Jump to content

Malwarebytes

trogan agent in svchost exe - and making outgoing connections

- - - - -
Started by MJnDenver, Jun 16 2012 09:37 PM


21 replies to this topic

#1
MJnDenver
Posted 16 June 2012 - 09:37 PM

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Female
  • Location:Denver, CO
MB has been blocking connections for me, and when I ran it - MB got rid of most of the issue - but there are 2 objects still in my svchost.exe that won't go away. I've updated MB, run it, restarted as it told me to, run it again and they are still there.
I have the latest log, after the restart, as well as the one from before it. I also took screen shots of the 2 most recent "blocks" MB did for me. How do I get rid of these?
Here's the log from before the restart:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.16.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marcia :: MARCIA-GATEWAY [administrator]
Protection: Enabled
6/16/2012 6:51:43 PM
mbam-log-2012-06-16 (18-51-43).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215592
Time elapsed: 18 minute(s), 26 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4760 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)



Here's the log from running it immediately after the restart:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.16.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marcia :: MARCIA-GATEWAY [administrator]
Protection: Enabled
6/16/2012 7:41:57 PM
mbam-log-2012-06-16 (19-41-57).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215597
Time elapsed: 9 minute(s), 26 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4824 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)


It won't let me paste the screen shots. The one that came up while I was running MB says
"Malwarebytes Anti-Malware has detected a malicious process attempting to start and has blocked the execution attempt. Please slect an ooption below." Then at the bottom left it says C:\WINDOWS\SVCHOST.EXT
TROJAN.AGENT
Below that my options are to disable protection, ignore, or quarantine (I chose quarantine).
A minute or two after I chose quarantine on this one, I got the popup at the bottom of my screen that says:
"Malwarebytes Anti-Malware
Successfully blocked access to a potentially malicious website: 206.161.121.6
Type: outgoing
Port: 51295, Process: svchost.exe

I really don't know what else to do. I tried to run my regular antivirus as well - but that tends to stall and never get finished.

Help?? Please?

#2
MJnDenver
Posted 16 June 2012 - 09:59 PM

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Female
  • Location:Denver, CO
And I can't believe I spelled TROJAN wrong in the title line!!

#3
MJnDenver
Posted 17 June 2012 - 12:50 AM

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Female
  • Location:Denver, CO
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Marcia at 23:40:14 on 2012-06-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.1382 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\ASTSRV.EXE
C:\Program Files\USDV Backup Basic\Backup Heartbeat\Backup Heartbeat.exe
C:\Program Files\USDV Backup Basic\BackupScheduler\BackupScheduler.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\rundll32.exe
C:\Windows\system32\nlsInterface.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
-netsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=nv52_series
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Gamers Unite! Snag Bar BHO: {26a7ca19-7d58-411d-b2da-f1b0324cbffc} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120426210103.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {90d46c30-9f25-4104-aea9-35c3f84477ff} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Gamers Unite! Snag Bar: {25515a79-c1c7-4b97-97f8-31a711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [EDesksoft Auto Update] C:\Program Files (x86)\EDesksoft\Update\EDesksoftUpdate.exe
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\Marcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: &Add animation to IncrediMail Style Box - C:\Program Files (x86)\IncrediMail\bin\resources\WebMenuImg.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://www.onlineregister.com/gateway/serial/gwCID.cab
DPF: {A763FB1D-703C-40AA-9FFD-4F23ED8D8641} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F533FFC8-B8E6-4C92-9AD8-8EE479E75330} : DhcpNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: StumbleUpon Launcher: {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
BHO-X64: StumbleUpon Launcher - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Gamers Unite! Snag Bar BHO: {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO-X64: Web Assistant Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120426210103.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {90d46c30-9f25-4104-aea9-35c3f84477ff} - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: StumbleUpon Toolbar: {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Gamers Unite! Snag Bar: {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
.
=============== Created Last 30 ================
.
2012-06-17 04:26:47 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-06-17 01:36:18 20480 ------w- C:\Windows\svchost.exe
2012-06-14 00:39:26 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-14 00:39:25 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 00:39:24 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 00:39:18 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-14 00:38:52 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-14 00:38:47 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-14 00:38:45 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-14 00:38:44 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-14 00:38:41 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-14 00:38:39 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-14 00:37:05 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-14 00:37:04 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-14 00:36:48 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-14 00:36:45 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-14 00:35:44 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-14 00:35:36 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-12 00:47:05 -------- d-----w- C:\Program Files\iPod
2012-06-12 00:47:03 -------- d-----w- C:\Program Files\iTunes
2012-06-12 00:47:03 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-07 02:27:54 -------- d-----w- C:\Users\Marcia\AppData\Local\{DE7552C0-F75B-4993-B7F2-C7C4485DEC9F}
2012-06-07 02:27:28 -------- d-----w- C:\Users\Marcia\AppData\Local\{7B13A308-C4F0-4E8C-9421-876BECE83C74}
2012-06-03 16:40:20 -------- d-----w- C:\Users\Marcia\AppData\Local\{C35061D4-49F5-4C7F-8BAC-A85E5F227478}
2012-06-03 16:39:49 -------- d-----w- C:\Users\Marcia\AppData\Local\{4247DE36-DA81-4EF3-A746-EF76BE093793}
2012-06-02 22:25:28 -------- d-----w- C:\Users\Marcia\AppData\Local\{80741EB4-0387-449C-B17E-D8F7F687BEA1}
2012-06-02 22:25:07 -------- d-----w- C:\Users\Marcia\AppData\Local\{C9B5C8D1-7F12-442F-842B-F8D747DA94E2}
2012-06-01 02:45:17 -------- d-----w- C:\Users\Marcia\AppData\Local\{553EC7E1-2C50-4887-AC22-8AA76E3867AE}
2012-06-01 02:44:46 -------- d-----w- C:\Users\Marcia\AppData\Local\{1F3DF71A-5A4D-4BE1-BD58-23609C30F61A}
2012-05-31 02:07:40 -------- d-----w- C:\Users\Marcia\AppData\Local\{3BA45051-F876-4000-9C50-116191BFF310}
2012-05-31 02:07:26 -------- d-----w- C:\Users\Marcia\AppData\Local\{141EA0B0-A2C9-49FA-AA45-24FBBC9E991F}
2012-05-31 01:22:43 -------- d-----w- C:\Program Files\Web Assistant
2012-05-28 18:11:45 -------- d-----w- C:\Users\Marcia\AppData\Local\{9CEEA8C0-3B29-473E-B156-A4AD73442F39}
2012-05-28 18:11:20 -------- d-----w- C:\Users\Marcia\AppData\Local\{2A341386-0C72-463F-B5BF-95EBB6B707BC}
2012-05-28 06:10:45 -------- d-----w- C:\Users\Marcia\AppData\Local\{599C5B45-C704-47F4-89AD-A8BB3A011C1B}
2012-05-28 06:10:19 -------- d-----w- C:\Users\Marcia\AppData\Local\{E32EEBAE-3D90-4380-AD53-8846939008A5}
2012-05-28 03:31:37 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis
2012-05-28 03:21:06 -------- d-----w- C:\Program Files (x86)\Corel
2012-05-28 03:21:06 -------- d-----w- C:\Program Files (x86)\Common Files\Corel
2012-05-27 23:46:30 -------- d-----w- C:\Duplicate File Hunter - Removed files
2012-05-27 23:09:00 -------- d-----w- C:\NEW plugins
2012-05-27 20:48:39 -------- d-----w- C:\Users\Marcia\AppData\Roaming\calibre
2012-05-27 20:47:36 -------- d-----w- C:\Program Files (x86)\Calibre2
2012-05-27 05:26:45 -------- d-----w- C:\Users\Marcia\AppData\Local\{D3954AC1-847D-472B-8017-70E0B859423E}
2012-05-27 05:26:21 -------- d-----w- C:\Users\Marcia\AppData\Local\{1C84969A-3525-46A2-AC5B-4D635474E0FC}
2012-05-26 17:25:44 -------- d-----w- C:\Users\Marcia\AppData\Local\{D02735E4-F77B-473E-B204-851BE250D108}
2012-05-26 17:25:21 -------- d-----w- C:\Users\Marcia\AppData\Local\{5EE42EE4-850F-4602-921C-8983375E045B}
2012-05-23 01:33:06 -------- d-----w- C:\Users\Marcia\AppData\Local\{2B2E7BA2-D2C0-4873-8AD1-1D33FBA5F2F1}
2012-05-23 01:32:32 -------- d-----w- C:\Users\Marcia\AppData\Local\{16BC2BDB-B767-450A-B741-A25DCA723E34}
2012-05-22 01:34:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-05-22 01:34:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-05-22 01:34:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-05-22 01:34:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-05-22 01:34:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-05-22 01:34:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-05-22 01:34:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
.
==================== Find3M ====================
.
2012-06-14 01:27:25 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 01:27:25 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-28 22:52:05 6528 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-05 17:31:07 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 02:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 02:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-04 21:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-08-24 00:42:54 332144 ----a-w- C:\Program Files (x86)\Common Files\MediaOrganizer.dll
2011-08-24 00:35:38 33136 ----a-w- C:\Program Files (x86)\Common Files\FlickrProvider.dll
2011-08-24 00:35:14 402800 ----a-w- C:\Program Files (x86)\Common Files\facebook.dll
2011-08-24 00:35:14 130416 ----a-w- C:\Program Files (x86)\Common Files\PluginCommon.dll
2011-08-24 00:34:26 465264 ----a-w- C:\Program Files (x86)\Common Files\AppFramework.dll
2002-07-29 06:40:00 1059840 ----a-w- C:\Program Files (x86)\DS_Bonus_Plugin.8bf
.
============= FINISH: 23:44:34.07 ===============


I ran the dds thing - but I don't know how to attach the other log...I don't see an attach option here at all....

#4
Maurice Naggar
Posted 17 June 2012 - 09:21 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,194 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Hello,
Please only Copy and Paste your logs into a reply. Do not use the attach feature unless requested by your helper.

You have replied to your own topic without waiting first for a helper to 1st reply. Which pretty much would have gotten you no replies ----- we typically look for people who need help and have zero replies.

Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
To show all files:
  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.
Step 3
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.
On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.
On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Step 4
Please read carefully and follow these steps.
  • Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  • Download TDSSKiller and save it to your Desktop.

  • If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
    If on Windows XP, double-click to start.

  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan

When the scan is done, it will display a summary screen.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step 5
Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here and click the "Download EXE" button & Save the file to ARK folder

RIGHT-click the exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)
Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

Step 6

RE-Enable your antivirus program. Posted Image

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe
  • Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.
Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
Posted Image If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):
  • the contents of aswMBR report;
  • the contents of TDSSKILLER log;
  • the contents of GMER log;
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt
Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

~Maurice Naggar

I close my threads if there is 5 days without a response.

#5
MJnDenver
Posted 17 June 2012 - 07:20 PM

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Female
  • Location:Denver, CO
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-17 09:17:32
-----------------------------
09:17:32.054 OS Version: Windows x64 6.1.7601 Service Pack 1
09:17:32.054 Number of processors: 2 586 0x301
09:17:32.056 ComputerName: MARCIA-GATEWAY UserName: Marcia
09:17:33.485 Initialize success
09:17:41.713 AVAST engine defs: 12061700
09:17:47.857 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a
09:17:47.862 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 8
09:17:47.869 Device \Driver\ahcix64s -> MajorFunction fffffa80051ab5e8
09:17:47.879 Disk 0 MBR read successfully
09:17:47.886 Disk 0 MBR scan
09:17:47.894 Disk 0 Windows 7 default MBR code
09:17:47.932 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 12000 MB offset 2048
09:17:47.962 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 293243 MB offset 24578048
09:17:48.001 Disk 0 scanning C:\Windows\system32\drivers
09:18:12.709 Service scanning
09:19:07.328 Modules scanning
09:19:07.347 Scan finished successfully
09:20:11.989 Disk 0 MBR has been saved successfully to "C:\Users\Marcia\Desktop\Malwarebytes stuff\MBR.dat"
09:20:12.000 The log file has been saved successfully to "C:\Users\Marcia\Desktop\Malwarebytes stuff\aswMBR.txt"

**********************************************
There is no log.txt file in the TDS SKILLER file...I ran it - I know it created it...I did have to reboot - but it didn't save the log....do I need to start over?
***********************************************

There was no GMER log created - it said there had been no changes - it did open a text file but it was empty.

****************************
OTL logfile created on: 6/17/2012 4:59:38 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Marcia\Desktop\Malwarebytes stuff
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 47.68% Memory free
7.50 Gb Paging File | 5.49 Gb Available in Paging File | 73.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.37 Gb Total Space | 98.66 Gb Free Space | 34.45% Space Free | Partition Type: NTFS

Computer Name: MARCIA-GATEWAY | User Name: Marcia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/17 15:33:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Marcia\Desktop\Malwarebytes stuff\OTL.exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/05/08 15:14:30 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/27 16:56:35 | 000,470,528 | ---- | M] (Livescribe) -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
PRC - [2011/08/03 07:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\TightVNC\tvnserver.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/26 00:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/08/26 22:48:30 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/05/26 16:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2008/05/19 13:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\ASTSRV.EXE


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/04/02 01:03:10 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/05/08 15:14:30 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2012/04/19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/08/26 07:08:54 | 000,480,256 | ---- | M] () [Auto | Running] -- C:\Program Files\USDV Backup Basic\Backup Heartbeat\Backup Heartbeat.exe -- (Backup Heartbeat)
SRV:64bit: - [2011/08/26 06:41:48 | 005,615,616 | ---- | M] () [Auto | Running] -- C:\Program Files\USDV Backup Basic\BackupScheduler\BackupScheduler.exe -- (BackupScheduler)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/01/29 15:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/08/28 21:05:26 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/08/18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/03 12:46:52 | 000,072,192 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysNative\nlsInterface.exe -- (nlsInterface)
SRV - [2012/06/13 19:27:26 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/13 12:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/27 16:56:35 | 000,470,528 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2011/09/01 13:04:32 | 000,023,040 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportService.exe -- (iTeleportService)
SRV - [2011/08/03 07:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/25 14:21:24 | 000,120,232 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/26 16:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008/11/03 21:41:00 | 000,437,248 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/05/19 13:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (ASTSRV)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/27 16:57:23 | 000,026,112 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PulseUsb.sys -- (PulseUsb)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/11/10 05:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/11/10 05:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/16 10:22:40 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/09/16 10:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/08/18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/10 22:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 14:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 17:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 17:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/30 23:55:58 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2009/02/23 17:18:58 | 000,069,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR)
DRV:64bit: - [2009/02/18 18:52:58 | 000,225,296 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/02/18 18:52:26 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2009/02/13 15:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 15:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 15:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/02/06 12:33:04 | 000,262,192 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/01/09 17:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/11/03 21:40:46 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2008/07/26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 16:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008/07/26 16:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2008/05/28 18:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2007/04/23 14:54:40 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007/04/23 14:54:40 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115obex.sys -- (s115obex)
DRV:64bit: - [2007/04/23 14:54:38 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdm.sys -- (s115mdm)
DRV:64bit: - [2007/04/23 14:54:36 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdfl.sys -- (s115mdfl)
DRV:64bit: - [2007/04/23 14:54:32 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV:64bit: - [2007/03/16 09:04:10 | 000,055,808 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mr7910.sys -- (mr7910)
DRV:64bit: - [2006/06/18 23:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2010/04/13 14:05:02 | 000,023,936 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...9&m=nv52_series
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...9&m=nv52_series
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2465030

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...9&m=nv52_series
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {AC6AF28B-9419-48DA-A36F-B477F9CA49F9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...GW_enUS343US343
IE - HKCU\..\SearchScopes\{AC6AF28B-9419-48DA-A36F-B477F9CA49F9}: "URL" = http://start.funmood...&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2465030
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Marcia\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/05/30 19:22:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/12 15:24:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/24 06:43:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/04/26 21:03:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/05/30 19:22:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/12 15:24:51 | 000,000,000 | ---D | M]

[2011/07/20 11:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcia\AppData\Roaming\Mozilla\Extensions
[2010/05/11 22:17:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcia\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/03/27 12:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
File not found (No name found) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
File not found (No name found) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120426210102.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (Gamers Unite! Snag Bar BHO) - {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120426210103.dll (McAfee, Inc.)
O2 - BHO: (no name) - {90d46c30-9f25-4104-aea9-35c3f84477ff} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe File not found
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKCU..\Run: [EDesksoft Auto Update] C:\Program Files (x86)\EDesksoft\Update\EDesksoftUpdate.exe (EDesksoft Inc)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Users\Marcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files (x86)\IncrediMail\Bin\resources\WebMenuImg.htm ()
O8:64bit: - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files (x86)\IncrediMail\Bin\resources\WebMenuImg.htm ()
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.c...stem/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://www.onlinereg...erial/gwCID.cab (compid Class)
O16 - DPF: {A763FB1D-703C-40AA-9FFD-4F23ED8D8641} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F533FFC8-B8E6-4C92-9AD8-8EE479E75330}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Marcia\Pictures\wallpaper\264.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marcia\Pictures\wallpaper\264.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/17 09:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/06/17 09:27:09 | 000,000,000 | ---D | C] -- C:\ARK
[2012/06/17 09:23:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/17 09:04:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/17 09:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/06/17 09:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/06/16 23:09:01 | 000,000,000 | ---D | C] -- C:\Users\Marcia\Desktop\Malwarebytes stuff
[2012/06/16 22:26:48 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/06/16 22:26:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/06/13 18:43:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/13 18:43:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/13 18:43:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/13 18:43:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/13 18:43:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/13 18:43:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/13 18:43:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/13 18:43:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/13 18:43:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/13 18:43:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/13 18:43:14 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/13 18:43:13 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/13 18:43:12 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 18:39:26 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 18:39:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 18:39:24 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 18:38:52 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 18:38:44 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/13 18:37:05 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/06/13 18:37:04 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/06/13 18:36:48 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/11 18:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/11 18:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/11 18:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/11 18:47:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/06 20:27:54 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Local\{DE7552C0-F75B-4993-B7F2-C7C4485DEC9F}
[2012/06/06 20:27:28 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Local\{7B13A308-C4F0-4E8C-9421-876BECE83C74}
[2012/06/03 17:15:48 | 000,000,000 | ---D | C] -- C:\Users\Marcia\Desktop\New Folder (2)
[2012/06/03 10:40:20 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Local\{C35061D4-49F5-4C7F-8BAC-A85E5F227478}
[2012/06/03 10:39:49 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Local\{4247DE36-DA81-4EF3-A746-EF76BE093793}
[2012/06/02 16:25:28 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Local\{80741EB4-0387-449C-B17E-D8F7F687BEA1}
[2012/06/02 16:25:07 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Local\{C9B5C8D1-7F12-442F-842B-F8D747DA94E2}
[2012/05/31 20:45:17 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Local\{553EC7E1-2C50-4887-AC22-8AA76E3867AE}
[2012/05/31 20:44:46 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Local\{1F3DF71A-5A4D-4BE1-BD58-23609C30F61A}
[2012/05/30 20:07:40 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Local\{3BA45051-F876-4000-9C50-116191BFF310}
[2012/05/30 20:07:26 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Local\{141EA0B0-A2C9-49FA-AA45-24FBBC9E991F}
[2012/05/30 19:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012/05/28 12:11:45 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Local\{9CEEA8C0-3B29-473E-B156-A4AD73442F39}
[2012/05/28 12:11:20 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Local\{2A341386-0C72-463F-B5BF-95EBB6B707BC}
[2012/05/28 00:10:45 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Local\{599C5B45-C704-47F4-89AD-A8BB3A011C1B}
[2012/05/28 00:10:19 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Local\{E32EEBAE-3D90-4380-AD53-8846939008A5}
[2012/05/27 21:55:53 | 000,000,000 | ---D | C] -- C:\Users\Marcia\Desktop\STATS
[2012/05/27 21:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis
[2012/05/27 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Photo Pro X3
[2012/05/27 21:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2012/05/27 21:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2012/05/27 18:05:14 | 000,000,000 | ---D | C] -- C:\Users\Marcia\Desktop\zipped new plugins downloaded 5-27-12 and after
[2012/05/27 17:46:30 | 000,000,000 | ---D | C] -- C:\Duplicate File Hunter - Removed files
[2012/05/27 17:09:00 | 000,000,000 | ---D | C] -- C:\NEW plugins
[2012/05/27 14:48:42 | 000,000,000 | ---D | C] -- C:\Users\Marcia\Documents\Calibre Library
[2012/05/27 14:48:39 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Roaming\calibre
[2012/05/27 14:47:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2012/05/27 14:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012/05/27 13:49:02 | 000,000,000 | ---D | C] -- C:\Users\Marcia\Desktop\New folder
[2012/05/26 23:26:45 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Local\{D3954AC1-847D-472B-8017-70E0B859423E}
[2012/05/26 23:26:21 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Local\{1C84969A-3525-46A2-AC5B-4D635474E0FC}
[2012/05/26 14:34:12 | 000,000,000 | ---D | C] -- C:\Users\Marcia\Desktop\vids
[2012/05/26 11:25:44 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Local\{D02735E4-F77B-473E-B204-851BE250D108}
[2012/05/26 11:25:21 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Local\{5EE42EE4-850F-4602-921C-8983375E045B}
[2012/05/22 19:33:06 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Local\{2B2E7BA2-D2C0-4873-8AD1-1D33FBA5F2F1}
[2012/05/22 19:32:32 | 000,000,000 | ---D | C] -- C:\Users\Marcia\AppData\Local\{16BC2BDB-B767-450A-B741-A25DCA723E34}
[2012/05/21 19:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/21 19:33:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/10/12 15:11:21 | 000,465,264 | ---- | C] (Corel) -- C:\Program Files (x86)\Common Files\AppFramework.dll
[2010/10/12 15:11:21 | 000,332,144 | ---- | C] (Corel) -- C:\Program Files (x86)\Common Files\MediaOrganizer.dll
[2010/10/12 15:11:21 | 000,033,136 | ---- | C] (Corel-V1E) -- C:\Program Files (x86)\Common Files\FlickrProvider.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/17 17:31:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/17 16:55:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/17 09:33:03 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 09:33:03 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 09:32:37 | 000,796,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/17 09:32:37 | 000,672,240 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/17 09:32:37 | 000,126,334 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/17 09:24:59 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/17 09:24:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/17 09:24:42 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/17 09:10:23 | 000,000,212 | ---- | M] () -- C:\Users\Marcia\Desktop\trogan agent in svchost exe - and making outgoing connections - Malwarebytes Forum.url
[2012/06/17 09:03:35 | 000,000,890 | ---- | M] () -- C:\Users\Marcia\Desktop\NTREGOPT.lnk
[2012/06/17 09:03:35 | 000,000,871 | ---- | M] () -- C:\Users\Marcia\Desktop\ERUNT.lnk
[2012/06/16 22:26:48 | 000,001,230 | ---- | M] () -- C:\Users\Marcia\Desktop\Revo Uninstaller.lnk
[2012/06/16 22:10:04 | 000,128,000 | ---- | M] () -- C:\Users\Marcia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/16 20:35:40 | 000,121,090 | ---- | M] () -- C:\Users\Marcia\Desktop\popup warningjpg.jpg
[2012/06/16 20:32:01 | 000,070,621 | ---- | M] () -- C:\Users\Marcia\Desktop\malware warning jpg.jpg
[2012/06/16 01:00:01 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Marcia - Full System Scan.job
[2012/06/15 20:39:20 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/13 19:34:17 | 000,000,394 | ---- | M] () -- C:\Users\Marcia\AppData\Roaming\Update.cfg
[2012/06/13 19:27:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/13 19:27:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/13 19:23:12 | 001,035,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 19:10:46 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/06/11 18:48:55 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/30 19:24:00 | 000,001,967 | ---- | M] () -- C:\Users\Marcia\Application Data\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk
[2012/05/28 16:52:05 | 000,006,528 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/05/27 22:56:28 | 000,000,594 | ---- | M] () -- C:\Windows\nvrbm.ini
[2012/05/27 14:48:03 | 000,000,922 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/05/27 14:45:20 | 047,406,512 | ---- | M] () -- C:\Users\Marcia\Desktop\calibre-0.8.53.msi
[2012/05/27 11:16:06 | 002,162,160 | ---- | M] () -- C:\Users\Marcia\Desktop\James E.L. - Fifty Shades Darker.pdf
[2012/05/27 10:38:46 | 004,498,770 | ---- | M] () -- C:\Users\Marcia\Desktop\James E.L. - Fifty Shades Freed.pdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/17 09:10:23 | 000,000,212 | ---- | C] () -- C:\Users\Marcia\Desktop\trogan agent in svchost exe - and making outgoing connections - Malwarebytes Forum.url
[2012/06/17 09:03:35 | 000,000,890 | ---- | C] () -- C:\Users\Marcia\Desktop\NTREGOPT.lnk
[2012/06/17 09:03:35 | 000,000,871 | ---- | C] () -- C:\Users\Marcia\Desktop\ERUNT.lnk
[2012/06/16 22:26:48 | 000,001,230 | ---- | C] () -- C:\Users\Marcia\Desktop\Revo Uninstaller.lnk
[2012/06/16 20:35:39 | 000,121,090 | ---- | C] () -- C:\Users\Marcia\Desktop\popup warningjpg.jpg
[2012/06/16 20:30:58 | 000,070,621 | ---- | C] () -- C:\Users\Marcia\Desktop\malware warning jpg.jpg
[2012/06/15 20:39:20 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/13 19:10:46 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/06/11 18:48:55 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/27 22:56:28 | 000,000,594 | ---- | C] () -- C:\Windows\nvrbm.ini
[2012/05/27 14:48:03 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/05/27 14:44:02 | 047,406,512 | ---- | C] () -- C:\Users\Marcia\Desktop\calibre-0.8.53.msi
[2012/05/27 11:37:15 | 004,498,770 | ---- | C] () -- C:\Users\Marcia\Desktop\James E.L. - Fifty Shades Freed.pdf
[2012/05/27 11:37:04 | 002,162,160 | ---- | C] () -- C:\Users\Marcia\Desktop\James E.L. - Fifty Shades Darker.pdf
[2011/12/04 19:24:36 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/11/07 21:37:57 | 000,020,580 | ---- | C] () -- C:\Users\Marcia\AppData\Roaming\UserTile.png
[2011/09/21 19:30:17 | 000,000,000 | ---- | C] () -- C:\Users\Marcia\AppData\Local\{BF044049-F768-4402-A119-194E8A72DDE0}
[2011/06/12 22:20:21 | 000,000,394 | ---- | C] () -- C:\Users\Marcia\AppData\Roaming\Update.cfg
[2011/05/21 14:42:43 | 000,162,242 | ---- | C] () -- C:\Windows\DP Animation Maker Uninstaller.exe
[2011/04/14 18:03:40 | 000,003,565 | ---- | C] () -- C:\Windows\SysWow64\RDDlg.dat
[2011/02/23 13:57:08 | 000,000,094 | ---- | C] () -- C:\Users\Marcia\AppData\Local\fusioncache.dat
[2011/02/23 12:42:48 | 000,790,854 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/15 06:46:02 | 014,135,296 | ---- | C] () -- C:\Windows\SysWow64\common_res.dll
[2010/12/06 21:56:34 | 000,148,177 | ---- | C] () -- C:\Program Files (x86)\Common Files\BookViewer.xap
[2010/12/02 14:34:40 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/10/12 15:11:22 | 000,130,416 | ---- | C] () -- C:\Program Files (x86)\Common Files\PluginCommon.dll
[2010/10/12 15:11:21 | 000,402,800 | ---- | C] () -- C:\Program Files (x86)\Common Files\facebook.dll

========== LOP Check ==========

[2009/12/09 01:07:57 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\.purple
[2009/12/09 01:07:58 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\acccore
[2010/03/19 20:52:17 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\ACD Systems
[2010/08/15 17:16:58 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Alien Skin
[2010/09/19 10:19:41 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Artogon
[2011/01/15 11:03:58 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Awem
[2011/09/04 19:19:09 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Azureus
[2009/12/09 01:07:59 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Babylon
[2011/10/04 20:17:28 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Big Fish Games
[2012/05/27 14:49:52 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\calibre
[2012/03/14 19:49:17 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\com.livescribe.LivescribeConnect
[2010/01/09 00:24:31 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Dream Aquarium
[2011/09/04 19:19:10 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Duplicate File Hunter
[2011/05/08 18:58:56 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\ElementalsTheMagicKey
[2010/04/30 17:01:43 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\eMusic
[2010/04/19 21:08:49 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\EscapeTheMuseum2
[2010/04/19 16:21:29 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\FloodLightGames
[2011/09/25 15:44:50 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\GestaltGames
[2010/11/06 19:41:22 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\HiYo
[2009/12/09 01:08:02 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Image Zone Express
[2009/12/09 01:08:02 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\IObit
[2009/12/09 01:08:02 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Jasc
[2009/12/09 01:08:02 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Leadertech
[2011/09/25 16:55:00 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Mariaglorum
[2011/06/17 21:36:01 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Mipony
[2009/12/09 01:08:09 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\MonteCristo2
[2012/03/03 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\mydesktoptherapist.com
[2012/04/15 10:08:31 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Mystery of Mortlake Mansion
[2012/03/16 20:25:43 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\NCH Swift Sound
[2011/09/04 19:19:10 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\nswb
[2011/12/06 21:15:17 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\ooVoo Details
[2009/12/09 01:08:09 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Paltalk
[2012/03/27 12:11:53 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\PDFlite
[2010/04/20 20:57:02 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\PlayFirst
[2010/11/12 15:38:42 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Playrix Entertainment
[2009/12/09 01:08:09 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Printer Info Cache
[2012/02/20 21:45:52 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Riverpoint Writer
[2010/08/08 21:44:01 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\SolSuite
[2009/12/25 19:20:27 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Template
[2011/03/06 10:12:13 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\TheGreatPharaoh
[2010/09/26 16:45:48 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\TheScruffs
[2009/12/09 01:08:09 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Thinstall
[2010/07/31 15:46:00 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Trio
[2011/02/05 22:18:37 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\Ubisoft
[2011/09/04 19:19:12 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\uTorrent
[2009/09/10 19:44:40 | 000,000,000 | ---D | M] -- C:\Users\Marcia\AppData\Roaming\WeatherBug
[2012/05/30 18:34:14 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:FB97DB91
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:9BAC4211
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:700B9342
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:F54781BF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:F1DEA771
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0656FCD2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:E3615992
< End of report >

*********************************************************
It did not create an extras txt or file....
it gave the following error:
List Index Out of Bounds (21)
In the bottom of the application (progress area) it said "Application Event Log Record 27115

*******************************************************
Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 26
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Marcia Desktop Malwarebytes stuff SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

#6
Maurice Naggar
Posted 18 June 2012 - 07:05 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,194 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Do not do any websurfing, online banking, nor any online transactions. Just only go to this forum and the websites I guide you to.
Your logs showed some peer-to-peer filesharing apps: Azurues I do not recommend the use of P-2-P programs since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.
Risks of File-Sharing Technology.

P2P file sharing: Know the risks

De-install Azureus and any other peer-to-peer fileshare app. And pls confirm.

Also, be very aware that Iobit has a dodgy reputation. Please un-install any Iobit programs.

Step 2
1. Open Internet Explorer.
2. Click "Tools," and then click "Internet Options."
3. Click "Connections," and then click "LAN Settings."
4. Make sure the check boxes for "Automatically detect settings" and "Use automatic configuration script" are not selected.
5. Apply changes & OK

Step 3
Download a new copy of TDSSKILLER and Save it to a special folder ---- in MBAM folder

Turn off your McAfee antivirus so that it does not interfere. Leave the firewall on.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


Please follow my guidance. Ask if you have questions.

I am going to ask you to read very carefully. I am asking you to download to unique folder !!

Step a. Close and save any open documents, and exit programs that you started.

Step b. Download TDSSKiller.exe and SAVE it to a special folder
http://support.kaspe.&#46;&#46;/tdsskiller.exe
and be sure to SAVE it in this folder --> C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon


Step c. Install the Chameleon driver by doing the following:
Press the Windows key + R and in the Run box, copy and paste the following command then press Enter. Copy All of the line from beginning to end {from the double-quote ...all the way to the last o ......ALL

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o


A black Command prompt will appear with a prompt to press any key to continue, please do.

Step d
Please read carefully and follow these steps.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.


  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image


  • If a suspicious file is detected, the default action will be Skip, click on Continue.


  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image


  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please Copy & Paste that log in reply.
Re-enable your McAfee antivirus.
~Maurice Naggar

I close my threads if there is 5 days without a response.

#7
MJnDenver
Posted 18 June 2012 - 08:05 AM

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Female
  • Location:Denver, CO
Hello Maurice,
I am at work right now, but I will get on this as soon as I get home. FYI, I have never user P2P stuff.....I think once about 4 computers ago and got a bad virus so have never used one since. I do not recognize the names "azures and lobit"....and I don't believe they've ever shown up in my program list. So I'm not sure how to remove them. I will check when I get home though and if they are removable they will be gone.

#8
Maurice Naggar
Posted 18 June 2012 - 08:14 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,194 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
On the peer-to-peer apps: 1 of them is Azureus plus this appears to also have uTorrent. Remove both if found.
Since this pc is running Windows 7, you should look in Programs and Features. Control Panel >> Programs and Features.
or you may press Windows-key, then type in Programs and Features.

Edited by Maurice Naggar, 18 June 2012 - 08:15 AM.

~Maurice Naggar

I close my threads if there is 5 days without a response.

#9
MJnDenver
Posted 18 June 2012 - 08:45 PM

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Female
  • Location:Denver, CO
I can't find that Azureus in my list of installed programs anywhere - I looked in the Programs and features, not listed. I looked in my CCleaner tools, not there, and I looked in the Revo uninstaller that was recommended on another post and that doesn't find it either. I did find one odd entry - but I didn't touch it - RedMon Redirection Monitor - installed 3/27/12. That's not something I remember downloading. I won't touch that unless and until you tell me to though - I don't want to make anything worse.

I'm off to start on the new set of instructions!

#10
MJnDenver
Posted 18 June 2012 - 08:55 PM

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Female
  • Location:Denver, CO
I can't get the TDSSKiller to save in the chameleon folder, it tells me I must be an administrator to change that file - so I went to properties and tried to take the read only off (I am an administrator on this machine), applied changes, but the change from read only won't stay applied.

So, I'm stuck at step 3.

#11
Maurice Naggar
Posted 18 June 2012 - 10:38 PM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,194 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
ok, MJ.
You already have MBAM, so let's have you run Chameleon.
  • Close any/all open internet browsers. Save any open documents you have open & close programs you started.

  • Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware Chameleon

    On Windows 7, press Windows-key, then start typing in text box [code]Malwarebytes[code] then select/click Malwarebytes Anti-Malware Chameleon

  • Once the Help file opens, click on a Chameleon button (starting with #1)
  • If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.


  • You should see a black Command-prompt-window that remains open and says MBAM-chameleon ver. 1.61 at the top
  • Press any key to continue as it says in the window {space-bar will do}

  • If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all. We only need one to work.).

  • Have infinite patience during this process

  • Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
  • Once the update completes and it says your database is updated, click on OK button so that process can continue :excl:

  • Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.

  • After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan

  • A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.

  • Once the scan is complete, click on Show Results and remove any threats that are found by clicking Remove Selected
  • If prompted to restart your computer to complete the removal process, click Yes :excl:

  • If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.

  • After your computer restarts, open Malwarebytes Anti-Malware and perform one last Quick scan to verify that there are no remaining threats

~Maurice Naggar

I close my threads if there is 5 days without a response.

#12
MJnDenver
Posted 19 June 2012 - 07:50 PM

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Female
  • Location:Denver, CO
WooHoo!!! Here's the 2nd quick scan log....all clean!

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.19.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marcia :: MARCIA-GATEWAY [administrator]
Protection: Enabled
6/19/2012 6:22:34 PM
mbam-log-2012-06-19 (18-22-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 214724
Time elapsed: 12 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Now - how do I get rid of the Azues thing that I can't find....and is that really all we needed to do? Or is there something else I should do? More logs to be sure we got it all?

#13
Maurice Naggar
Posted 20 June 2012 - 07:20 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,194 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Good result from MBAM !!

Let's get some other logs.
Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
[list][*]RIGHT click on RSITx64.exe & select Run as Administrator to start RSITx64.
[*]Click Continue at the disclaimer screen.
[*]Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be="" maximized)="" and="" [b]info.txt[="" b]="" (<<will="" minimized)[="" list]="" download="" [url="http://download.bleepingcomputer.com/farbar/FSS.exe%5D">> Farbar's Service Scanner utility <<[/url] and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.
If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen:
Keep the checkmark on Internet Services.

Checkmark Windows firewall

Checkmark Security Center.

Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste Log.txt, Info.txt + FSS.txt with your reply.</will>

Edited by Maurice Naggar, 20 June 2012 - 07:30 AM.

~Maurice Naggar

I close my threads if there is 5 days without a response.

#14
MJnDenver
Posted 20 June 2012 - 07:33 PM

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Female
  • Location:Denver, CO
log txt:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Marcia at 2012-06-20 18:28:36
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 101 GB (34%) free of 293 GB
Total RAM: 3838 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:30:19 PM, on 6/20/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\trend micro\Marcia.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...9&m=nv52_series
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo....?fr=mcafee&p=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: FCTBPos00Pos - {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120426210103.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {90d46c30-9f25-4104-aea9-35c3f84477ff} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Gamers Unite! Snag Bar - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [EDesksoft Auto Update] C:\Program Files (x86)\EDesksoft\Update\EDesksoftUpdate.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files (x86)\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.c...stem/iCloud.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://www.onlinereg...erial/gwCID.cab
O16 - DPF: {A763FB1D-703C-40AA-9FFD-4F23ED8D8641} - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: Backup Heartbeat - Unknown owner - C:\Program Files\USDV Backup Basic\Backup Heartbeat\Backup Heartbeat.exe
O23 - Service: BackupScheduler - Unknown owner - C:\Program Files\USDV Backup Basic\BackupScheduler\BackupScheduler.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service 64-bit (nlsInterface) - Unknown owner - C:\Windows\system32\nlsInterface.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
O23 - Service: Livescribe Pulse Smartpen Service (PenCommService) - Livescribe - C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
O23 - Service: PremierOpinion - Unknown owner - C:\Program Files (x86)\PremierOpinion\pmservice.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files (x86)\TightVNC\tvnserver.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 17878 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\Windows\SysWOW64\ASTSRV.EXE
"C:\Program Files\USDV Backup Basic\Backup Heartbeat\Backup Heartbeat.exe"
"C:\Program Files\USDV Backup Basic\BackupScheduler\BackupScheduler.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe"
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HsfXAudioService
"C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportService.exe"
"C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe"
"C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\nlsInterface.exe
"C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe"
"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll", saHooker_Initialize_and_Wait
"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\x64\saHook.dll", saHooker_Initialize_and_Wait
"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll", saHooker_Initialize_and_Wait
"C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe"
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe"
"C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe"
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TightVNC\tvnserver.exe" -service
"C:\Program Files (x86)\AWS\WeatherBug\Weather.exe" 1
"C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"
"C:\Program Files\Web Assistant\ExtensionUpdaterService.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe"
\??\C:\Windows\system32\conhost.exe "-600548362690197098-470121014-304818126-121870704816334767531382638114-1680195700
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
KHALMNPR.EXE /API
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" -Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe"
"C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe"
WLIDSvcM.exe 1084
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Launch Manager\LManager.exe"
"C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe"
"C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
"C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -Embedding
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:6068 CREDAT:203009
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe"
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Users\Marcia\Desktop\Malwarebytes stuff\RSITx64.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
C:\Windows\servicing\TrustedInstaller.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Internet Security - Marcia - Full System Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
Web Assistant - C:\Program Files\Web Assistant\Extension64.dll [2012-05-08 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120426210102.dll [2012-03-20 94688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-17 253040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2012-02-17 348592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{145B29F4-A56B-4b90-BBAC-45784EBEBBB7}]
StumbleUpon Launcher - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll [2010-03-25 1283472]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26A7CA19-7D58-411D-B2DA-F1B0324CBFFC}]
Gamers Unite! Snag Bar BHO - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll [2012-04-18 1618944]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\progra~1\mcafee\msk\mskapbho.dll [2010-11-25 238056]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
Web Assistant - C:\Program Files\Web Assistant\Extension32.dll [2012-05-08 162816]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120426210103.dll [2012-03-20 79744]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90d46c30-9f25-4104-aea9-35c3f84477ff}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-17 192112]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2012-02-17 281600]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2012-02-17 348592]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-17 253040]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{5093EB4C-3E93-40AB-9266-B607BA87BDC8} - StumbleUpon Toolbar - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll [2010-03-25 1283472]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2012-02-17 281600]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-17 192112]
{25515A79-C1C7-4B97-97F8-31A711694487} - Gamers Unite! Snag Bar - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll [2012-04-18 1618944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-06 1684264]
"Acer ePower Management"=C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2009-08-28 824352]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2008-11-05 492600]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2010-01-27 1612880]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EDesksoft Auto Update"=C:\Program Files (x86)\EDesksoft\Update\EDesksoftUpdate.exe [2011-05-22 278528]
"Weather"=C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [2009-01-30 1347584]
"MobileDocuments"=C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [2012-02-23 59240]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-09-06 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2012-02-24 59240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-05-30 59280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [2009-05-26 236288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\com.apple.dav.bookmarks.daemon]
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [2012-02-23 59240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2012-02-23 59240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-06-07 421776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe -bootmode []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe /hide []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe [2012-03-21 1675160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe [2012-02-22 6591800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2012-03-08 4280184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2012-04-18 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-09-06 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
realsched.exe -osboot []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoWebCamera]
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe [2009-04-02 1552497]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe [2009-09-20 270336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Marcia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~2\MICROS~2\Office12\ONENOTEM.EXE /tsr []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-03 61440]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2009-08-26 1194504]
"MaxMenuMgr"=C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2009-09-26 185640]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]
"tvncontrol"=C:\Program Files (x86)\TightVNC\tvnserver.exe [2011-08-03 828944]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2012-03-21 1675160]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"Corel File Shell Monitor"=C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe []
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-05-30 59280]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-06-07 421776]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]
C:\Users\Marcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
PowerReg Scheduler.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2010-01-29 66640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"legalnoticetext"=
"SoftwareSASGeneration"=1
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"BindDirectlyToPropertySetStorage"=0
"NoRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"MSVideo"=vfwwdm32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 3 months======
2012-06-20 18:28:37 ----D---- C:\Program Files\trend micro
2012-06-20 18:28:36 ----D---- C:\rsit
2012-06-17 09:27:09 ----D---- C:\ARK
2012-06-17 09:23:02 ----D---- C:\TDSSKiller_Quarantine
2012-06-17 09:20:51 ----A---- C:\TDSSKiller.2.7.40.0_17.06.2012_09.20.51_log.txt
2012-06-17 09:04:46 ----D---- C:\Windows\ERDNT
2012-06-17 09:03:31 ----D---- C:\Program Files (x86)\ERUNT
2012-06-16 22:26:47 ----D---- C:\Program Files (x86)\VS Revo Group
2012-06-16 09:09:00 ----A---- C:\Windows\ntbtlog.txt
2012-06-13 19:10:46 ----A---- C:\Windows\system32\MRT.INI
2012-06-13 18:43:23 ----A---- C:\Windows\SYSWOW64\url.dll
2012-06-13 18:43:23 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-06-13 18:43:23 ----A---- C:\Windows\system32\mshtmled.dll
2012-06-13 18:43:22 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-06-13 18:43:22 ----A---- C:\Windows\system32\urlmon.dll
2012-06-13 18:43:22 ----A---- C:\Windows\system32\url.dll
2012-06-13 18:43:21 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-06-13 18:43:21 ----A---- C:\Windows\system32\iertutil.dll
2012-06-13 18:43:19 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-06-13 18:43:19 ----A---- C:\Windows\system32\ieui.dll
2012-06-13 18:43:18 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-06-13 18:43:18 ----A---- C:\Windows\system32\ieUnatt.exe
2012-06-13 18:43:17 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-06-13 18:43:16 ----A---- C:\Windows\system32\wininet.dll
2012-06-13 18:43:15 ----A---- C:\Windows\system32\jsproxy.dll
2012-06-13 18:43:14 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-06-13 18:43:14 ----A---- C:\Windows\system32\jscript9.dll
2012-06-13 18:43:13 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-06-13 18:43:12 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-06-13 18:43:12 ----A---- C:\Windows\system32\jscript.dll
2012-06-13 18:43:10 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-06-13 18:43:07 ----A---- C:\Windows\system32\mshtml.dll
2012-06-13 18:43:03 ----A---- C:\Windows\system32\ieframe.dll
2012-06-13 18:42:58 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-06-13 18:39:26 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-06-13 18:39:25 ----A---- C:\Windows\system32\rdpwsx.dll
2012-06-13 18:39:24 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-06-13 18:39:18 ----A---- C:\Windows\system32\win32k.sys
2012-06-13 18:38:52 ----A---- C:\Windows\system32\crypt32.dll
2012-06-13 18:38:47 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2012-06-13 18:38:45 ----A---- C:\Windows\system32\cryptsvc.dll
2012-06-13 18:38:44 ----A---- C:\Windows\system32\cryptnet.dll
2012-06-13 18:38:41 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2012-06-13 18:38:39 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2012-06-13 18:37:05 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2012-06-13 18:37:04 ----A---- C:\Windows\system32\qdvd.dll
2012-06-13 18:36:48 ----A---- C:\Windows\system32\msi.dll
2012-06-13 18:36:45 ----A---- C:\Windows\SYSWOW64\msi.dll
2012-06-13 18:35:44 ----A---- C:\Windows\system32\profsvc.dll
2012-06-13 18:35:36 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-06-11 18:47:05 ----D---- C:\Program Files\iPod
2012-06-11 18:47:03 ----D---- C:\Program Files\iTunes
2012-06-11 18:47:03 ----D---- C:\Program Files (x86)\iTunes
2012-05-30 19:22:43 ----D---- C:\Program Files\Web Assistant
2012-05-27 22:56:28 ----A---- C:\Windows\nvrbm.ini
2012-05-27 21:21:06 ----D---- C:\Program Files (x86)\Corel
2012-05-27 17:46:30 ----D---- C:\Duplicate File Hunter - Removed files
2012-05-27 17:09:00 ----D---- C:\NEW plugins
2012-05-27 14:48:39 ----D---- C:\Users\Marcia\AppData\Roaming\calibre
2012-05-27 14:47:36 ----D---- C:\Program Files (x86)\Calibre2
2012-05-21 19:33:01 ----D---- C:\Program Files (x86)\QuickTime
2012-05-08 17:13:23 ----D---- C:\Program Files\Microsoft Silverlight
2012-05-08 17:13:23 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-05-08 15:15:04 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-05-08 15:14:58 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-05-08 15:14:57 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-05-08 15:14:52 ----A---- C:\Windows\system32\DWrite.dll
2012-05-08 15:14:50 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-05-08 15:12:42 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-05-08 15:12:38 ----A---- C:\Windows\system32\drivers\partmgr.sys
2012-04-15 10:08:24 ----D---- C:\Users\Marcia\AppData\Roaming\Mystery of Mortlake Mansion
2012-04-13 22:31:07 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2012-04-13 19:52:51 ----D---- C:\Windows\en
2012-04-13 19:47:30 ----D---- C:\Program Files\Windows Live
2012-04-10 19:00:27 ----A---- C:\Windows\SYSWOW64\wmi.dll
2012-04-10 19:00:27 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2012-04-10 19:00:27 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2012-04-10 19:00:27 ----A---- C:\Windows\system32\wmi.dll
2012-04-10 19:00:27 ----A---- C:\Windows\system32\wintrust.dll
2012-04-10 19:00:27 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-10 19:00:27 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-03 19:24:20 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-03-27 12:11:25 ----D---- C:\Users\Marcia\AppData\Roaming\PDFlite
2012-03-27 12:10:25 ----A---- C:\Windows\system32\unredmon.exe
2012-03-27 12:10:25 ----A---- C:\Windows\system32\redmonnt.dll
2012-03-27 12:09:44 ----A---- C:\user.js
2012-03-27 12:09:37 ----D---- C:\Program Files (x86)\PDFlite
2012-03-27 12:09:35 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-03-26 11:51:58 ----D---- C:\Program Files (x86)\Amazon
======List of files/folders modified in the last 3 months======
2012-06-20 18:30:02 ----D---- C:\Windows\system32\config
2012-06-20 18:29:47 ----D---- C:\Windows\Temp
2012-06-20 18:28:37 ----RD---- C:\Program Files
2012-06-19 18:08:40 ----D---- C:\Windows\System32
2012-06-19 18:08:40 ----D---- C:\Windows\inf
2012-06-19 18:08:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-19 18:02:58 ----D---- C:\Windows\system32\drivers
2012-06-17 09:46:28 ----AD---- C:\Windows
2012-06-17 09:03:31 ----D---- C:\Program Files (x86)
2012-06-16 10:22:51 ----SHD---- C:\System Volume Information
2012-06-15 23:55:45 ----D---- C:\ProgramData\BackupClient
2012-06-15 21:05:07 ----D---- C:\Windows\Microsoft.NET
2012-06-15 21:05:05 ----RSD---- C:\Windows\assembly
2012-06-15 20:39:23 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-14 19:41:54 ----SHD---- C:\Windows\Installer
2012-06-14 19:41:51 ----D---- C:\ProgramData\Microsoft Help
2012-06-13 19:24:34 ----D---- C:\Windows\winsxs
2012-06-13 19:20:10 ----AD---- C:\Windows\SysWOW64
2012-06-13 19:20:05 ----D---- C:\Windows\SYSWOW64\en-US
2012-06-13 19:20:05 ----D---- C:\Windows\system32\en-US
2012-06-13 19:20:04 ----D---- C:\Windows\SYSWOW64\migration
2012-06-13 19:20:04 ----D---- C:\Program Files (x86)\Internet Explorer
2012-06-13 19:20:02 ----D---- C:\Windows\system32\migration
2012-06-13 19:20:01 ----D---- C:\Program Files\Internet Explorer
2012-06-13 19:00:20 ----D---- C:\Windows\Prefetch
2012-06-13 19:00:20 ----A---- C:\Windows\system32\MRT.exe
2012-06-13 18:44:24 ----D---- C:\Windows\system32\catroot
2012-06-13 18:44:21 ----D---- C:\Windows\system32\catroot2
2012-06-11 18:38:02 ----D---- C:\Windows\system32\DriverStore
2012-05-27 21:32:44 ----D---- C:\ProgramData\Corel
2012-05-27 21:31:37 ----D---- C:\Program Files (x86)\Common Files
2012-05-27 21:21:06 ----D---- C:\ProgramData\Ulead Systems
2012-05-26 12:51:35 ----D---- C:\Windows\pss
2012-05-08 15:39:02 ----D---- C:\Windows\debug
2012-05-08 15:16:49 ----D---- C:\Program Files\Windows Journal
2012-04-18 21:55:53 ----D---- C:\Program Files (x86)\Gamers Unite! Snag Bar
2012-04-15 10:07:08 ----D---- C:\Program Files (x86)\Playrix Entertainment
2012-04-13 19:48:02 ----D---- C:\Program Files (x86)\Windows Live
2012-04-03 19:24:23 ----D---- C:\Windows\Tasks
2012-04-03 19:24:23 ----D---- C:\Windows\system32\Tasks
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ahcix64s;ahcix64s; C:\Windows\system32\DRIVERS\ahcix64s.sys [2009-02-18 225296]
R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-02-18 16400]
R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2012-02-22 647208]
R0 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 17024]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 6037504]
R3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2012-02-22 65264]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2009-08-10 686080]
R3 DKbFltr;Dritek Keyboard Filter Driver (64-bit); C:\Windows\SysWOW64\Drivers\DKbFltr.sys [2009-03-25 25608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [2009-02-13 1485824]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 LVUSBS64;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2012-02-22 160792]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2012-02-22 229528]
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-05 18432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-02-06 262192]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-05 16896]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2008-05-28 26168]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]
S1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-13 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-13 43008]
S3 iaStor;iaStor; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 408600]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-11-10 56336]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-11-10 58384]
S3 lvpepf64;Volume Adapter; C:\Windows\system32\DRIVERS\lv302a64.sys [2008-07-26 15768]
S3 LVPr2M64;Logitech LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys []
S3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2008-07-26 790424]
S3 mfeavfk01;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk01.sys []
S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-09-16 40904]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-09-16 49480]
S3 mr7910;Photo Viewer; C:\Windows\system32\DRIVERS\mr7910.sys [2007-03-16 55808]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V64.SYS [2009-04-30 2755096]
S3 PulseUsb;Livescribe Smartpen USB Driver; C:\Windows\system32\DRIVERS\PulseUsb.sys [2011-10-27 26112]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [2009-01-09 31744]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-13 11264]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR64.SYS [2009-02-23 69120]
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\Windows\system32\DRIVERS\s115bus.sys [2007-04-23 108296]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 19720]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s115mdm.sys [2007-04-23 144648]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 126216]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s115obex.sys [2007-04-23 123656]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-02-15 52736]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 203264]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184]
R2 ASTSRV;Nalpeiron Licensing Service; C:\Windows\syswow64\ASTSRV.EXE [2008-05-19 57344]
R2 Backup Heartbeat;Backup Heartbeat; C:\Program Files\USDV Backup Basic\Backup Heartbeat\Backup Heartbeat.exe [2011-08-26 480256]
R2 BackupScheduler;BackupScheduler; C:\Program Files\USDV Backup Basic\BackupScheduler\BackupScheduler.exe [2011-08-26 5615616]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-08-28 844320]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-13 27136]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-13 27136]
R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2009-07-13 27136]
R2 iTeleportService;iTeleportService; C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportService.exe [2011-09-01 23040]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-01-13 103440]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 McShield;McAfee McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2012-03-20 199272]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]
R2 nlsInterface;Nalpeiron Licensing Service 64-bit; C:\Windows\system32\nlsInterface.exe [2009-04-03 72192]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-05-26 62208]
R2 PenCommService;Livescribe Pulse Smartpen Service; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2011-10-27 470528]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824]
R2 tvnserver;TightVNC Server; C:\Program Files (x86)\TightVNC\tvnserver.exe [2011-08-03 828944]
R2 Web Assistant Updater;Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856]
R3 hpqcxs08;hpqcxs08; C:\Windows\syswow64\svchost.exe [2009-07-13 20992]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 936848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
S2 PremierOpinion;PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 257224]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-06 182768]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-01-29 357456]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2012-04-19 502032]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 StumbleUponUpdateService;StumbleUponUpdateService; C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe [2010-03-25 120232]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-03-03 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------

#15
MJnDenver
Posted 20 June 2012 - 07:34 PM

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Female
  • Location:Denver, CO
info txt:

info.txt logfile of random's system information tool 1.09 2012-06-20 18:30:33
======Uninstall list======
Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->C:\Program Files\CONEXANT\cAudioFilterAgent\SETUP64.EXE -U -IcAudioFilterAgent -SM=cAudioFilterAgent64.exe,16
-->C:\Program Files\Conexant\SmartAudio\SETUP64.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
64 Bit HP CIO Components Installer-->MsiExec.exe /I{55D55008-E5F6-47D6-B16F-B2A40D4D145F}
64 Bit HP CIO Components Installer-->MsiExec.exe /I{9301985B-D116-4A93-A93D-94580084FF86}
Acrobat.com-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{FE23D063-934D-4829-A0D8-00634CE79B4A}
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}
Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -maintain activex
Adobe Reader X (10.1.3)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Amazon Kindle-->C:\Program Files (x86)\Amazon\Kindle\uninstall.exe
AMD USB Audio Driver Filter-->MsiExec.exe /X{A3AB35FA-943E-4799-99DC-46EFD59E998F}
Apple Application Support-->MsiExec.exe /I{122ADF8C-DDA1-480C-9936-C88F2825B265}
Apple Mobile Device Support-->MsiExec.exe /I{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
BackupProfilesAndSettings (remove only)-->C:\Program Files\USDV Backup Basic\Plugins\UninstallBackupProfilesAndSettings.exe
Bejeweled 2 Deluxe-->C:\Windows\iun6002ev.exe "C:\Program Files (x86)\Bejeweled 2 Deluxe\irunin.ini"
Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
Broadcom Gigabit NetLink Controller-->MsiExec.exe /X{9AF0B106-56F1-461B-A270-95BC1682E282}
calibre-->MsiExec.exe /I{531336A9-55EB-4367-8064-7180849D5676}
Catalyst Control Center - Branding-->MsiExec.exe /I{92ABBA93-EE00-41C7-8D44-67D0C9DEF51E}
CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"
CleanUp!-->C:\Program Files (x86)\CleanUp!\uninstall.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU64a.exe -U -IWAUHERwa.INF
Corel KPT Collection-->MsiExec.exe /I{9C9078D1-FA30-4E1B-A194-983A4898F848}
Corel PaintShop Photo Pro X3-->C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\Setup\{DEAEB5DB-04FA-489D-94EF-8600898B93EE}\SetupARP.exe /arp
Corel PaintShop Photo Pro X3-->MsiExec.exe /I{DE4BF4BE-3CDC-43B5-BBDA-DDDA73103111}
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{D0AC5F9F-1043-4569-ACE3-67EE990EB0E6}" "1033" "0"
Download Updater (AOL LLC)-->C:\Program Files (x86)\Common Files\Software Update Utility\uninstall.exe
DP Animation Maker-->"C:\Windows\DP Animation Maker Uninstaller.exe"
Dream Vacation Solitaire FREE-->"C:\Program Files (x86)\IncrediGames\Dream Vacation Solitaire FREE\Uninstall.exe" "C:\Program Files (x86)\IncrediGames\Dream Vacation Solitaire FREE\install.log"
Duplicate File Hunter 2.21-->"C:\Program Files (x86)\Duplicate File Hunter\unins000.exe"
DVDStyler v1.6.2-->"C:\Program Files (x86)\DVDStyler\unins000.exe"
EmailStripper 2.2-->"C:\Program Files (x86)\EmailStripper\unins000.exe"
eReg-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"
ExchangeVSS (remove only)-->C:\Program Files\USDV Backup Basic\Plugins\UninstallExchangeVSS.exe
Filters Unlimited 2.0-->"C:\NEW plugins\Filters Unlimited 2.0\unins000.exe"
Fishdom - Frosty Splash-->"C:\Program Files (x86)\Playrix Entertainment\Fishdom - Frosty Splash\unins000.exe"
Fishdom - Harvest Splash-->"C:\Program Files (x86)\Playrix Entertainment\Fishdom - Harvest Splash\unins000.exe"
Fishdom - Spooky Splash-->"C:\Program Files (x86)\Playrix Entertainment\Fishdom - Spooky Splash\unins000.exe"
Fishdom H2O - Hidden Odyssey-->"C:\Program Files (x86)\Playrix Entertainment\Fishdom H2O - Hidden Odyssey\unins000.exe"
Fishdom Seasons under the Sea-->"C:\Program Files (x86)\Playrix Entertainment\Fishdom Seasons under the Sea\unins000.exe"
Fishdom-->"C:\Program Files (x86)\Playrix Entertainment\Fishdom\unins000.exe"
Fishdom2-->"C:\Program Files (x86)\Playrix Entertainment\Fishdom2\unins000.exe"
FM Patcher 1.01-->"C:\Program Files (x86)\FMPatcher\unins000.exe"
Gamers Unite! Snag Bar-->C:\Program Files (x86)\Gamers Unite! Snag Bar\Uninst.exe
Gateway MyBackup-->C:\Program Files (x86)\InstallShield Installation Information\{72B776E5-4530-4C4B-9453-751DF87D9D93}\setup.exe -runfromtemp -l0x0409
Gateway Power Management-->"C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -runfromtemp -l0x0009 -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_F91D44FAA5479127.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU64m.exe -U -IAcrZUn64y.INF
Hidden Object Mystery Pack 4-in-1-->"C:\Program Files (x86)\IncrediGames\Hidden Object Mystery Pack 4-in-1\Uninstall.exe" "C:\Program Files (x86)\IncrediGames\Hidden Object Mystery Pack 4-in-1\install.log"
HiYo-->MsiExec.exe /X{00E1E235-AB45-4695-A156-073118949ED4}
HP Customer Participation Program 13.0-->C:\Program Files (x86)\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Imaging Device Functions 13.0-->C:\Program Files (x86)\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart All-In-One Driver Software 13.0 Rel. A-->C:\Program Files (x86)\HP\Digital Imaging\{17016DA1-F040-4032-BD36-34DD317BC9D5}\setup\hpzscr40.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Photosmart Essential 3.5-->C:\Program Files (x86)\HP\Digital Imaging\PhotosmartEssential\hpzscr01.exe -datfile hpqbud13.dat -forcereboot
HP Smart Web Printing 4.60-->C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files (x86)\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}
ICA-->MsiExec.exe /I{DEAEB5DB-04FA-489D-94EF-8600898B93EE}
IncrediMail 2.0-->C:\Program Files (x86)\IncrediMail\Bin\ImSetup.exe /uninstallProduct /addon:incredimail
IncrediMail Data Manager 2.02-->"C:\Program Files (x86)\IncrediMail Data Manager\unins000.exe"
IncrediMail-->MsiExec.exe /X{18DB3375-0649-4EA3-959A-44F1ACD278BA}
IPM_PSP_CL-->MsiExec.exe /I{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}
IPM_PSP_COM-->MsiExec.exe /I{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}
iTeleport Connect-->MsiExec.exe /I{0132A1D5-EED5-4F0A-AD3E-2BDA410239FD}
iTunes-->MsiExec.exe /I{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}
Jasc Paint Shop Pro 8-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java™ 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Launch Manager-->C:\Windows\UNINST32.EXE LManager.UNI
Livescribe Connect-->msiexec /qb /x {709F27C3-B9A1-16D9-105D-B5918E03AA48}
Livescribe Connect-->MsiExec.exe /I{709F27C3-B9A1-16D9-105D-B5918E03AA48}
Livescribe Desktop-->"C:\Program Files (x86)\Livescribe\uninstall.exe" "/U:C:\Program Files (x86)\Livescribe\Uninstall\uninstall.xml"
Logitech SetPoint 6.0-->C:\Program Files\Common Files\LogiShrd\SP6_Uninstall\setup.exe
Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Total Protection-->C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{99ACCA38-6DD3-48A8-96AE-A283C9759279}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0409-1000-0000000FF1CE}" "{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0409-0000-0000000FF1CE}" "{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{047B0968-E622-4FAA-9B4B-121FA109EDDE}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0115-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0116-0409-1000-0000000FF1CE}" "{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0117-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.5-->MsiExec.exe /I{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Professional 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall SINGLEIMAGE /dll OSETUP.DLL
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (English) 2010-->MsiExec.exe /X{90140000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Single Image 2010-->MsiExec.exe /X{90140000-003D-0000-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
muvee Reveal Seagate Edition-->MsiExec.exe /X{78E9A751-5616-233F-1249-16AC5758C646}
Mystery of Mortlake Mansion-->"C:\Program Files (x86)\Playrix Entertainment\Mystery of Mortlake Mansion\unins000.exe"
OCR Software by I.R.I.S. 13.0-->C:\Program Files (x86)\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OpenAL-->"C:\Program Files (x86)\OpenAL\oalinst.exe" /U
PaintShop Photo Pro X3 Registration Incentive-->MsiExec.exe /I{3DA41E54-9526-40C0-8456-66B09379DFCC}
particleIllusion 3.0.2-->"C:\Program Files (x86)\particleIllusion_3\uninstall\unins000.exe"
particleIllusion 3.0-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\particleIllusion_3\Uninst.isu"
PDFlite 0.6-->"C:\Program Files (x86)\PDFlite\uninstall-pdflite.exe"
Photo Notifier and Animation Creator-->MsiExec.exe /X{788A0222-5690-4212-AA9C-C48FD0E1C9AE}
Photo Notifier and Animation Creator-->MsiExec.exe /X{788A0222-5690-4212-AA9C-C48FD0E1C9AE} ARPVAL="UnInst" /qf /L*V "%temp%\PhotoNotifier_AnimationCreatorUninstall.log"
PhotoMail Maker-->MsiExec.exe /X{75AE8014-1184-4BC0-B279-C879540719EE}
PhotoMail Maker-->MsiExec.exe /X{75AE8014-1184-4BC0-B279-C879540719EE} ARPVAL="UnInst" /qf /L*V "%temp%\PhotoMailUninstallLog.log"
PSPPContent-->MsiExec.exe /I{DE8B9311-ADE7-4EDE-B121-326CAA3D225D}
PSPPRO_DCRAW-->MsiExec.exe /I{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}
QuickTime-->MsiExec.exe /I{0E64B098-8018-4256-BA23-C316A43AD9B0}
RealPlayer-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek USB 2.0 Card Reader-->C:\Program Files (x86)\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\Setup.exe -runfromtemp -l0x0009 -removeonly
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
RedMon - Redirection Port Monitor-->C:\Windows\system32\unredmon.exe
Revo Uninstaller 1.94-->C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
RichMan Games Ver:1.4.388 GOTD Edition-->"C:\Program Files (x86)\RichMan\unins000.exe"
Riverpoint Writer-->C:\Users\Marcia\AppData\Roaming\Riverpoint Writer\Uninstall.exe
Safari-->MsiExec.exe /I{A08BAD08-9AA3-410F-98F3-C92C8EE37218}
Seagate Manager Installer-->"C:\Program Files (x86)\InstallShield Installation Information\{2A30052B-831C-41D3-8044-3C0388066350}\setup.exe" -runfromtemp -l0x0409 -removeonly
Seagate Manager Installer-->MsiExec.exe /X{2A30052B-831C-41D3-8044-3C0388066350}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {3162617C-537F-3BB6-8D0C-C6021F442391} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{B76D8C6D-1F13-42A7-9931-D7504CB89D6D}" "1033" "0"
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD3FF90-B302-45B2-A188-C5EA7ACD5D46}
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {31C0F635-15AD-4AA3-A3C6-B542B403D0EE}
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3069CE04-082C-4669-9BA1-E6AA66330C1F}
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {ABB5F56F-FC55-4C7E-9622-B8A1E670BAFC}
Security Update for Microsoft Office 2010 (KB2553091)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{07CA44F3-F5B3-4D12-8C91-EDC5FE91D45C}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553096)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{10802A6D-EDBF-4383-BCBD-9D5B32F56D35}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{CCC48FE2-175F-4CDE-82DF-F7BC4672C1A3}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DCE6D0BF-93E4-46C5-9A7C-F1EFF9707C02}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{01F2485C-FAEE-47E7-986E-B4F2FFC22D57}" "1033" "0"
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B4C12F08-B0EF-4CC4-AD5F-381DD62BF640}
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A8732F0-C20F-4A9B-A2A9-66FE7A586C35}
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {075C2272-0881-46D3-B3A5-1D83D6940270}
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{61461470-8168-4F4B-97B7-617AF354F028}" "1033" "0"
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{337A3FB9-281D-4EC8-9CC1-7F6DDAC2359F}" "1033" "0"
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{B75541D4-3970-4CC7-934B-D48F8C26DCA5}" "1033" "0"
Setup-->MsiExec.exe /I{DE612A3D-0DCC-4055-BB6A-0036F31158A0}
Shop for HP Supplies-->C:\Program Files (x86)\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
SolSuite 2009 v9.10-->"C:\Program Files (x86)\SolSuite\unins000.exe"
Sqirlz Water Reflections-->"C:\Windows\Sqirlz Water Reflections Uninstaller.exe"
StumbleUpon IE Toolbar-->C:\Program Files (x86)\StumbleUpon\uninstall.exe
SupportSoft Assisted Service-->MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Works 3.1v-->"C:\Program Files (x86)\TheWorks\unins000.exe"
TightVNC 2.0.4-->C:\Program Files (x86)\TightVNC\uninstall.exe
Trio The Great Settlement-->"C:\Program Files (x86)\Trio The Great Settlement\unins000.exe"
Uninstall DreamSuite Bonus-->C:\Windows\unvise32.exe C:\Program Files (x86)\DreamSuite Bonus\DreamSuite Bonus Uninstall.log
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Update for Microsoft .NET Framework 4 Extended (KB2468871)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2600217)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Extended
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2010 (KB2494150)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}" "1033" "0"
Update for Microsoft Office 2010 (KB2553065)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{A8686D24-1E89-43A1-973E-05A258D2B3F8}" "1033" "0"
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}" "1033" "0"
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{18B3CF2A-73F7-4716-B1AE-86D68726D408}" "1033" "0"
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{17E7B9AB-2DD2-457D-8D8E-CD14ACA973FE}" "1033" "0"
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{15058154-469F-4794-ACD5-94F8420F9B80}" "1033" "0"
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{995A7832-B512-46D5-87C9-2D71FB541435}" "1033" "0"
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{C8694FF0-8203-483B-A07A-2BC40433167D}" "1033" "0"
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{73E67A3A-8D61-44EF-90C2-1697C3DBE668}" "1033" "0"
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{28FAC187-7C0E-413A-B90A-76F19D0FBF30}" "1033" "0"
Update for Microsoft Office 2010 (KB2566458)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{EFB525A0-E1C0-4E32-9968-FE401BC87363}" "1033" "0"
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}" "1033" "0"
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{4D98EEEA-A31B-42FA-991A-F989594F4DA5}" "1033" "0"
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{4D98EEEA-A31B-42FA-991A-F989594F4DA5}" "1033" "0"
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B5B7C5DB-74C3-43E0-8413-0C6C1CA4DED0}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-0000-0000000FF1CE}" "{9865DC3A-2898-48D9-B96A-46397571C934}" "1033" "0"
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}" "1033" "0"
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}" "1033" "0"
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{5EBDE1DE-3B28-4134-AB00-85CFF2B4F94D}" "1033" "0"
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{38990592-F6A1-4A26-96C7-0600E36AE794}" "1033" "0"
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}" "1033" "0"
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}" "1033" "0"
Upgrade Kit-->"C:\Program Files (x86)\InstallShield Installation Information\{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}\setup.exe" -runfromtemp -l0x0009 -removeonly
USDV Backup Pro (remove only)-->"C:\Program Files\USDV Backup Basic\uninstallParent.exe"
Video Web Camera-->C:\Program Files (x86)\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x0009 -removeonly
WeatherBug-->MsiExec.exe /X{70DECFBF-9119-4434-B2D3-A3C283D15E45}
Web Assistant 2.0.0.441-->"C:\Program Files\Web Assistant\unins000.exe"
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{027E5FAB-1476-4C59-AAB4-32EF28520399}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}
Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinUtilities 9.98 Professional Edition-->"C:\Program Files (x86)\WinUtilities\unins000.exe"
WinZip 15.5-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}
Xero Pulsar 1.3-->"C:\Program Files (x86)\Xero Graphics\unins000.exe"
Xero Quasar Demo 1.2-->"C:\Program Files (x86)\Xero Graphics\Quasar\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~2\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~2\Yahoo!\MESSEN~1\INSTALL.LOG
======System event log======
Computer Name: Marcia-Gateway
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.
Record Number: 553922
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20120206141952.538069-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Marcia-Gateway
Event Code: 1014
Message: Name resolution for the name CONNECTEDUSER.Belkin timed out after none of the configured DNS servers responded.
Record Number: 553853
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20120206134252.601848-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE
Computer Name: Marcia-Gateway
Event Code: 1014
Message: Name resolution for the name CONNECTEDUSER.Belkin timed out after none of the configured DNS servers responded.
Record Number: 553829
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20120206124859.944725-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE
Computer Name: Marcia-Gateway
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
ASPI32
fmsg
Record Number: 553780
Source Name: Service Control Manager
Time Written: 20120206124441.077895-000
Event Type: Error
User:
Computer Name: Marcia-Gateway
Event Code: 7034
Message: The iTeleportService service terminated unexpectedly. It has done this 1 time(s).
Record Number: 553779
Source Name: Service Control Manager
Time Written: 20120206124439.664863-000
Event Type: Error
User:
=====Application event log=====
Computer Name: Marcia-Gateway
Event Code: 1002
Message: The program IncMail.exe version 6.2.9.5055 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: dd4
Start Time: 01cc7a4db5504669
Termination Time: 160
Application Path: C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
Report Id:
Record Number: 78501
Source Name: Application Hang
Time Written: 20110924001404.000000-000
Event Type: Error
User:
Computer Name: Marcia-Gateway
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 78479
Source Name: Microsoft-Windows-WMI
Time Written: 20110924000326.000000-000
Event Type: Error
User:
Computer Name: Marcia-Gateway
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
15 user registry handles leaked from \Registry\User\S-1-5-21-2633097917-4253870331-1501028155-1000:
Process 2912 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2633097917-4253870331-1501028155-1000
Process 2912 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2633097917-4253870331-1501028155-1000
Process 2912 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2633097917-4253870331-1501028155-1000
Process 2912 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2633097917-4253870331-1501028155-1000
Process 2912 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2633097917-4253870331-1501028155-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 2912 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2633097917-4253870331-1501028155-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2912 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2633097917-4253870331-1501028155-1000\Software\Microsoft\SystemCertificates\Root
Process 2912 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2633097917-4253870331-1501028155-1000\Software\Policies\Microsoft\SystemCertificates
Process 2912 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2633097917-4253870331-1501028155-1000\Software\Policies\Microsoft\SystemCertificates
Process 2912 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2633097917-4253870331-1501028155-1000\Software\Policies\Microsoft\SystemCertificates
Process 2912 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2633097917-4253870331-1501028155-1000\Software\Policies\Microsoft\SystemCertificates
Process 2912 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2633097917-4253870331-1501028155-1000\Software\Microsoft\SystemCertificates\My
Process 2912 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2633097917-4253870331-1501028155-1000\Software\Microsoft\SystemCertificates\CA
Process 2912 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2633097917-4253870331-1501028155-1000\Software\Microsoft\SystemCertificates\trust
Process 2912 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2633097917-4253870331-1501028155-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Record Number: 78461
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110923124821.156624-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Marcia-Gateway
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 78436
Source Name: Microsoft-Windows-WMI
Time Written: 20110923114942.000000-000
Event Type: Error
User:
Computer Name: Marcia-Gateway
Event Code: 1002
Message: The program IncMail.exe version 6.2.9.5055 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 23b8
Start Time: 01cc798889a58708
Termination Time: 100
Application Path: C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
Report Id:
Record Number: 78415
Source Name: Application Hang
Time Written: 20110923014329.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: Marcia-Gateway
Event Code: 5061
Message: Cryptographic operation.
Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5
Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: 39529f67-6499-4883-a3c1-33e130aef13c
Key Type: Machine key.
Cryptographic Operation:
Operation: Open Key.
Return Code: 0x0
Record Number: 226816
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120108083140.991794-000
Event Type: Audit Success
User:
Computer Name: Marcia-Gateway
Event Code: 5058
Message: Key file operation.
Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5
Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: Not Available.
Key Name: 39529f67-6499-4883-a3c1-33e130aef13c
Key Type: Machine key.
Key File Operation Information:
File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e5522df1ed5f3d2e72a994567488e9b1_f7ffd177-fe87-41f7-8df5-7456444266fa
Operation: Read persisted key from file.
Return Code: 0x0
Record Number: 226815
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120108083140.991794-000
Event Type: Audit Success
User:
Computer Name: Marcia-Gateway
Event Code: 5061
Message: Cryptographic operation.
Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5
Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: 39529f67-6499-4883-a3c1-33e130aef13c
Key Type: Machine key.
Cryptographic Operation:
Operation: Open Key.
Return Code: 0x0
Record Number: 226814
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120108083127.404192-000
Event Type: Audit Success
User:
Computer Name: Marcia-Gateway
Event Code: 5058
Message: Key file operation.
Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5
Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: Not Available.
Key Name: 39529f67-6499-4883-a3c1-33e130aef13c
Key Type: Machine key.
Key File Operation Information:
File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e5522df1ed5f3d2e72a994567488e9b1_f7ffd177-fe87-41f7-8df5-7456444266fa
Operation: Read persisted key from file.
Return Code: 0x0
Record Number: 226813
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120108083127.404192-000
Event Type: Audit Success
User:
Computer Name: Marcia-Gateway
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 226812
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120108082017.846346-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=17
"PROCESSOR_IDENTIFIER"=AMD64 Family 17 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"DFSTRACINGON"=FALSE
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Calibre2\
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------

#16
MJnDenver
Posted 20 June 2012 - 07:36 PM

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Female
  • Location:Denver, CO
the farbar link doesn't work - I tried to copy/paste and it still won't work.

#17
Maurice Naggar
Posted 21 June 2012 - 07:24 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,194 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

View PostMJnDenver, on 20 June 2012 - 07:36 PM, said:

the farbar link doesn't work - I tried to copy/paste and it still won't work.
Sorry, my bad. An edit had glitched it. Here's the good copy:

Download >> Farbar's Service Scanner utility << and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.
If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen:
Keep the checkmark on Internet Services.

Checkmark Windows firewall

Checkmark Security Center.

Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste FSS.txt with your reply.
~Maurice Naggar

I close my threads if there is 5 days without a response.

#18
MJnDenver
Posted 21 June 2012 - 07:03 PM

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Female
  • Location:Denver, CO
FSS.txt


Farbar Service Scanner Version: 19-06-2012 01
Ran by Marcia (administrator) on 21-06-2012 at 18:02:30
Running from "C:\Users\Marcia\Desktop\Malwarebytes stuff"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0

Action Center:
============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

#19
Maurice Naggar
Posted 22 June 2012 - 08:21 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,194 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Java runtime
Posted Image Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of >> Windows Offline << from here and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586.exe to install the newest version.
    ( jre-7u5-windows-x64.exe if this is a 64-bit Windows o.s.)
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) Posted Image
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:
Click Advanced Tab. Expand the Miscellaneous item.
UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml
When all is well, you should see Java Version: Java 7 Update 5 from Sun Microsystems Inc.

Flash Player
Use Programs and Features (Windows 7 & Vista) or Add-or-Remove Programs (Windows XP) to de-install older versions of Flash Player.

For stubborn cases,
Download and save the Flash Player uninstaller >> uninstall Flash Player for 32-bit Windows<<

If you have Windows 64-bit, use this Flash Player uninstaller >> uninstall Flash Player for 64-bit Windows<<


Close all browsers and instant messenger (IM) programs.
Run the uninstaller.


To get latest Flash Player
Go to http://www.adobe.com/go/getflash
and get the latest Flash Player

Un-Check any checkbox for McAfee Security Scan Plus, or Google or any other widget or toolbar !!!


Reference: How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
http://support.microsoft.com/kb/827218

Undesired apps
Iobit has a dodgy reputation. I'd recommend removing Iobit apps.
Also remove any remnants of Azureus.
I'd suggest using Revo Uninstaller. If you find these apps, remove them. If not found, move on.

Please download and install Revo Uninstaller Free
Right click Revo Uninstaller & select Run as Administrator to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

MBAM scan
Save and close any work documents, close any apps that you started.
Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.


Reply with copy of latest MBAM scan log, and tell me, How is your system now?
~Maurice Naggar

I close my threads if there is 5 days without a response.

#20
MJnDenver
Posted 22 June 2012 - 08:19 PM

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Female
  • Location:Denver, CO
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.22.12
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marcia :: MARCIA-GATEWAY [administrator]
Protection: Enabled
6/22/2012 7:04:28 PM
mbam-log-2012-06-22 (19-04-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 215041
Time elapsed: 10 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Yay - it's clean again! I have not seen any of the popups that say it's blocking a connection and I'm taking that as a good sign. I have not used the computer for anything but what you tell me to do since you told me not to browse.

I have had a windows update that wouldn't work, a security issue of course (that's how I was sure I had something wrong)...I'm going to go try that now. If it will update then I'm guessing we got rid of it!

By the way - I didn't find anything from iobit, or that other one.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us