = 10016
Description =

Error - 6/19/2013 3:57:55 AM | Computer Name = Rogers-PC | Source = DCOM | ID = 10005
Description =

Error - 6/19/2013 3:57:55 AM | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%50 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 6/19/2013 3:57:55 AM | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069


< End of report >
ldydarsheva
Active Member
 
Posts: 10
Joined: June 17th, 2013, 4:30 pm

Re: Possible Malware? DLL initialization routine failed

Unread postby askey127 » June 24th, 2013, 6:36 am

ldydarsheva,
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

TelevisionFanatic

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    SRV - [2011/05/30 12:59:36 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe -- (TelevisionFanaticService)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor= {searchTerms}
    IE - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
    IE - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000\..\SearchScopes\{97749830-5D95-488A-8633-70613E503E4E}: "URL" = http://search.conduit.com/ResultsExt.aspx?q= {searchTerms}&SearchSource=4&ctid=CT3292716&CUI=UN29676081345624894&UM=2
    IE - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor= {searchTerms}
    IE - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000\..\SearchScopes\{E61E72F3-8DE8-4E4F-8936-F8D5405DFA26}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q= {searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=69F871C1-C3A4-4555-8C4A-D62CCB05FA6F&apn_sauid=87D8B03D-3026-4FEF-B4B1-F78F22DC7578
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\64ffxtbr@TelevisionFanatic.com: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin [2011/10/21 07:14:29 | 000,000,000 | ---D | M]
    [2011/10/21 07:14:31 | 000,000,000 | ---D | M] (TelevisionFanatic) -- C:\Users\Henderson\AppData\Roaming\mozilla\Firefox\Profiles\m7invvx1.default\extensions\64ffxtbr@TelevisionFanatic.com
    CHR - homepage: http://search.conduit.com/?ctid=CT32927 ... 26625&UM=2
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Search Assistant BHO) - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (COMPANYVERS_NAME)
    O2 - BHO: (Toolbar BHO) - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (TelevisionFanatic) - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1329925755-3460995418-3139510053-1000\..\Toolbar\WebBrowser: (TelevisionFanatic) - {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
    O4 - HKLM..\Run: [TelevisionFanatic Browser Plugin Loader] C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe (VER_COMPANY_NAME)
    
    :Files
    C:\Program Files (x86)\Conduit
    C:\Users\Henderson\AppData\Local\Conduit
    C:\Users\Guest\AppData\Roaming\uTorrent
    C:\Users\Henderson\AppData\Roaming\uTorrent
    C:\Users\Henderson\AppData\Roaming\FixCleaner
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    The FIX log file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
----------------------------------------------
After posting the Resulting log, Please Rescan as follows:
Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possible Malware? DLL initialization routine failed

Unread postby ldydarsheva » June 27th, 2013, 12:21 am

FIX log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named TelevisionFanaticService was found to stop!
Service\Driver key TelevisionFanaticService not found.
File C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe not found.
Service YahooAUService stopped successfully!
Service YahooAUService deleted successfully!
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry value HKEY_USERS\S-1-5-21-1329925755-3460995418-3139510053-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0696f815-a3a9-490a-bb14-9ec3350b1276} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276}\ not found.
Registry key HKEY_USERS\S-1-5-21-1329925755-3460995418-3139510053-1000\Software\Microsoft\Internet Explorer\SearchScopes\{97749830-5D95-488A-8633-70613E503E4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97749830-5D95-488A-8633-70613E503E4E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1329925755-3460995418-3139510053-1000\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_USERS\S-1-5-21-1329925755-3460995418-3139510053-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E61E72F3-8DE8-4E4F-8936-F8D5405DFA26}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E61E72F3-8DE8-4E4F-8936-F8D5405DFA26}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin\ not found.
File C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\64ffxtbr@TelevisionFanatic.com not found.
File C:\Program Files (x86)\TelevisionFanatic\bar\1.bin not found.
Folder C:\Users\Henderson\AppData\Roaming\mozilla\Firefox\Profiles\m7invvx1.default\extensions\64ffxtbr@TelevisionFanatic.com\ not found.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d79f641-c168-40df-a32f-bacea7509e75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d79f641-c168-40df-a32f-bacea7509e75}\ not found.
File C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}\ not found.
File C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c98d5b61-b0ea-4d48-9839-1079d352d880} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c98d5b61-b0ea-4d48-9839-1079d352d880}\ not found.
File C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1329925755-3460995418-3139510053-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C98D5B61-B0EA-4D48-9839-1079D352D880} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C98D5B61-B0EA-4D48-9839-1079D352D880}\ not found.
File C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TelevisionFanatic Browser Plugin Loader not found.
File C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe not found.
========== FILES ==========
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\Users\Henderson\AppData\Local\Conduit folder moved successfully.
C:\Users\Guest\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Guest\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Guest\AppData\Roaming\uTorrent folder moved successfully.
C:\Users\Henderson\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Henderson\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Henderson\AppData\Roaming\uTorrent folder moved successfully.
C:\Users\Henderson\AppData\Roaming\FixCleaner\Results folder moved successfully.
C:\Users\Henderson\AppData\Roaming\FixCleaner\QuarantineW\2010-12-17 08-29-240 folder moved successfully.
C:\Users\Henderson\AppData\Roaming\FixCleaner\QuarantineW folder moved successfully.
C:\Users\Henderson\AppData\Roaming\FixCleaner\PCOBackups folder moved successfully.
C:\Users\Henderson\AppData\Roaming\FixCleaner\Logs folder moved successfully.
C:\Users\Henderson\AppData\Roaming\FixCleaner folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Henderson\Desktop\cmd.bat deleted successfully.
C:\Users\Henderson\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: Henderson
->Java cache emptied: 105638 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 41847 bytes

User: Henderson
->Flash cache emptied: 15730 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 38023123 bytes
->Temporary Internet Files folder emptied: 628545551 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Henderson
->Temp folder emptied: 494272047 bytes
->Temporary Internet Files folder emptied: 330614022 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5512112 bytes
->Google Chrome cache emptied: 1905008 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 989993116 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67624 bytes
RecycleBin emptied: 1646641 bytes

Total Files Cleaned = 2,375.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06262013_225256

Files\Folders moved on Reboot...
C:\Users\Henderson\AppData\Local\Temp\Low\~DFDF9F735881C03A95.TMP moved successfully.
C:\Users\Henderson\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Henderson\AppData\Local\Temp\~DF014F66FAC4D99B30.TMP not found!
File\Folder C:\Users\Henderson\AppData\Local\Temp\~DF10A3A5972ADB41CE.TMP not found!
File\Folder C:\Users\Henderson\AppData\Local\Temp\~DF3BD28D978083D37A.TMP not found!
File\Folder C:\Users\Henderson\AppData\Local\Temp\~DFB51A54283A328FD3.TMP not found!
File\Folder C:\Users\Henderson\AppData\Local\Temp\~DFCA69E4A17DAADD81.TMP not found!
File\Folder C:\Users\Henderson\AppData\Local\Temp\~DFEE40B260F94FD6C1.TMP not found!
File\Folder C:\Users\Henderson\AppData\Local\Temp\~DFF1E4A3C4C566EE38.TMP not found!
File\Folder C:\Users\Henderson\AppData\Local\Temp\~DFF82AF009AD94A680.TMP not found!
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQ13PGAJ\si[1].htm moved successfully.
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQ13PGAJ\viewtopic[1].htm moved successfully.
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PQPY9MPD\sh119[1].htm moved successfully.
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PQPY9MPD\sh119[2].htm moved successfully.
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PQPY9MPD\zrt_lookup[1].htm moved successfully.
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6B65V70N\frame[2].htm moved successfully.
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\30YNJBGL\rsa[1].htm moved successfully.
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2JZIIQOA\ads[6].htm moved successfully.
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2JZIIQOA\DroidSans[1].woff moved successfully.
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1V1D569L\red_pjson[1].js moved successfully.
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
ldydarsheva
Active Member
 
Posts: 10
Joined: June 17th, 2013, 4:30 pm

Re: Possible Malware? DLL initialization routine failed

Unread postby ldydarsheva » June 27th, 2013, 12:38 am

OTL quick scan log:

OTL logfile created on: 6/26/2013 11:22:45 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Henderson\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 59.68% Memory free
7.68 Gb Paging File | 6.15 Gb Available in Paging File | 80.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.64 Gb Total Space | 190.53 Gb Free Space | 66.24% Space Free | Partition Type: NTFS

Computer Name: ROGERS-PC | User Name: Henderson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/23 21:43:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Henderson\Desktop\OTL.exe
PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/02/12 06:26:59 | 013,102,080 | ---- | M] (The Weather Channel) -- C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
PRC - [2009/07/14 21:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
PRC - [2009/04/27 14:37:18 | 000,025,256 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe
PRC - [2009/04/27 14:37:16 | 000,291,496 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe
PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2009/01/13 23:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/16 10:08:48 | 018,080,256 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\be692307d47b83000bba8bb6b484aff0\System.ServiceModel.ni.dll
MOD - [2013/05/16 10:06:52 | 000,189,440 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\8ebc2c39ce8bdb20e3a463391aac936c\System.Windows.Input.Manipulations.ni.dll
MOD - [2013/05/16 10:06:40 | 001,021,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/05/16 10:06:39 | 002,647,040 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll
MOD - [2013/05/16 10:06:36 | 000,393,216 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8732d692f02402dbd81280b0d3c4f6a9\System.Xml.Linq.ni.dll
MOD - [2013/05/16 10:06:04 | 001,880,576 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\17ec73d37a1405aa495cd114bdbf660f\System.Deployment.ni.dll
MOD - [2013/05/16 09:33:02 | 018,002,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll
MOD - [2013/05/16 09:33:01 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013/05/16 09:32:33 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013/05/16 09:32:28 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll
MOD - [2013/05/16 09:32:17 | 007,069,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll
MOD - [2013/05/16 09:32:11 | 003,858,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll
MOD - [2013/05/16 09:24:56 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/16 09:24:12 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/01/10 04:35:12 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 04:34:33 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 04:34:11 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 04:34:06 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 04:33:55 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/10 04:29:22 | 000,196,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\00b3e4fe5239ad310594f6a6ea0951da\UIAutomationTypes.ni.dll
MOD - [2013/01/10 04:29:22 | 000,096,768 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll
MOD - [2013/01/10 04:29:08 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 04:29:03 | 000,143,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013/01/10 04:28:34 | 001,801,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013/01/10 04:13:19 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/10 04:13:16 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 04:13:15 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/10 04:12:58 | 009,094,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/10 04:12:51 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
MOD - [2010/06/01 11:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2009/04/27 14:37:18 | 000,025,256 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe
MOD - [2009/04/27 14:37:16 | 000,291,496 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe
MOD - [2008/05/16 13:35:22 | 000,040,960 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\App4R.Monitor.Core.dll
MOD - [2008/05/16 13:35:22 | 000,028,672 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\App4R.Monitor.Common.dll
MOD - [2008/05/16 13:34:18 | 000,057,344 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll
MOD - [2007/04/30 09:20:26 | 000,011,776 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
MOD - [2007/04/30 09:19:52 | 000,020,480 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll
MOD - [2007/04/30 09:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll
MOD - [2007/03/06 09:16:48 | 000,589,824 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxdddatr.dll
MOD - [2007/01/09 18:10:06 | 000,278,528 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddscw.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/08/21 11:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/03 21:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/18 21:07:52 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/17 12:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 21:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/14 21:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/17 18:37:18 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/23 00:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/21 00:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/16 00:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/24 19:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 21:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/03/04 20:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/04 20:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/17 10:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/19 01:53:58 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 01:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009/08/27 10:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/20 18:04:06 | 000,446,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 23:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 19:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/24 17:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 19:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/11/11 14:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 14:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64gps.sys -- (UsbGps)
DRV:64bit: - [2008/11/11 14:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 14:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV - [2013/05/31 11:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130620.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/05/24 17:24:40 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130626.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/05/24 01:00:00 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130626.017\ex64.sys -- (NAVEX15)
DRV - [2013/05/24 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/05/24 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/05/24 01:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130626.017\eng64.sys -- (NAVENG)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {51B7A03F-BF5D-4EC3-B3CC-7B181277942F}
IE:64bit: - HKLM\..\SearchScopes\{51B7A03F-BF5D-4EC3-B3CC-7B181277942F}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {97749830-5D95-488A-8633-70613E503E4E}
IE - HKLM\..\SearchScopes\{CBD433A0-16A2-4263-B463-A379058F6324}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {51B7A03F-BF5D-4EC3-B3CC-7B181277942F}
IE - HKCU\..\SearchScopes\{55F52A1A-E62F-432F-8BEA-C43BA37D5BCC}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{714E246D-F72D-48E6-97A4-2BF83AD9EBDF}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{C6655417-5559-42AB-ADBD-5CCE5F1EFD1E}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKCU\..\SearchScopes\{CBD433A0-16A2-4263-B463-A379058F6324}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS379US379
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.defaultengine: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Henderson\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Henderson\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\ [2013/06/26 23:18:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFFPlgn\ [2013/05/25 08:11:42 | 000,000,000 | ---D | M]

[2010/12/12 21:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Henderson\AppData\Roaming\mozilla\Extensions
[2013/06/26 22:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Henderson\AppData\Roaming\mozilla\Firefox\Profiles\m7invvx1.default\extensions
[2011/08/23 22:16:36 | 000,002,333 | ---- | M] () -- C:\Users\Henderson\AppData\Roaming\mozilla\firefox\profiles\m7invvx1.default\searchplugins\askcom.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.conduit.com/?ctid=CT32927 ... 26625&UM=2
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Henderson\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Henderson\AppData\Local\Google\Chrome\Application\27.0.1453.110\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Henderson\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2010/08/22 09:59:46 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [lxddamon] C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKCU..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKCU..\Run: [DW7] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AAC1865-70C9-4D56-A74C-C1609AA0102E}: DhcpNameServer = 8.8.8.8 8.8.4.4 4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3DEC357-4DED-4D5D-9782-5CCD32F770A4}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b5e50ae8-7a86-11e2-951b-705ab68515d1}\Shell - "" = AutoRun
O33 - MountPoints2\{b5e50ae8-7a86-11e2-951b-705ab68515d1}\Shell\AutoRun\command - "" = E:\TLBootstrap_WPP.exe
O33 - MountPoints2\{b5e50ae9-7a86-11e2-951b-705ab68515d1}\Shell - "" = AutoRun
O33 - MountPoints2\{b5e50ae9-7a86-11e2-951b-705ab68515d1}\Shell\AutoRun\command - "" = F:\TLBootstrap_WPP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/26 22:52:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/23 21:43:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Henderson\Desktop\OTL.exe
[2013/06/23 21:37:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/06/19 03:53:54 | 000,000,000 | ---D | C] -- C:\Users\Henderson\AppData\Local\{B04F9425-4B2F-4100-92A1-DDC706DABB2F}
[2013/06/12 15:32:43 | 000,000,000 | ---D | C] -- C:\Users\Henderson\AppData\Local\CRE
[2013/06/12 15:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media
[2013/06/12 05:19:25 | 000,000,000 | ---D | C] -- C:\Users\Henderson\AppData\Local\{2FB7968F-7915-4FF5-8E4C-2AAD04A4AFD5}
[2013/06/08 22:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/02/19 01:53:58 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Henderson\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/06/26 23:26:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/26 23:23:04 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/26 23:23:04 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/26 23:15:51 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/26 23:15:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/06/26 23:15:19 | 3092,942,848 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/26 23:13:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/06/26 23:00:04 | 000,000,924 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1329925755-3460995418-3139510053-1000UA.job
[2013/06/26 22:41:34 | 000,041,535 | ---- | M] () -- C:\Users\Henderson\Documents\2013 payment spreadsheet for car.ods
[2013/06/26 22:41:19 | 000,000,201 | ---- | M] () -- C:\windows\wininit.ini
[2013/06/26 07:00:00 | 000,000,872 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1329925755-3460995418-3139510053-1000Core.job
[2013/06/23 21:43:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Henderson\Desktop\OTL.exe
[2013/06/20 22:56:52 | 000,000,113 | ---- | M] () -- C:\Users\Henderson\Desktop\White Trader.url
[2013/06/20 14:04:13 | 000,002,401 | ---- | M] () -- C:\Users\Henderson\Desktop\Google Chrome.lnk
[2013/06/19 03:00:11 | 000,002,431 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/06/19 02:59:48 | 002,479,018 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
[2013/06/19 02:58:51 | 000,014,818 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\VT20130115.021
[2013/06/17 18:37:18 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/06/17 18:37:18 | 000,007,631 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/06/17 18:37:18 | 000,000,854 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/06/14 08:03:59 | 000,779,306 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/06/14 08:03:59 | 000,660,546 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/06/14 08:03:59 | 000,121,442 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/06/12 15:33:42 | 000,000,009 | ---- | M] () -- C:\END
[2013/06/04 08:38:21 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/06/04 08:38:21 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/06/04 01:34:29 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\isolate.ini
[2013/05/31 14:22:58 | 000,027,474 | ---- | M] () -- C:\Users\Henderson\Desktop\trust.jpg

========== Files Created - No Company Name ==========

[2013/06/26 22:41:19 | 000,161,760 | ---- | C] () -- C:\Program Files (x86)\64res.dll
[2013/06/20 22:56:52 | 000,000,113 | ---- | C] () -- C:\Users\Henderson\Desktop\White Trader.url
[2013/06/17 15:12:40 | 000,002,401 | ---- | C] () -- C:\Users\Henderson\Desktop\Google Chrome.lnk
[2013/06/12 15:32:15 | 000,000,009 | ---- | C] () -- C:\END
[2013/06/04 08:38:21 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/06/04 08:38:21 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/05/31 14:24:44 | 000,027,474 | ---- | C] () -- C:\Users\Henderson\Desktop\trust.jpg
[2011/11/17 17:04:48 | 000,385,024 | ---- | C] () -- C:\windows\SysWow64\lxddcomx.dll
[2011/11/17 17:04:48 | 000,286,720 | ---- | C] () -- C:\windows\SysWow64\LXDDinst.dll
[2011/11/17 17:04:47 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxddpmui.dll
[2011/11/17 17:04:47 | 000,413,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxddinpa.dll
[2011/11/17 17:04:47 | 000,397,312 | ---- | C] ( ) -- C:\windows\SysWow64\lxddiesc.dll
[2011/11/17 17:04:46 | 001,232,896 | ---- | C] ( ) -- C:\windows\SysWow64\lxddserv.dll
[2011/11/17 17:04:46 | 000,999,424 | ---- | C] ( ) -- C:\windows\SysWow64\lxddusb1.dll
[2011/11/17 17:04:46 | 000,181,168 | ---- | C] ( ) -- C:\windows\SysWow64\lxddppls.exe
[2011/11/17 17:04:46 | 000,163,840 | ---- | C] ( ) -- C:\windows\SysWow64\lxddprox.dll
[2011/11/17 17:04:45 | 000,700,416 | ---- | C] ( ) -- C:\windows\SysWow64\lxddhbn3.dll
[2011/11/17 17:04:45 | 000,585,728 | ---- | C] ( ) -- C:\windows\SysWow64\lxddlmpm.dll
[2011/11/17 17:04:45 | 000,537,520 | ---- | C] ( ) -- C:\windows\SysWow64\lxddcoms.exe
[2011/11/17 17:04:45 | 000,385,968 | ---- | C] ( ) -- C:\windows\SysWow64\lxddih.exe
[2011/11/17 17:04:45 | 000,094,208 | ---- | C] ( ) -- C:\windows\SysWow64\lxddpplc.dll
[2011/11/17 17:04:44 | 000,684,032 | ---- | C] ( ) -- C:\windows\SysWow64\lxddcomc.dll
[2011/11/17 17:04:44 | 000,425,984 | ---- | C] ( ) -- C:\windows\SysWow64\lxddcomm.dll
[2011/11/17 17:04:44 | 000,394,160 | ---- | C] ( ) -- C:\windows\SysWow64\lxddcfg.exe
[2011/07/21 14:04:43 | 000,000,000 | ---- | C] () -- C:\Users\Henderson\AppData\Local\{5C81104D-5EC6-4B9D-815D-548E5CC5C11E}
[2011/06/04 01:12:43 | 000,018,504 | ---- | C] () -- C:\Users\Henderson\LG-systems Inc.ods
[2011/02/19 01:54:42 | 000,001,044 | ---- | C] () -- C:\Users\Henderson\AppData\Roaming\vso_ts_preview.xml
[2011/02/19 01:53:58 | 000,099,384 | ---- | C] () -- C:\Users\Henderson\AppData\Roaming\inst.exe
[2011/02/19 01:53:58 | 000,007,859 | ---- | C] () -- C:\Users\Henderson\AppData\Roaming\pcouffin.cat
[2011/02/19 01:53:58 | 000,001,167 | ---- | C] () -- C:\Users\Henderson\AppData\Roaming\pcouffin.inf
[2011/01/11 12:19:35 | 000,019,791 | ---- | C] () -- C:\Users\Henderson\.recently-used.xbel
[2010/12/17 10:31:57 | 000,000,000 | ---- | C] () -- C:\Users\Henderson\AppData\Roaming\wklnhst.dat
[2010/07/31 11:48:19 | 000,000,017 | ---- | C] () -- C:\Users\Henderson\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"" = C:\Users\HENDER~1\AppData\Local\Temp\sristep\sywqsip\wow64.dll -- [2013/06/04 11:23:11 | 000,002,560 | -HS- | M] ()

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/01/10 09:32:41 | 000,000,000 | ---D | M] -- C:\Users\Henderson\AppData\Roaming\gtk-2.0
[2010/05/12 14:28:37 | 000,000,000 | ---D | M] -- C:\Users\Henderson\AppData\Roaming\OpenOffice.org
[2010/07/25 09:09:29 | 000,000,000 | ---D | M] -- C:\Users\Henderson\AppData\Roaming\Quark
[2011/02/18 23:39:25 | 000,000,000 | ---D | M] -- C:\Users\Henderson\AppData\Roaming\Toshiba
[2013/01/19 01:22:24 | 000,000,000 | ---D | M] -- C:\Users\Henderson\AppData\Roaming\Vso
[2010/05/10 12:04:49 | 000,000,000 | ---D | M] -- C:\Users\Henderson\AppData\Roaming\WinBatch
[2010/10/11 19:42:50 | 000,000,000 | ---D | M] -- C:\Users\Henderson\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
ldydarsheva
Active Member
 
Posts: 10
Joined: June 17th, 2013, 4:30 pm

Re: Possible Malware? DLL initialization routine failed

Unread postby askey127 » June 27th, 2013, 7:21 am

Idydarsheva,
Set a new home page for Chrome after this. Google or Bing or something.
Stay away from Conduit.com and the Conduit search.
It will load up the machine with junk.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    [2011/08/23 22:16:36 | 000,002,333 | ---- | M] () -- C:\Users\Henderson\AppData\Roaming\mozilla\firefox\profiles\m7invvx1.default\searchplugins\askcom.xml
    CHR - homepage: http://search.conduit.com/?ctid=CT32927 ... 26625&UM=2
    :Services
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that FIX log file and post it in your next reply.
    The FIX log file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 11.0.03 are vulnerable.
Go HERE to download AdbeRdr11003_en_US.exe
Save the file to your desktop and run it to install the latest version of Adobe Reader.
After the new Reader is installed, Open Adobe Reader XI, as it is called, and OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category
Uncheck Automatically trust sites from my Win OS security zones, and under Protected View, click on Files from potentially unsafe locations.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it asks if you are sure you want to make changes to Advanced Security Preferences, answer Yes.
When it finishes, you can remove the Installer from your desktop.

Tell me how it's running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possible Malware? DLL initialization routine failed

Unread postby ldydarsheva » June 27th, 2013, 11:42 pm

Yeah I currently have the homepage as google. As soon as I realized it was changed to something else I changed it back. Then at one point I noticed it changed back to the Conduit.com I don't know how or what changed it but as soon as I noticed it I changed it back to google. I've just been going to the Tools > Internet Options and changing it in the homepage box. Is there another way I should be doing it?

Fix Log:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\Henderson\AppData\Roaming\mozilla\firefox\profiles\m7invvx1.default\searchplugins\askcom.xml moved successfully.
Use Chrome's Settings page to change the HomePage.
========== SERVICES/DRIVERS ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Henderson\Desktop\cmd.bat deleted successfully.
C:\Users\Henderson\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Henderson
->Temp folder emptied: 164932 bytes
->Temporary Internet Files folder emptied: 4923374 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06272013_215028

Files\Folders moved on Reboot...
C:\Users\Henderson\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Henderson\AppData\Local\Temp\~DF0BCDD5D3A1E8141A.TMP not found!
File\Folder C:\Users\Henderson\AppData\Local\Temp\~DF170C0B0BC5439771.TMP not found!
File\Folder C:\Users\Henderson\AppData\Local\Temp\~DF1CC5A4815B369CA5.TMP not found!
File\Folder C:\Users\Henderson\AppData\Local\Temp\~DF1D060CFC1ABC2216.TMP not found!
File\Folder C:\Users\Henderson\AppData\Local\Temp\~DF2EAB40CA0548E53B.TMP not found!
File\Folder C:\Users\Henderson\AppData\Local\Temp\~DF7AB1C528CD406617.TMP not found!
File\Folder C:\Users\Henderson\AppData\Local\Temp\~DF9A98FE86F98F082C.TMP not found!
File\Folder C:\Users\Henderson\AppData\Local\Temp\~DFF27030CC36348084.TMP not found!
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RKALJTGN\viewtopic[3].htm moved successfully.
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q4DYBPTR\ads[1].htm moved successfully.
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q4DYBPTR\DroidSans[1].woff moved successfully.
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q4DYBPTR\frame[2].htm moved successfully.
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q4DYBPTR\zrt_lookup[1].htm moved successfully.
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IBCI9HOM\sh119[1].htm moved successfully.
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IBCI9HOM\sh119[2].htm moved successfully.
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IBCI9HOM\si[1].htm moved successfully.
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Henderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



I'm still receiving a RunDLL error that says There was a problem starting C:\Users\HENDER~1\AppData\Local\Temp\sristep\sywqsip\wow.dll The specified module could not be found.
When ever I log onto the computer or right click on something.
ldydarsheva
Active Member
 
Posts: 10
Joined: June 17th, 2013, 4:30 pm

Re: Possible Malware? DLL initialization routine failed

Unread postby askey127 » June 28th, 2013, 11:47 am

ldydarsheva,
---------------------------------------------
Please download SystemLook from the link below and save it to your Desktop.
Download Mirror #2 (64-bit)

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    wow.dll
    
    :regfind
    wow.dll
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt
------------------------------------------------------------
Run the Farbar Recovery Scanner Tool
Download FRST.exe from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Double-click to run it. When the tool opens, click Yes to the disclaimer.
  • Make sure all six boxes under Whitelist are checked, and also check the box under Optional Scan labeled Addition.txt.
  • Click the Scan button.
  • It will generate a log (FRST.txt) in the same directory from which the tool is run.
  • Please copy and paste the contents of FRST.txt in your reply.
  • It also will make a second log, named Addition.txt. Please paste the contents of that log as well.
Use separate replies if more convenient.

So we are looking for the SystemLook.txt log and the two logs from FRST.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possible Malware? DLL initialization routine failed

Unread postby ldydarsheva » June 28th, 2013, 2:17 pm

SystemLook Log:
SystemLook 04.09.10 by jpshortstuff
Log created at 13:01 on 28/06/2013 by Henderson
Administrator - Elevation successful

========== filefind ==========

Searching for "wow.dll"
No files found.

========== regfind ==========

Searching for "wow.dll"
No data found.

-= EOF =-



FRST Log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2013
Ran by Henderson (administrator) on 28-06-2013 13:13:21
Running from C:\Users\Henderson\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(The Weather Channel) C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
() C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe
() C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
() C:\Users\Henderson\Desktop\SystemLook_x64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] [x]
HKLM\...\Run: [IgfxTray] "C:\windows\system32\igfxtray.exe" [165912 2009-09-02] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] "C:\windows\system32\hkcmd.exe" [387608 2009-09-02] (Intel Corporation)
HKLM\...\Run: [Persistence] "C:\windows\system32\igfxpers.exe" [365592 2009-09-02] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] "C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKCU\...\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet [5252408 2010-06-01] (Yahoo! Inc.)
HKCU\...\Run: [Google Update] "C:\Users\Henderson\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-12-07] (Google Inc.)
HKCU\...\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [x]
HKCU\...\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [13102080 2013-02-12] (The Weather Channel)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\HENDER~1\AppData\Local\Temp\sristep\sywqsip\wow64.dll ATTENTION! ====> ZeroAccess
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableRegedit] 0
MountPoints2: {b5e50ae8-7a86-11e2-951b-705ab68515d1} - E:\TLBootstrap_WPP.exe
MountPoints2: {b5e50ae9-7a86-11e2-951b-705ab68515d1} - F:\TLBootstrap_WPP.exe
HKLM-x32\...\Run: [SVPWUTIL] "C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL [352256 2009-08-12] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [lxddmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe" [291496 2009-04-27] ()
HKLM-x32\...\Run: [lxddamon] "C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe" [25256 2009-04-27] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Guest\...\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [x]
HKU\Guest\...\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [13102080 2013-02-12] (The Weather Channel)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKLM-x32 SearchScopes: DefaultScope {97749830-5D95-488A-8633-70613E503E4E} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKCU SearchScopes: DefaultScope {51B7A03F-BF5D-4EC3-B3CC-7B181277942F} URL =
SearchScopes: HKCU - {51B7A03F-BF5D-4EC3-B3CC-7B181277942F} URL =
SearchScopes: HKCU - {55F52A1A-E62F-432F-8BEA-C43BA37D5BCC} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {714E246D-F72D-48E6-97A4-2BF83AD9EBDF} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: msdaipp - No CLSID Value -
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Henderson\AppData\Roaming\Mozilla\Firefox\Profiles\m7invvx1.default
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=ffds1&p=
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://www.yahoo.com
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Henderson\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFFPlgn\

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT32927 ... 26625&UM=2
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3292716&SearchSource=48&CUI=UN31936164621226625&UM=2"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Henderson\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\Henderson\AppData\Local\Google\Chrome\Application\27.0.1453.110\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Henderson\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File

==================== Services (Whitelisted) =================

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-05-24] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-05-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-05-24] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130627.001\IDSvia64.sys [513184 2013-05-24] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130627.001\IDSvia64.sys [513184 2013-05-24] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130628.002\ENG64.SYS [126040 2013-05-24] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130628.002\ENG64.SYS [126040 2013-05-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130628.002\EX64.SYS [2098776 2013-05-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130628.002\EX64.SYS [2098776 2013-05-24] (Symantec Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [446976 2009-08-20] (Realtek Semiconductor Corporation )
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 UsbGps; C:\Windows\System32\DRIVERS\lgx64gps.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 RtsUIR; No ImagePath
S3 USBCCID; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-28 13:12 - 2013-06-28 13:12 - 00000000 ____D C:\FRST
2013-06-28 13:11 - 2013-06-28 13:11 - 01933484 ____A (Farbar) C:\Users\Henderson\Desktop\FRST64.exe
2013-06-28 13:01 - 2013-06-28 13:03 - 00000578 ____A C:\Users\Henderson\Desktop\SystemLook.txt
2013-06-28 12:57 - 2013-06-28 12:57 - 00096256 ____A C:\Users\Henderson\Desktop\SystemLook_x64.exe
2013-06-27 22:51 - 2013-06-27 22:51 - 00002030 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-06-27 22:51 - 2013-06-27 22:51 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-06-27 21:58 - 2013-06-27 21:58 - 00001428 ____A C:\Users\Henderson\Desktop\Internet Explorer.lnk
2013-06-26 22:52 - 2013-06-26 22:52 - 00000000 ____D C:\_OTL
2013-06-26 22:41 - 2011-05-30 12:59 - 00161760 ____A C:\Program Files (x86)\64res.dll
2013-06-23 22:08 - 2013-06-23 22:08 - 00063364 ____A C:\Users\Henderson\Desktop\Extras.Txt
2013-06-23 22:06 - 2013-06-26 23:33 - 00094672 ____A C:\Users\Henderson\Desktop\OTL.Txt
2013-06-23 21:43 - 2013-06-23 21:43 - 00602112 ____A (OldTimer Tools) C:\Users\Henderson\Desktop\OTL.exe
2013-06-19 03:53 - 2013-06-19 03:54 - 00000000 ____D C:\Users\Henderson\AppData\Local\{B04F9425-4B2F-4100-92A1-DDC706DABB2F}
2013-06-17 15:26 - 2013-06-17 15:26 - 00023616 ____A C:\Users\Henderson\Desktop\dds.txt
2013-06-17 15:26 - 2013-06-17 15:26 - 00007074 ____A C:\Users\Henderson\Desktop\attach.txt
2013-06-17 15:12 - 2013-06-20 14:04 - 00002401 ____A C:\Users\Henderson\Desktop\Google Chrome.lnk
2013-06-15 16:33 - 2013-06-08 09:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 16:33 - 2013-06-08 09:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 16:33 - 2013-06-08 09:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 16:33 - 2013-06-08 09:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 16:33 - 2013-06-08 09:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 16:33 - 2013-06-08 07:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 16:33 - 2013-06-08 06:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 16:33 - 2013-06-08 06:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 16:33 - 2013-06-08 06:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 16:33 - 2013-06-08 06:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 16:33 - 2013-06-08 06:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 16:33 - 2013-06-08 06:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 07:15 - 2013-05-16 20:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-14 07:15 - 2013-05-16 20:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-14 07:15 - 2013-05-16 20:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-14 07:15 - 2013-05-16 20:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-14 07:15 - 2013-05-16 20:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-14 07:15 - 2013-05-16 20:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-14 07:15 - 2013-05-16 20:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-14 07:15 - 2013-05-16 20:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-14 07:15 - 2013-05-16 19:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-14 07:15 - 2013-05-16 19:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-14 07:15 - 2013-05-16 19:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-14 07:15 - 2013-05-16 19:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-14 07:15 - 2013-05-16 19:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-14 07:15 - 2013-05-16 19:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-14 07:15 - 2013-05-16 19:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-14 07:15 - 2013-05-16 19:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-14 07:15 - 2013-05-16 19:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-14 07:15 - 2013-05-14 07:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-14 07:15 - 2013-05-14 03:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 15:32 - 2013-06-12 15:33 - 00000009 ____A C:\END
2013-06-12 15:32 - 2013-06-12 15:32 - 00000000 ____D C:\Users\Henderson\AppData\Local\CRE
2013-06-12 15:32 - 2013-06-12 15:32 - 00000000 ____D C:\ProgramData\Oberon Media
2013-06-12 06:41 - 2013-05-13 00:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 06:41 - 2013-05-13 00:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 06:41 - 2013-05-13 00:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 06:41 - 2013-05-13 00:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 06:41 - 2013-05-12 23:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 06:41 - 2013-05-12 23:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 06:41 - 2013-05-12 23:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 06:41 - 2013-05-12 22:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 06:41 - 2013-05-12 22:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 06:41 - 2013-05-12 22:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 06:41 - 2013-05-10 00:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 06:41 - 2013-05-09 22:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 06:41 - 2013-05-08 01:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 06:41 - 2013-04-26 00:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 06:41 - 2013-04-25 23:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 06:41 - 2013-04-25 18:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 06:41 - 2013-04-17 02:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 06:41 - 2013-04-17 01:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 06:41 - 2013-03-31 17:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 05:19 - 2013-06-12 05:19 - 00000000 ____D C:\Users\Henderson\AppData\Local\{2FB7968F-7915-4FF5-8E4C-2AAD04A4AFD5}
2013-06-08 22:22 - 2013-06-08 22:22 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-08 22:22 - 2013-06-08 22:22 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-08 22:22 - 2013-06-08 22:22 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-08 22:22 - 2013-06-08 22:22 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-04 08:38 - 2013-06-04 08:38 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-04 08:38 - 2013-06-04 08:38 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-04 08:38 - 2013-06-04 08:38 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-04 08:38 - 2013-06-04 08:38 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-04 08:38 - 2013-06-04 08:38 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-04 08:38 - 2013-06-04 08:38 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-04 08:38 - 2013-06-04 08:38 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-04 08:38 - 2013-06-04 08:38 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-04 08:36 - 2013-06-04 08:36 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-04 08:33 - 2013-06-04 08:41 - 00008552 ____A C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2013-06-28 13:13 - 2012-04-06 00:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-28 13:12 - 2013-06-28 13:12 - 00000000 ____D C:\FRST
2013-06-28 13:11 - 2013-06-28 13:11 - 01933484 ____A (Farbar) C:\Users\Henderson\Desktop\FRST64.exe
2013-06-28 13:03 - 2013-06-28 13:01 - 00000578 ____A C:\Users\Henderson\Desktop\SystemLook.txt
2013-06-28 13:00 - 2010-12-27 20:46 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1329925755-3460995418-3139510053-1000UA.job
2013-06-28 12:57 - 2013-06-28 12:57 - 00096256 ____A C:\Users\Henderson\Desktop\SystemLook_x64.exe
2013-06-28 12:57 - 2009-07-13 23:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-28 12:57 - 2009-07-13 23:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-28 12:55 - 2010-12-27 20:46 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1329925755-3460995418-3139510053-1000Core.job
2013-06-28 12:55 - 2010-12-07 20:27 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-27 23:01 - 2010-03-24 17:51 - 02032935 ____A C:\Windows\WindowsUpdate.log
2013-06-27 22:58 - 2010-12-07 20:27 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-27 22:58 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-27 22:58 - 2009-07-13 23:51 - 00152727 ____A C:\Windows\setupact.log
2013-06-27 22:54 - 2010-03-24 18:30 - 00000000 ____D C:\ProgramData\Adobe
2013-06-27 22:52 - 2010-05-11 10:53 - 00000000 ____D C:\Users\Henderson\AppData\Roaming\Adobe
2013-06-27 22:51 - 2013-06-27 22:51 - 00002030 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-06-27 22:51 - 2013-06-27 22:51 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-06-27 21:58 - 2013-06-27 21:58 - 00001428 ____A C:\Users\Henderson\Desktop\Internet Explorer.lnk
2013-06-27 04:03 - 2012-12-06 02:10 - 00041529 ____A C:\Users\Henderson\Documents\2013 payment spreadsheet for car.ods
2013-06-26 23:33 - 2013-06-23 22:06 - 00094672 ____A C:\Users\Henderson\Desktop\OTL.Txt
2013-06-26 23:15 - 2010-10-30 15:20 - 00000000 ____D C:\users\Guest
2013-06-26 23:15 - 2009-11-30 23:44 - 00229598 ____A C:\Windows\PFRO.log
2013-06-26 22:52 - 2013-06-26 22:52 - 00000000 ____D C:\_OTL
2013-06-26 22:41 - 2010-07-15 10:07 - 00000201 ____A C:\Windows\wininit.ini
2013-06-24 22:03 - 2010-05-11 10:53 - 00000000 ____D C:\Users\Henderson\AppData\Local\Adobe
2013-06-23 22:08 - 2013-06-23 22:08 - 00063364 ____A C:\Users\Henderson\Desktop\Extras.Txt
2013-06-23 21:43 - 2013-06-23 21:43 - 00602112 ____A (OldTimer Tools) C:\Users\Henderson\Desktop\OTL.exe
2013-06-23 21:25 - 2009-11-30 23:29 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-20 14:04 - 2013-06-17 15:12 - 00002401 ____A C:\Users\Henderson\Desktop\Google Chrome.lnk
2013-06-19 04:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-06-19 03:54 - 2013-06-19 03:53 - 00000000 ____D C:\Users\Henderson\AppData\Local\{B04F9425-4B2F-4100-92A1-DDC706DABB2F}
2013-06-19 03:00 - 2013-05-25 08:11 - 00002431 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-06-19 03:00 - 2013-05-25 08:10 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2013-06-18 21:07 - 2012-04-06 00:51 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-18 21:07 - 2011-08-11 21:15 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-17 18:37 - 2013-05-25 08:11 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-06-17 18:37 - 2013-05-25 08:11 - 00007631 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-06-17 15:26 - 2013-06-17 15:26 - 00023616 ____A C:\Users\Henderson\Desktop\dds.txt
2013-06-17 15:26 - 2013-06-17 15:26 - 00007074 ____A C:\Users\Henderson\Desktop\attach.txt
2013-06-14 08:05 - 2010-05-31 22:49 - 00000000 ____D C:\Users\Henderson\.gimp-2.6
2013-06-14 08:03 - 2009-07-14 00:13 - 00779306 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-14 07:16 - 2010-06-04 09:59 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 15:33 - 2013-06-12 15:32 - 00000009 ____A C:\END
2013-06-12 15:32 - 2013-06-12 15:32 - 00000000 ____D C:\Users\Henderson\AppData\Local\CRE
2013-06-12 15:32 - 2013-06-12 15:32 - 00000000 ____D C:\ProgramData\Oberon Media
2013-06-12 05:19 - 2013-06-12 05:19 - 00000000 ____D C:\Users\Henderson\AppData\Local\{2FB7968F-7915-4FF5-8E4C-2AAD04A4AFD5}
2013-06-10 23:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-09 15:31 - 2010-05-19 22:35 - 00000000 ____D C:\Users\Henderson\AppData\Local\Microsoft Games
2013-06-08 22:22 - 2013-06-08 22:22 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-08 22:22 - 2013-06-08 22:22 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-08 22:22 - 2013-06-08 22:22 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-08 22:22 - 2013-06-08 22:22 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-08 22:22 - 2012-05-10 06:36 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-06-08 22:22 - 2010-05-11 16:01 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-08 09:08 - 2013-06-15 16:33 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 09:07 - 2013-06-15 16:33 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 09:06 - 2013-06-15 16:33 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 09:06 - 2013-06-15 16:33 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 09:06 - 2013-06-15 16:33 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 07:28 - 2013-06-15 16:33 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 06:42 - 2013-06-15 16:33 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 06:40 - 2013-06-15 16:33 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 06:40 - 2013-06-15 16:33 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 06:40 - 2013-06-15 16:33 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 06:40 - 2013-06-15 16:33 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 06:13 - 2013-06-15 16:33 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-04 10:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-04 10:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-04 10:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-04 10:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-06-04 10:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-06-04 08:41 - 2013-06-04 08:33 - 00008552 ____A C:\Windows\IE10_main.log
2013-06-04 08:38 - 2013-06-04 08:38 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-04 08:38 - 2013-06-04 08:38 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-04 08:38 - 2013-06-04 08:38 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-04 08:38 - 2013-06-04 08:38 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-04 08:38 - 2013-06-04 08:38 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-04 08:38 - 2013-06-04 08:38 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-04 08:38 - 2013-06-04 08:38 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-04 08:38 - 2013-06-04 08:38 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-04 08:38 - 2013-06-04 08:38 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-04 08:38 - 2013-06-04 08:38 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-04 08:38 - 2013-06-04 08:38 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-04 08:36 - 2013-06-04 08:36 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-04 08:36 - 2013-06-04 08:36 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-23 21:20

==================== End Of Log ============================


Addition Log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-06-2013
Ran by Henderson at 2013-06-28 13:14:43
Running from C:\Users\Henderson\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 10 Plugin (x32 Version: 10.0.22.87)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
Best Buy Software Installer (Version: 2.1.0.29)
Best Buy Software Installer (x32 Version: 2.1.0.29)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
ConvertXtoDVD 3.3.1.98 (x32 Version: 3.3.1.98)
ConvertXtoDVD 4.1.12.352 (x32 Version: 4.1.12.352)
D3DX10 (x32 Version: 15.4.2368.0902)
GIMP 2.6.8 (x32)
Google Chrome (HKCU Version: 27.0.1453.116)
Google Earth (x32 Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.145)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1883)
Intel® Matrix Storage Manager
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
LG USB Modem driver (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office XP Professional with FrontPage (x32 Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (x32 Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Works (x32 Version: 9.7.0621)
MSVCRT (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (x32 Version: 1.0.0.0)
Norton Internet Security (x32 Version: 20.4.0.40)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
Picasa 3 (x32 Version: 3.9)
PlayReady PC Runtime amd64 (Version: 1.3.0)
QuickTime (x32 Version: 7.73.80.64)
Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0005)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5904)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30101)
Realtek WLAN Driver (x32 Version: 2.00.0006)
Roxio Express Labeler 3 (x32 Version: 3.2.1)
Synaptics Pointing Device Driver (Version: 13.2.6.1)
The Weather Channel App (x32)
The Weather Channel Desktop 6 (x32)
TOSHIBA Application Installer (x32 Version: 9.0.1.0)
TOSHIBA Assist (x32 Version: 3.00.09)
TOSHIBA Bulletin Board (Version: 1.5.05.64)
TOSHIBA Bulletin Board (x32 Version: 1.5.05.64)
TOSHIBA ConfigFree (x32 Version: 8.0.21)
TOSHIBA Disc Creator (Version: 2.1.0.1 for x64)
TOSHIBA DVD PLAYER (x32 Version: 3.01.0.07-A)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Extended Tiles for Windows Mobility Center (x32 Version: )
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.4C)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.11C)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.0)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.0)
TOSHIBA Media Controller (x32 Version: 1.0.65)
TOSHIBA Quality Application (x32 Version: 1.0.1)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.5.07.64)
TOSHIBA ReelTime (x32 Version: 1.5.07.64)
TOSHIBA Service Station (x32 Version: 2.1.33)
TOSHIBA Speech System Applications (x32 Version: 1.00.2518)
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (x32)
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (x32)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.7C)
TOSHIBA Value Added Package (Version: 1.2.26.64)
TOSHIBA Value Added Package (x32 Version: 1.2.26.64)
ToshibaRegistration (x32 Version: 1.0.3)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Utility Common Driver (x32 Version: 1.0.50.27C)
VSO Burning SDK 4.0.21.489 (x32 Version: 4.0.21.489)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Yahoo! Messenger (x32)
Yahoo! Software Update (x32)
Yahoo! Toolbar (x32)

==================== Restore Points =========================

04-06-2013 13:32:22 Windows Update
09-06-2013 03:21:01 Removed Java(TM) 6 Update 39
09-06-2013 03:22:09 Installed Java 7 Update 21
14-06-2013 12:13:33 Windows Update
15-06-2013 21:32:47 Windows Update
24-06-2013 02:25:06 Removed Java(TM) 6 Update 18
24-06-2013 02:36:58 Removed Adobe Reader 9.5.3.
27-06-2013 03:53:14 OTL Restore Point - 6/26/2013 10:53:08 PM
28-06-2013 02:50:44 OTL Restore Point - 6/27/2013 9:50:39 PM
28-06-2013 03:50:45 Installed Adobe Reader XI.

==================== Scheduled Tasks (whitelisted) =============

Task: {02ADA5FD-09E7-435F-A52D-89CF8A9368F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07] (Google Inc.)
Task: {232F66FE-321B-457C-AD7C-5A6A2964AA27} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3F47CCFF-6636-4A31-A3AD-361F13595968} - System32\Tasks\{7B68C902-C4A2-4F8A-938C-DA606DE33C1D} => C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe No File
Task: {4BE00C01-F7AE-417F-BEE6-1A06730D1AE4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1329925755-3460995418-3139510053-1000UA => C:\Users\Henderson\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-07] (Google Inc.)
Task: {5B1BF8C9-B2C2-4B23-9602-4C0F15126BBE} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {686358CE-04CC-4293-8D40-27B5340CA6AA} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {7483ED34-B22F-4F11-B18F-FD35AAB1BFC0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-18] (Adobe Systems Incorporated)
Task: {827848B4-48B4-4D41-AECB-EE2C0780CBF1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1329925755-3460995418-3139510053-1000Core => C:\Users\Henderson\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-07] (Google Inc.)
Task: {8DD60B96-BF46-4BB7-9305-5772BB18CD04} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07] (Google Inc.)
Task: {8EA92CBA-CE90-45A3-8A42-814CD8A03F8A} - System32\Tasks\{6B3CB670-E2D3-41B6-A22A-D55CB431DB36} => C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe No File
Task: {9D10C8F4-244C-438C-AF2D-F79B4E788E7E} - System32\Tasks\{67AA595D-C2B0-4F1E-BC9F-7A8BDCB24830} => C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe No File
Task: {A8BA299F-FE60-4CF9-B03B-5689FAB9C3A2} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {C16F7DBD-727F-4EF9-B4BA-280352DA08FC} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {CCA457BA-4050-4585-BE23-4DEFE416C44A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {D4AE13E0-A8CA-4C12-9517-8049863D504B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)
Task: {DBEBC1DD-6B57-4F46-A69B-84F9D26B265A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {F1EF5A48-A648-4CC1-ACB4-AA47455863D2} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1329925755-3460995418-3139510053-1000Core.job => C:\Users\Henderson\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1329925755-3460995418-3139510053-1000UA.job => C:\Users\Henderson\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/27/2013 09:56:24 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 854

Start Time: 01ce73aab0c17fa3

Termination Time: 51

Application Path: C:\windows\Explorer.EXE

Report Id: 420cc544-df9e-11e2-8e6d-705ab68515d1

Error: (06/26/2013 07:56:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16611, time stamp: 0x5191e7aa
Faulting module name: MSHTML.dll, version: 10.0.9200.16618, time stamp: 0x51b30064
Exception code: 0xc0000005
Fault offset: 0x009c695f
Faulting process id: 0x25c8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (06/25/2013 02:06:13 AM) (Source: Application Hang) (User: )
Description: The program TWCApp.exe version 7.5.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d94

Start Time: 01ce70844e11ca33

Termination Time: 65

Application Path: C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe

Report Id:

Error: (06/25/2013 02:04:19 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16611, time stamp: 0x5191e7aa
Faulting module name: urlmon.dll, version: 10.0.9200.16618, time stamp: 0x51b2f30d
Exception code: 0xc0000005
Fault offset: 0x00003eaf
Faulting process id: 0xac4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (06/23/2013 09:42:10 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b24

Start Time: 01ce7084414d88db

Termination Time: 20

Application Path: C:\windows\Explorer.EXE

Report Id: 9bb40b91-dc77-11e2-89ba-705ab68515d1

Error: (06/19/2013 03:01:42 AM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ad4

Start Time: 01ce6cc30822c43e

Termination Time: 172

Application Path: C:\windows\Explorer.EXE

Report Id: 6bfa046c-d8b6-11e2-b960-705ab68515d1

Error: (06/17/2013 03:17:15 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9e0

Start Time: 01ce6b96fe54f161

Termination Time: 32

Application Path: C:\windows\Explorer.EXE

Report Id: e0e115e4-d78a-11e2-879f-705ab68515d1

Error: (06/17/2013 03:16:58 PM) (Source: Application Hang) (User: )
Description: The program TWCApp.exe version 7.5.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ae4

Start Time: 01ce6b96ffb4d013

Termination Time: 32

Application Path: C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe

Report Id:

Error: (06/16/2013 11:11:59 PM) (Source: Application Hang) (User: )
Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 99c

Start Time: 01ce6b0e3ef19eea

Termination Time: 63

Application Path: C:\windows\explorer.exe

Report Id: 061b2c86-d704-11e2-b9a3-705ab68515d1

Error: (06/16/2013 10:53:37 PM) (Source: Application Hang) (User: )
Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1120

Start Time: 01ce6b0cad5b4b87

Termination Time: 41

Application Path: C:\windows\explorer.exe

Report Id: 7933b176-d701-11e2-b9a3-705ab68515d1


System errors:
=============
Error: (06/27/2013 03:51:46 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%109

Error: (06/27/2013 03:51:46 AM) (Source: DCOM) (User: )
Description: 109gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (06/24/2013 05:52:18 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (06/19/2013 02:57:55 AM) (Source: Service Control Manager) (User: )
Description: The UPnP Device Host service failed to start due to the following error:
%%1069

Error: (06/19/2013 02:57:55 AM) (Source: Service Control Manager) (User: )
Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/19/2013 02:57:55 AM) (Source: DCOM) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (06/14/2013 07:57:15 AM) (Source: DCOM) (User: ROGERS-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}ROGERS-PCHendersonS-1-5-21-1329925755-3460995418-3139510053-1000LocalHost (Using LRPC)

Error: (06/14/2013 07:57:04 AM) (Source: DCOM) (User: ROGERS-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}ROGERS-PCHendersonS-1-5-21-1329925755-3460995418-3139510053-1000LocalHost (Using LRPC)

Error: (06/14/2013 07:57:01 AM) (Source: DCOM) (User: ROGERS-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}ROGERS-PCHendersonS-1-5-21-1329925755-3460995418-3139510053-1000LocalHost (Using LRPC)

Error: (06/14/2013 07:57:01 AM) (Source: DCOM) (User: ROGERS-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}ROGERS-PCHendersonS-1-5-21-1329925755-3460995418-3139510053-1000LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (06/27/2013 09:56:24 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.1756785401ce73aab0c17fa351C:\windows\Explorer.EXE420cc544-df9e-11e2-8e6d-705ab68515d1

Error: (06/26/2013 07:56:35 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.166115191e7aaMSHTML.dll10.0.9200.1661851b30064c0000005009c695f25c801ce72ceecefcbbaC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\system32\MSHTML.dll69d4ea74-dec4-11e2-89ba-705ab68515d1

Error: (06/25/2013 02:06:13 AM) (Source: Application Hang)(User: )
Description: TWCApp.exe7.5.2.0d9401ce70844e11ca3365C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe

Error: (06/25/2013 02:04:19 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.166115191e7aaurlmon.dll10.0.9200.1661851b2f30dc000000500003eafac401ce71721e82d0c5C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\syswow64\urlmon.dll743250ef-dd65-11e2-89ba-705ab68515d1

Error: (06/23/2013 09:42:10 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17567b2401ce7084414d88db20C:\windows\Explorer.EXE9bb40b91-dc77-11e2-89ba-705ab68515d1

Error: (06/19/2013 03:01:42 AM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17567ad401ce6cc30822c43e172C:\windows\Explorer.EXE6bfa046c-d8b6-11e2-b960-705ab68515d1

Error: (06/17/2013 03:17:15 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.175679e001ce6b96fe54f16132C:\windows\Explorer.EXEe0e115e4-d78a-11e2-879f-705ab68515d1

Error: (06/17/2013 03:16:58 PM) (Source: Application Hang)(User: )
Description: TWCApp.exe7.5.2.0ae401ce6b96ffb4d01332C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe

Error: (06/16/2013 11:11:59 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.1.7601.1756799c01ce6b0e3ef19eea63C:\windows\explorer.exe061b2c86-d704-11e2-b9a3-705ab68515d1

Error: (06/16/2013 10:53:37 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.1.7601.17567112001ce6b0cad5b4b8741C:\windows\explorer.exe7933b176-d701-11e2-b9a3-705ab68515d1


==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 3932.88 MB
Available physical RAM: 2174.96 MB
Total Pagefile: 7863.95 MB
Available Pagefile: 6122.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI105756W0B) (Fixed) (Total:287.64 GB) (Free:189.69 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: CE865B76)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=288 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=17)

==================== End Of Log ============================
ldydarsheva
Active Member
 
Posts: 10
Joined: June 17th, 2013, 4:30 pm

Re: Possible Malware? DLL initialization routine failed

Unread postby askey127 » June 29th, 2013, 8:10 am

ldydarsheva,
---------------------------------------------
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :reg
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon  /sub
    
    :regfind
    sristep
    sywqsip
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt
----------------------------------------------------------
Run A Fix With FRST
Copy the following text into a new Notepad document
Start
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\HENDER~1\AppData\Local\Temp\sristep\sywqsip\wow64.dll ATTENTION! ====> ZeroAccess
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3292716&SearchSource=48&CUI=UN31936164621226625&UM=2"
MountPoints2: {b5e50ae8-7a86-11e2-951b-705ab68515d1} - E:\TLBootstrap_WPP.exe
MountPoints2: {b5e50ae9-7a86-11e2-951b-705ab68515d1} - F:\TLBootstrap_WPP.exe
End

Save it to your Desktop as filename fixlist.txt
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.
Run FRST64, and press the Fix button just once. Then wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possible Malware? DLL initialization routine failed

Unread postby ldydarsheva » June 29th, 2013, 9:14 pm

SystemLook Log:
SystemLook 04.09.10 by jpshortstuff
Log created at 20:07 on 29/06/2013 by Henderson
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"="1"
"Shell"="explorer.exe"
"PreCreateKnownFolders"="{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
"DefaultDomainName"=""
"DefaultUserName"=""
"Userinit"="userinit.exe"
"VMApplet"="SystemPropertiesPerformance.exe /pagefile"

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
(No values found)

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Wireless Group Policy"
"DisplayName"="@wlgpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessWLANPolicyEx"
"GenerateGroupPolicy"="GenerateWLANPolicy"
"DllName"="wlgpclnt.dll"
"NoUserPolicy"= 0x0000000001 (1)
"NoGPOListChanges"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"="fdeploy.dll"
"NoMachinePolicy"= 0x0000000001 (1)
"NoSlowLink"= 0x0000000001 (1)
"PerUserLocalSettings"= 0x0000000001 (1)
"NoGPOListChanges"= 0x0000000000 (0)
"NoBackgroundPolicy"= 0x0000000000 (0)
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"="(Folder Redirection,Application)"
"DisplayName"="@fdeploy.dll,-261"

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]
(No values found)

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Microsoft Disk Quota"
"DisplayName"="@%SystemRoot%\System32\dskquota.dll,-100"
"NoMachinePolicy"= 0x0000000000 (0)
"NoUserPolicy"= 0x0000000001 (1)
"NoSlowLink"= 0x0000000001 (1)
"NoBackgroundPolicy"= 0x0000000001 (1)
"NoGPOListChanges"= 0x0000000001 (1)
"PerUserLocalSettings"= 0x0000000000 (0)
"RequiresSuccessfulRegistry"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000000 (0)
"DllName"="%SystemRoot%\System32\dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="QoS Packet Scheduler"
"DisplayName"="@gptext.dll,-201"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"="gptext.dll"
"NoUserPolicy"= 0x0000000001 (1)
"NoGPOListChanges"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Internet Explorer Zonemapping"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"DllName"="C:\Windows\SysWOW64\iedkcs32.dll"
"RequiresSuccessfulRegistry"= 0x0000000001 (1)
"NoGPOListChanges"= 0x0000000001 (1)
"DisplayName"="@C:\Windows\SysWOW64\iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
@="Windows Search Group Policy Extension"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="%SystemRoot%\System32\srchadmin.dll"
"RequiresSuccessfulRegistry"= 0x0000000001 (1)
"NoSlowLink"= 0x0000000000 (0)
"NoGPOListChanges"= 0x0000000001 (1)
"NoUserPolicy"= 0x0000000000 (0)
"NoMachinePolicy"= 0x0000000000 (0)
"PerUserLocalSettings"= 0x0000000000 (0)
"EnableAsynchronousProcessing"= 0x0000000001 (1)
"NoBackgroundPolicy"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@="Internet Explorer User Accelerators"
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"DllName"="C:\Windows\SysWOW64\iedkcs32.dll"
"RequiresSuccessfulRegistry"= 0x0000000001 (1)
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"NoGPOListChanges"= 0x0000000001 (1)
"DisplayName"="@C:\Windows\SysWOW64\iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@="Security"
"DisplayName"="@(runtime.system32)\scecli.dll,-7650"
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"= 0x0000000001 (1)
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"= 0x0000000001 (1)
"DllName"="scecli.dll"
"NoUserPolicy"= 0x0000000001 (1)
"NoGPOListChanges"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)
"MaxNoGPOListChangesInterval"= 0x00000003c0 (960)

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}]
@="Deployed Printer Connections"
"DisplayName"="@%systemroot%\system32\gpprnext.dll,-1"
"DllName"="%systemroot%\system32\gpprnext.dll"
"EnableAsynchronousProcessing"= 0x0000000001 (1)
"ExtensionEventSource"=""
"GenerateGroupPolicy"="PrinterGenerateGroupPolicy"
"MaxNoGPOListChangesInterval"= 0x0000000000 (0)
"NoBackgroundPolicy"= 0x0000000000 (0)
"NoGPOListChanges"= 0x0000000000 (0)
"NoMachinePolicy"= 0x0000000000 (0)
"NoSlowLink"= 0x0000000001 (1)
"NotifyLinkTransition"= 0x0000000000 (0)
"NoUserPolicy"= 0x0000000000 (0)
"PerUserLocalSettings"= 0x0000000000 (0)
"ProcessGroupPolicy"="PrinterProcessGroupPolicy"
"ProcessGroupPolicyEx"="PrinterProcessGroupPolicyEx"
"RequiresSuccessfulRegistry"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@="Internet Explorer Branding"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="C:\Windows\SysWOW64\iedkcs32.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoSlowLink"= 0x0000000001 (1)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"NoGPOListChanges"= 0x0000000001 (1)
"NoMachinePolicy"= 0x0000000001 (1)
"DisplayName"="@C:\Windows\SysWOW64\iedkcs32.dll,-3014"
"NoBackgroundPolicy"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@="802.3 Group Policy"
"DisplayName"="@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"="dot3gpclnt.dll"
"NoUserPolicy"= 0x0000000001 (1)
"NoGPOListChanges"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}]
@="TCPIP"
"DisplayName"="@gptext.dll,-204"
"ProcessGroupPolicy"="ProcessTCPIPPolicy"
"DllName"="gptext.dll"
"NoUserPolicy"= 0x0000000001 (1)
"NoGPOListChanges"= 0x0000000001 (1)
"RequiresSuccessfulRegistry"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@="Internet Explorer Machine Accelerators"
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"DllName"="C:\Windows\SysWOW64\iedkcs32.dll"
"RequiresSuccessfulRegistry"= 0x0000000001 (1)
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"NoGPOListChanges"= 0x0000000001 (1)
"DisplayName"="@C:\Windows\SysWOW64\iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="IP Security"
"ProcessGroupPolicyEx"="ProcessIPSECPolicyEx"
"GenerateGroupPolicy"="GenerateIPSECPolicy"
"DllName"="%SystemRoot%\System32\polstore.dll"
"NoUserPolicy"= 0x0000000001 (1)
"NoGPOListChanges"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
@="Enterprise QoS"
"DisplayName"="@gptext.dll,-203"
"ProcessGroupPolicy"="ProcessEQoSPolicy"
"DllName"="gptext.dll"
"RequiresSuccessfulRegistry"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}]
@="CP"
"DisplayName"="@gptext.dll,-205"
"ProcessGroupPolicy"="ProcessConnectivityPlatformPolicy"
"DllName"="gptext.dll"
"NoUserPolicy"= 0x0000000001 (1)
"NoGPOListChanges"= 0x0000000001 (1)
"RequiresSuccessfulRegistry"= 0x0000000001 (1)


========== regfind ==========

Searching for "sristep"
No data found.

Searching for "sywqsip"
No data found.

-= EOF =-



Fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-06-2013
Ran by Henderson at 2013-06-29 20:12:41 Run:1
Running from C:\Users\Henderson\Desktop
Boot Mode: Normal
==============================================

HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32\\Default => Value was restored successfully.
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3292716&SearchSource=48&CUI=UN31936164621226625&UM=2" ==> The Chrome "Settings" can be used to fix the entry.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5e50ae8-7a86-11e2-951b-705ab68515d1} => Key deleted successfully.
HKCR\CLSID\{b5e50ae8-7a86-11e2-951b-705ab68515d1} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5e50ae9-7a86-11e2-951b-705ab68515d1} => Key deleted successfully.
HKCR\CLSID\{b5e50ae9-7a86-11e2-951b-705ab68515d1} => Key not found.

==== End of Fixlog ====
ldydarsheva
Active Member
 
Posts: 10
Joined: June 17th, 2013, 4:30 pm

Re: Possible Malware? DLL initialization routine failed

Unread postby askey127 » June 30th, 2013, 6:57 am

ldydarsheva,
--------------------------------------------------------
Set Default search engine in Chrome
  • Open Chrome. You can set one search engine to always be used for processing search queries you type in the address bar.
  • Click the Tools menu.
  • Select Options.
  • Click the Basics tab.
  • Select the search engine from the 'Default search' drop-down menu that you'd like Google Chrome to use.
    Make sure it is NOT search.conduit.com
  • If your desired search engine doesn't appear in the drop-down menu, click the Manage button. In the 'Search Engines' dialog box, select the search engine name that you'd like to use by default, click the Make Default button, and click the Close button on the 'Search Engines' dialog box.
  • Click the Close button.
If you've turned on the auto-suggestions feature, Google Chrome checks to see if a suggestions service is provided by your default search engine.
If one isn't provided, then Google Suggest is the default suggestions service in use.

Details on most Chrome settings are here: http://www.googlechromebrowser.com/cust ... -settings/
How is it running? The error message at bootup should be gone.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possible Malware? DLL initialization routine failed

Unread postby ldydarsheva » July 1st, 2013, 8:43 pm

Ok, Sorry to be such a pain, :) . My dad doesn't use google chrome, in fact he's not even sure how it got on his computer. I figure it was included in some update he did or something.

I tried to follow the directions you gave. I clicked on the Google Chrome shortcut on the desktop and it brought up a page that is the search.conduit.com I looked for a tools menu and did not find one. I did find a menu that had tools on it but it didn't have Options or a Basics tab and farther down the menu it says 'sign in to chrome'. Im pretty sure my dad doesn't even have a google account. So I don't think my dad ever set up Google Chrome and I don't think he will ever use it.
So my question is... Can I just uninstall Google Chrome from the computer and will that get rid of the error message that has been popping up on bootup?

Thank you for all of your help!! It is very much appreciated!
ldydarsheva
Active Member
 
Posts: 10
Joined: June 17th, 2013, 4:30 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware