Jump to content


Photo
- - - - -

Svchost.exe does not go away.

svchost

  • This topic is locked This topic is locked
29 replies to this topic

#1 Jonkiote

Jonkiote

    New Member

  • Members
  • Pip
  • 19 posts

Posted 22 February 2012 - 02:39 AM

Hi, I'm getting repeated notices that malwarebytes is blocking a program called svchost.exe. I have no idea what to do in order to fix it, and I would greatly appreciate your assistance. It is incredibly annoying to have those little balloons show up every minute or so with the occasional pop-up telling me to quarantine svchost.
While I don't think svchost has actually caused any damage yet, there was this one instance where I got the quarantine pop-up and my computer started running really slow. So I opened up task manager, and found svchost taking up quite a bit of memory. I quickly shut down the process and ran a quick scan with Malwarebytes which revealed 2 infections which were svchost and svchost(memory)? Needless to say, I deleted them and restarted, but the balloons still appear. It should also be noted that every time I use the scan be it quick or full, the same 2 infections appear every time.

Here is the DDS log I got by running DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Carelessjon at 20:55:33 on 2012-02-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1629 [GMT -10:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
-netsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27361010l200p0427y155k45m1r27r
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27361010l200p0427y155k45m1r27r
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27361010l200p0427y155k45m1r27r
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95b7759c-8c7f-4bf1-b163-73684a933233} - AVG Security Toolbar
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} -
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.star.hawaii.edu:10012/studentinterface/PrintScript/smsx.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{96059DF4-BD72-42CB-9A0E-796370067E7B} : DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - AVG Safe Search
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun-x64: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [(Default)]
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.minecraftwiki.net/wiki/Minecraft_Wiki
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko6.dll
FF - component: C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko7.dll
FF - component: C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko8.dll
FF - component: C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko9.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys [2011-12-14 1151096]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSviA64.sys [2011-12-14 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {60DB6561-0A84-4c94-AF33-288405CFD56D};Power Control [2010/04/12 00:48:29];C:\Program Files (x86)\CyberLink\PowerCinema Movie\000.fcl [2010-2-8 146928]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-2-6 748440]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-27 1150496]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-1 652360]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe [2012-1-31 138248]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-3-10 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-3-10 243232]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2012-1-14 869216]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-14 138360]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664]
S2 SBSDWSCService;SBSD Security Center Service; [x]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-22 01:05:47 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AE8CA75F-975E-407B-AB5A-9D41891355EF}\mpengine.dll
2012-02-15 09:24:33 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 09:24:33 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 09:24:30 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 09:24:30 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 09:24:29 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 09:24:28 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 09:24:25 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 09:24:25 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-12 15:09:02 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
2012-02-12 15:09:02 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-02-12 15:09:02 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-02-02 12:20:25 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-01-31 13:56:42 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\symnets.sys
2012-01-31 13:56:42 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\symefa64.sys
2012-01-31 13:56:41 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\srtsp64.sys
2012-01-31 13:56:41 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1305000.091\symds64.sys
2012-01-31 13:56:41 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\srtspx64.sys
2012-01-31 13:56:41 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\ironx64.sys
2012-01-31 13:56:41 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\ccsetx64.sys
2012-01-31 13:56:36 -------- d-----w- C:\Windows\System32\drivers\NISx64\1305000.091
2012-01-29 03:33:17 -------- d-----w- C:\Program Files\iTunes
2012-01-29 03:33:17 -------- d-----w- C:\Program Files\iPod
2012-01-25 00:31:47 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
.
==================== Find3M ====================
.
2012-02-17 05:22:51 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 09:52:35 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-31 13:56:47 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-01-29 15:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-11 08:43:30 167704 ----a-w- C:\Windows\System32\igfxtray.exe
2012-01-11 08:43:28 510232 ----a-w- C:\Windows\System32\igfxsrvc.exe
2012-01-11 08:43:26 417560 ----a-w- C:\Windows\System32\igfxpers.exe
2012-01-11 08:43:20 239896 ----a-w- C:\Windows\System32\igfxext.exe
2012-01-11 08:43:08 4379416 ----a-w- C:\Windows\System32\GfxUI.exe
2012-01-11 08:43:08 392984 ----a-w- C:\Windows\System32\hkcmd.exe
2012-01-11 08:43:06 184600 ----a-w- C:\Windows\System32\difx64.exe
2012-01-11 08:37:38 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2622.dll
2012-01-11 08:28:32 8313856 ----a-w- C:\Windows\System32\igdumd64.dll
2012-01-11 08:28:18 12311904 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-01-11 08:27:26 867020 ----a-w- C:\Windows\SysWow64\igkrng575.bin
2012-01-11 08:27:26 867020 ----a-w- C:\Windows\System32\igkrng575.bin
2012-01-11 08:27:26 128204 ----a-w- C:\Windows\SysWow64\igcompkrng575.bin
2012-01-11 08:27:26 128204 ----a-w- C:\Windows\System32\igcompkrng575.bin
2012-01-11 08:27:26 105608 ----a-w- C:\Windows\SysWow64\igfcg575m.bin
2012-01-11 08:27:26 105608 ----a-w- C:\Windows\System32\igfcg575m.bin
2012-01-11 08:18:36 6323712 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2012-01-11 08:12:26 581120 ----a-w- C:\Windows\SysWow64\igdumdx32.dll
2012-01-11 08:06:22 9528832 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-01-11 07:55:08 7988224 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2012-01-11 07:42:26 18653696 ----a-w- C:\Windows\System32\ig4icd64.dll
2012-01-11 07:29:54 13904384 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2012-01-11 07:19:58 378368 ----a-w- C:\Windows\System32\igfxTMM.dll
2012-01-11 07:19:52 28672 ----a-w- C:\Windows\System32\igfxexps.dll
2012-01-11 07:19:42 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll
2012-01-11 07:19:14 110080 ----a-w- C:\Windows\System32\hccutils.dll
2012-01-11 07:19:06 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2012-01-11 07:19:06 390656 ----a-w- C:\Windows\System32\igfxdev.dll
2012-01-11 07:19:06 146432 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-01-11 07:18:36 285696 ----a-w- C:\Windows\System32\igfxrenu.lrc
2012-01-11 07:18:32 9014784 ----a-w- C:\Windows\System32\igfxress.dll
2012-01-11 07:18:32 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2012-01-11 07:15:16 24576 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2012-01-11 07:14:34 294400 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2012-01-11 07:12:12 98304 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2012-01-11 07:12:12 98304 ----a-w- C:\Windows\System32\iglhcp64.dll
2012-01-11 07:12:12 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll
2012-01-11 07:12:12 376832 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2012-01-11 07:12:12 376832 ----a-w- C:\Windows\System32\iglhsip64.dll
2012-01-11 07:12:12 2177536 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2012-01-11 07:12:12 171520 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2012-01-11 07:12:12 1663488 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2012-01-11 07:12:12 148480 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-11 01:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 20:56:43.00 ===============

#2 Jonkiote

Jonkiote

    New Member

  • Members
  • Pip
  • 19 posts

Posted 22 February 2012 - 02:55 AM

This might be a different problem, but google keeps directing me to gimmieanswers.org and then malwarebytes blocks "Process: Firefox.exe".
Is my Firefox bugged now too?

#3 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 23 February 2012 - 10:41 AM

Hello Jonkiote, and welcome to MalwareBytes forum.

Please do the following.
First, disable Teatimer and keep it disabled, otherwise it will revert any malware fixes we may do.
Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode
then select Advanced Mode

On the left hand side, slect Tools
Then click on the Resident icon in the list
Uncheck Resident TeaTimer and OK any prompts.
Now Logoff & Restart your computer fresh.

Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
To show all files:
Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.
Step 3
Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Step 4
Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
Step 5
Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com

and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.

Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender.
Use separate replies as needed if logs do not fit into one reply box.

Edited by Maurice Naggar, 23 February 2012 - 10:43 AM.

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#4 Jonkiote

Jonkiote

    New Member

  • Members
  • Pip
  • 19 posts

Posted 24 February 2012 - 02:03 AM

Here is the Log.txt:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Carelessjon at 2012-02-23 20:40:15
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 29 GB (5%) free of 596 GB
Total RAM: 3895 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:40:30 PM, on 2/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\trend micro\Carelessjon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...27y155k45m1r27r
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...27y155k45m1r27r
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...27y155k45m1r27r
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.star.haw...Script/smsx.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.co...sreqlab_nvd.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://nxcache.nexon...b.2010.5.03.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown owner - (no file)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14405 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
/QuitInfo:0000000000000304;0000000000000318; /AddRef;
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll" /prefetch:1
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe"
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1988
-netsvcs
\??\C:\Windows\system32\conhost.exe "59880542667788685646282671-1373317506-10043856741464174483-1192844600-161465234
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe" /c /a /s UserSession2
/QuitInfo:00000000000008B0;00000000000008B4; /AddRef;
/QuitInfo:00000000000007A8;00000000000008BC;
/loadhooks /Parent:0000000000000984
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
"C:\Program Files (x86)\CyberLink\Shared files\brs.exe"
"C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files\iPod\bin\iPodService.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\ERUNT\README.TXT
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\Carelessjon\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default

prefs.js - "browser.startup.homepage" - "http://www.minecraft...Minecraft_Wiki"
prefs.js - "extensions.enabledItems" - "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.8.1.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2, {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.2.1.6, wtxpcom@mybrowserbar.com:4.9, youtubedownloader@mybrowserbar.com:4.9, {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}:1.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.25"
prefs.js - "keyword.URL" - "chrome://browser-region/locale/region.properties"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0]
"Description"=Virtual Earth 3D
"Path"=C:\Program Files (x86)\Virtual Earth 3D\

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nexon.net/NxGame]
"Description"=Nexon Game Controller
"Path"=C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0]
"Description"=
"Path"=C:\Program Files (x86)\Virtual Earth 3D\

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
avg-secure-search.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\
adblockpopups@jessehakanen.net
{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}
{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-01-11 458352]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll [2011-12-14 501176]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL [2011-11-23 210360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-14 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-11 342128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-14 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
YouTube Downloader Toolbar - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll [2012-02-06 1074016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-01-11 458352]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll [2011-12-14 501176]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-11 342128]
{95B7759C-8C7F-4BF1-B163-73684A933233} -
{F3FEE66E-E034-436a-86E4-9690573BEE8A} - YouTube Downloader Toolbar - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll [2012-02-06 1074016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TouchORB"=C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe [2010-02-03 153416]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-02-23 10081312]
"TouchPortal"=C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe [2010-03-08 6310432]
"RunDLLEntry_THXCfg"=C:\Windows\system32\THXCfg64.dll [2009-09-30 17920]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-01-10 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-01-10 392984]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-01-10 417560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-03-10 39408]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"=C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"YouCam Mirror Tray icon"=C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2009-11-23 167008]
"BDRegion"=C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [2010-02-08 74984]
"THX Audio Control Panel"=C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [2010-02-22 1016832]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-10 90112]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-01 59240]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-01-16 421736]
""= []
"SearchSettings"=C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [2012-02-06 934240]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-01-10 390656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-02-23 20:40:15 ----D---- C:\rsit
2012-02-23 20:40:15 ----D---- C:\Program Files\trend micro
2012-02-23 20:35:04 ----D---- C:\Windows\ERDNT
2012-02-23 20:33:52 ----D---- C:\Program Files (x86)\ERUNT
2012-02-15 21:44:05 ----D---- C:\ProgramData\Intel
2012-02-15 00:40:31 ----A---- C:\Windows\system32\MRT.INI
2012-02-15 00:37:41 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-02-15 00:37:41 ----A---- C:\Windows\system32\mshtmled.dll
2012-02-15 00:37:40 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-02-15 00:37:40 ----A---- C:\Windows\system32\jscript9.dll
2012-02-15 00:37:40 ----A---- C:\Windows\system32\iertutil.dll
2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\url.dll
2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-02-15 00:37:39 ----A---- C:\Windows\system32\url.dll
2012-02-15 00:37:39 ----A---- C:\Windows\system32\jscript.dll
2012-02-15 00:37:39 ----A---- C:\Windows\system32\ieui.dll
2012-02-15 00:37:38 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-02-15 00:37:38 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-02-15 00:37:38 ----A---- C:\Windows\system32\wininet.dll
2012-02-15 00:37:38 ----A---- C:\Windows\system32\urlmon.dll
2012-02-15 00:37:38 ----A---- C:\Windows\system32\jsproxy.dll
2012-02-15 00:37:37 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-02-15 00:37:36 ----A---- C:\Windows\system32\mshtml.dll
2012-02-15 00:37:35 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-02-15 00:37:34 ----A---- C:\Windows\system32\ieframe.dll
2012-02-14 23:52:40 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-02-14 23:52:40 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-02-14 23:52:40 ----A---- C:\Windows\SYSWOW64\java.exe
2012-02-14 23:24:35 ----A---- C:\Windows\system32\shell32.dll
2012-02-14 23:24:33 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-02-14 23:24:33 ----A---- C:\Windows\SYSWOW64\ntshrui.dll
2012-02-14 23:24:33 ----A---- C:\Windows\system32\ntshrui.dll
2012-02-14 23:24:29 ----A---- C:\Windows\system32\win32k.sys
2012-02-14 23:24:28 ----A---- C:\Windows\system32\drivers\afd.sys
2012-02-14 23:24:25 ----A---- C:\Windows\SYSWOW64\msvcrt.dll
2012-02-14 23:24:25 ----A---- C:\Windows\system32\msvcrt.dll
2012-02-12 05:09:02 ----D---- C:\Program Files (x86)\YouTube Downloader Toolbar
2012-02-12 05:09:02 ----D---- C:\Program Files (x86)\Application Updater
2012-01-28 17:33:17 ----D---- C:\Program Files\iTunes
2012-01-28 17:33:17 ----D---- C:\Program Files\iPod

======List of files/folders modified in the last 1 month======

2012-02-23 20:40:29 ----D---- C:\Windows\Prefetch
2012-02-23 20:40:26 ----D---- C:\Windows\Temp
2012-02-23 20:40:15 ----RD---- C:\Program Files
2012-02-23 20:35:04 ----D---- C:\Windows
2012-02-23 20:34:32 ----D---- C:\Windows\System32
2012-02-23 20:34:32 ----D---- C:\Windows\inf
2012-02-23 20:34:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-02-23 20:33:52 ----RD---- C:\Program Files (x86)
2012-02-23 20:33:25 ----D---- C:\Windows\system32\config
2012-02-23 20:30:02 ----A---- C:\Windows\SYSWOW64\log.txt
2012-02-22 13:25:14 ----A---- C:\Windows\wininit.ini
2012-02-21 22:10:14 ----D---- C:\Windows\system32\Tasks
2012-02-21 15:04:20 ----SHD---- C:\System Volume Information
2012-02-17 12:40:50 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-02-16 13:41:29 ----RSD---- C:\Windows\assembly
2012-02-16 13:41:29 ----D---- C:\Windows\Microsoft.NET
2012-02-15 21:44:05 ----D---- C:\ProgramData
2012-02-15 21:43:20 ----D---- C:\Windows\SysWOW64
2012-02-15 21:42:34 ----D---- C:\Windows\system32\catroot2
2012-02-15 21:41:58 ----D---- C:\Program Files (x86)\Intel
2012-02-15 21:41:27 ----D---- C:\Windows\system32\drivers
2012-02-15 21:41:22 ----D---- C:\Windows\system32\catroot
2012-02-15 21:41:18 ----D---- C:\Windows\system32\DriverStore
2012-02-15 17:51:24 ----D---- C:\Windows\winsxs
2012-02-15 17:49:50 ----D---- C:\Windows\SYSWOW64\migration
2012-02-15 17:49:50 ----D---- C:\Windows\system32\migration
2012-02-15 17:49:50 ----D---- C:\Program Files\Internet Explorer
2012-02-15 17:49:50 ----D---- C:\Program Files (x86)\Internet Explorer
2012-02-15 00:45:05 ----SHD---- C:\Windows\Installer
2012-02-15 00:41:18 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 00:38:39 ----D---- C:\Windows\debug
2012-02-15 00:38:37 ----A---- C:\Windows\system32\MRT.exe
2012-02-14 23:52:52 ----D---- C:\Program Files (x86)\Common Files
2012-02-14 23:52:35 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2012-02-14 22:55:50 ----D---- C:\Windows\system32\NDF
2012-02-13 13:29:04 ----D---- C:\Users\Carelessjon\AppData\Roaming\uTorrent
2012-02-09 10:25:30 ----D---- C:\Windows\system32\FxsTmp
2012-02-01 16:12:33 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-31 09:56:35 ----D---- C:\Windows\system32\drivers\NISx64
2012-01-31 03:57:07 ----D---- C:\Program Files\Symantec
2012-01-30 12:01:20 ----D---- C:\ProgramData\AVG Secure Search
2012-01-29 05:10:42 ----N---- C:\Windows\system32\MpSigStub.exe
2012-01-28 17:34:01 ----D---- C:\Program Files (x86)\iTunes

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [2011-07-25 451192]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [2011-11-23 1092728]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys [2011-09-01 1151096]
R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [2011-11-04 167048]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2011-12-14 482936]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVia64.sys [2011-07-20 488568]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS [2011-11-23 37496]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [2011-11-16 190072]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [2011-11-16 405624]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]
R2 {60DB6561-0A84-4c94-AF33-288405CFD56D};Power Control [2010/04/12 00:48:29]; \??\C:\Program Files (x86)\CyberLink\PowerCinema Movie\000.fcl [2010-02-08 146928]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K; C:\Windows\system32\DRIVERS\e1k62x64.sys [2009-12-24 294064]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-14 138360]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-01-10 12311904]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-02-23 2272544]
R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2009-12-24 244736]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2010-02-24 67616]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 23152]
R3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2010-02-01 852256]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2012-01-31 175736]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 int15.sys;int15.sys; \??\C:\Windows\syswow64\OEM\Factory\int15.sys []
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\ENG64.SYS [2011-12-14 117880]
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\EX64.SYS [2011-12-14 2048632]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-02-08 239136]
S3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS [2011-11-23 738936]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-05-10 51712]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-08-13 73984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]
R2 Application Updater;Application Updater; C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-02-06 748440]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 Greg_Service;GRegService; C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-27 1150496]
R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2009-12-28 268824]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-29 138248]
R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-28 2320920]
R2 Updater Service;Updater Service; C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
R2 vToolbarUpdater;vToolbarUpdater; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2012-01-14 869216]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 934760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe [2009-10-09 238328]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-10 182768]
S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-01-15 935208]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-03 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-18 1255736]

-----------------EOF-----------------

Here is the Info.txt

info.txt logfile of random's system information tool 1.09 2012-02-23 20:40:31

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->"C:\Program Files (x86)\Gateway Games\Game Explorer Categories - main\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Web Link - Club Penguin\Uninstall.exe"
-->"C:\Program Files (x86)\InstallShield Installation Information\{70CC0095-AA68-45BE-AE98-D8170182E9EB}\Setup.exe" /z-uninstall
-->"C:\Program Files (x86)\InstallShield Installation Information\{74D911AE-4A04-4481-902F-7B496E721F7F}\setup.exe" /z-uninstall
-->"C:\ProgramData\{CD365A7B-CF03-4BDA-BFCA-FC24F7407C39}\Best Buy pc app Setup.exe" REMOVE=TRUE MODIFY=FALSE
-->C:\ProgramData\{CD365A7B-CF03-4BDA-BFCA-FC24F7407C39}\Best Buy pc app Setup.exe
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7662728E-ED8B-4995-ABFD-ABB9B5098C30}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7662728E-ED8B-4995-ABFD-ABB9B5098C30}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DDCCBB78-8FFB-4FDE-912F-930E4D9FBC67}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DDCCBB78-8FFB-4FDE-912F-930E4D9FBC67}\setup.exe" -l0x9 /remove
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Download Assistant-->msiexec /qb /x {E1845F1C-068C-F8F4-D31D-D3540D47C453}
Adobe Download Assistant-->MsiExec.exe /I{E1845F1C-068C-F8F4-D31D-D3540D47C453}
Adobe Flash Player 11 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_0_1_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe -maintain plugin
Adobe Photoshop CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}"
Adobe Reader 9.5.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A95000000001}
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}
Apple Mobile Device Support-->MsiExec.exe /I{75104836-CAC7-444E-A39E-3F54151942F5}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Bandisoft MPEG-1 Decoder-->"C:\Program Files (x86)\BandiMPEG1\uninstall.exe"
Bejeweled 2 Deluxe-->"C:\Program Files (x86)\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe"
Blackhawk Striker 2-->"C:\Program Files (x86)\Gateway Games\Blackhawk Striker 2\Uninstall.exe"
Bob the Builder Can-Do-Zoo-->"C:\Program Files (x86)\Gateway Games\Bob the Builder Can-Do-Zoo\Uninstall.exe"
Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
Build-a-lot 2-->"C:\Program Files (x86)\Gateway Games\Build-a-lot 2\Uninstall.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink PowerCinema Movie-->"C:\Program Files (x86)\InstallShield Installation Information\{70CC0095-AA68-45BE-AE98-D8170182E9EB}\Setup.exe" /z-uninstall
CyberLink PowerCinema-->"C:\Program Files (x86)\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
CyberLink PowerCinema-->"C:\Program Files (x86)\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
CyberLink Touch Browser-->"C:\Program Files (x86)\InstallShield Installation Information\{74D911AE-4A04-4481-902F-7B496E721F7F}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall /s
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall /s
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DVD Decrypter (Remove Only)-->"C:\Program Files (x86)\DVD Decrypter\uninstall.exe"
ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"
Escape Rosecliff Island-->"C:\Program Files (x86)\Gateway Games\Escape Rosecliff Island\Uninstall.exe"
Faerie Solitaire-->"C:\Program Files (x86)\Gateway Games\Faerie Solitaire\Uninstall.exe"
Gateway Game Console-->"C:\Program Files (x86)\Gateway Games\Gateway Game Console\Uninstall.exe"
Gateway Games-->"C:\Program Files (x86)\Gateway Games\Uninstall.exe"
Gateway InfoCentre-->C:\Program Files (x86)\Gateway\InfoCentre\Uninstall.exe
Gateway Recovery Management-->"C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x409 -removeonly
Gateway Registration-->C:\Program Files (x86)\Gateway\Registration\Uninstall.exe
Gateway ScreenSaver-->C:\Program Files (x86)\Gateway\Screensaver\Uninstall.exe
Gateway Touch Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{C652F86F-348A-4A65-8BE8-A3F7A6370D98}\setup.exe" -runfromtemp -l0x409 -removeonly
Gateway Updater-->"C:\Program Files (x86)\InstallShield Installation Information\{EE171732-BEB4-4576-887D-CB62727F01CA}\setup.exe" -runfromtemp -l0x409 -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_A0AC09CE5247ECEF.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Identity Card-->C:\Program Files (x86)\Gateway\Identity Card\Uninstall.exe
Intel® Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel® Graphics Media Accelerator Driver-->C:\Program Files (x86)\Intel\Intel® Graphics Media Accelerator Driver\Uninstall\setup.exe -uninstall
Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall
ITE Infrared Transceiver-->C:\Program Files (x86)\InstallShield Installation Information\{40580068-9B10-40B5-9548-536CE88AB23C}\setup.exe -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{5E11C972-1E76-45FE-8F92-14E0D1140B1B}
Java™ 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}
Jewel Quest Solitaire 3-->"C:\Program Files (x86)\Gateway Games\Jewel Quest Solitaire 3\Uninstall.exe"
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Katawa Shoujo-->"C:\Program Files (x86)\Katawa Shoujo\Uninstall Katawa Shoujo.exe"
Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -game:33563155 -locale:US
Microsoft .NET Framework 4 Client Profile-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Touch Pack for Windows 7-->MsiExec.exe /I{8FF90DB8-6DED-44A3-B182-244FEC09012F}
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175-->MsiExec.exe /X{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570-->MsiExec.exe /X{8338783A-0968-3B85-AFC7-BAAE0A63DC50}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Works-->MsiExec.exe /I{67E03279-F703-408F-B4BF-46B5FC8D70CD}
Microsoft XNA Framework Redistributable 3.0-->MsiExec.exe /I{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}
Microsoft XNA Framework Redistributable 3.1-->MsiExec.exe /I{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}
Microsoft_VC80_ATL_x86_x64-->MsiExec.exe /I{925D058B-564A-443A-B4B2-7E90C6432E55}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86_x64-->MsiExec.exe /I{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86_x64-->MsiExec.exe /I{1E9FC118-651D-4934-97BE-E53CAE5C7D45}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86_x64-->MsiExec.exe /I{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Monopoly-->"C:\Program Files (x86)\Gateway Games\Monopoly\Uninstall.exe"
MotioninJoy ds3 driver version 0.6.0001-->"C:\Program Files\MotioninJoy\unins000.exe"
Mozilla Firefox 10.0.2 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Mystery P.I. - Lost in Los Angeles-->"C:\Program Files (x86)\Gateway Games\Mystery P.I. - Lost in Los Angeles\Uninstall.exe"
Nero 9 Essentials-->C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="2M02-K09C-CW07-4933-7UKZ-4K5H-CZA8-0XA6-T4X7-P288-2P9U-AZ0M-1E68-AE4Z-1A7E-7T4H-0000"
Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero ControlCenter-->MsiExec.exe /X{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}
Nero DiscSpeed Help-->MsiExec.exe /X{CC019E3F-59D2-4486-8D4B-878105B62A71}
Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}
Nero DriveSpeed Help-->MsiExec.exe /X{E5C7D048-F9B4-4219-B323-8BDB01A2563D}
Nero DriveSpeed-->MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A}
Nero Express Help-->MsiExec.exe /X{83202942-84B3-4C50-8622-B8C0AA2D2885}
Nero InfoTool Help-->MsiExec.exe /X{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}
Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero Online Upgrade-->MsiExec.exe /X{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}
Nero StartSmart Help-->MsiExec.exe /X{2348B586-C9AE-46CE-936C-A68E9426E214}
Nero StartSmart OEM-->MsiExec.exe /X{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nexon Game Manager-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:0 -locale:US -load_from_local
Norton Internet Security-->C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\19.5.0.145\InstStub.exe /X /ARP
Pando Media Booster-->C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe
Penguins!-->"C:\Program Files (x86)\Gateway Games\Penguins!\Uninstall.exe"
Plants vs. Zombies-->"C:\Program Files (x86)\Gateway Games\Plants vs. Zombies\Uninstall.exe"
Polar Bowler-->"C:\Program Files (x86)\Gateway Games\Polar Bowler\Uninstall.exe"
Polar Golfer-->"C:\Program Files (x86)\Gateway Games\Polar Golfer\Uninstall.exe"
QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Realtek USB 2.0 Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -removeonly
Scrabble Plus-->"C:\Program Files (x86)\Gateway Games\Scrabble Plus\Uninstall.exe"
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2553089)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {01D4CA59-7070-4420-9BCC-0EFA7C5D76BE}
Security Update for 2007 Microsoft Office System (KB2553090)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {643C12A2-AF9A-4712-B8BE-3B7650AFE00A}
Security Update for 2007 Microsoft Office System (KB2584063)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BF3F1CBD-B05C-4644-AE43-6EE0FCC227A4}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
System Requirements Lab-->C:\Program Files (x86)\SystemRequirementsLab\Uninstall.exe
The Price is Right-->"C:\Program Files (x86)\Gateway Games\The Price is Right\Uninstall.exe"
THX TruStudio PC-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F5298C34-48DC-400B-A2DB-E3E11CB7C373}\setup.exe" -l0x9 /remove
TouchSettings-->"C:\Program Files (x86)\InstallShield Installation Information\{75880CD4-9436-4EDD-B7E7-400EBFD60B2C}\setup.exe" -runfromtemp -l0x0009 -removeonly
Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202}
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF}
Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Vindictus-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -game:33562635 -locale:US
Virtual Earth 3D (Beta)-->MsiExec.exe /I{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}
Virtual Families-->"C:\Program Files (x86)\Gateway Games\Virtual Families\Uninstall.exe"
Virtual Villagers - A New Home-->"C:\Program Files (x86)\Gateway Games\Virtual Villagers - A New Home\Uninstall.exe"
Visual Studio 2008 x64 Redistributables-->MsiExec.exe /I{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}
VLC media player 1.1.10-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Welcome Center-->C:\Program Files (x86)\Gateway\Welcome Center\Uninstall.exe
WinASO Registry Optimizer 4.7.5-->"C:\Program Files (x86)\WinASO\Registry Optimizer\unins000.exe"
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
WinRAR 4.00 (32-bit)-->C:\Program Files (x86)\WinRAR\uninstall.exe
Yahtzee-->"C:\Program Files (x86)\Gateway Games\Yahtzee\Uninstall.exe"
YouTube Downloader 3.4-->"C:\Program Files (x86)\YouTube Downloader\uninstall.exe"
YouTube Downloader Toolbar v5.0-->MsiExec.exe /X{B9B55E8C-7EF6-4937-85F2-282A9F645EAC}
Zuma Deluxe-->"C:\Program Files (x86)\Gateway Games\Zuma Deluxe\Uninstall.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======System event log======

Computer Name: Carelessjon-PC
Event Code: 27
Message: Intel® 82578DC Gigabit Network Connection
Network link has been disconnected.

Record Number: 138055
Source Name: e1kexpress
Time Written: 20111029221023.788026-000
Event Type: Warning
User:

Computer Name: Carelessjon-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 138010
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20111029220949.656075-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Carelessjon-PC
Event Code: 1014
Message: Name resolution for the name photos-b.ak.fbcdn.net timed out after none of the configured DNS servers responded.
Record Number: 137896
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20111029201017.602557-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Carelessjon-PC
Event Code: 27
Message: Intel® 82578DC Gigabit Network Connection
Network link has been disconnected.

Record Number: 137842
Source Name: e1kexpress
Time Written: 20111029200907.209227-000
Event Type: Warning
User:

Computer Name: Carelessjon-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 137805
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20111029200831.637083-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Carelessjon-PC
Event Code: 100
Message: 316: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
Record Number: 44208
Source Name: Bonjour Service
Time Written: 20110924095521.000000-000
Event Type: Error
User:

Computer Name: Carelessjon-PC
Event Code: 1008
Message: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
Record Number: 44195
Source Name: Microsoft-Windows-CEIP
Time Written: 20110924031707.000000-000
Event Type: Error
User:

Computer Name: Carelessjon-PC
Event Code: 100
Message: 484: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
Record Number: 44106
Source Name: Bonjour Service
Time Written: 20110923215747.000000-000
Event Type: Error
User:

Computer Name: Carelessjon-PC
Event Code: 100
Message: 220: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
Record Number: 44105
Source Name: Bonjour Service
Time Written: 20110923215747.000000-000
Event Type: Error
User:

Computer Name: Carelessjon-PC
Event Code: 100
Message: 492: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
Record Number: 44104
Source Name: Bonjour Service
Time Written: 20110923215747.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Carelessjon-PC
Event Code: 5058
Message: Key file operation.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: Not Available.
Key Name: cf11e609-5e16-44d3-bc20-ea62eea1625b
Key Type: Machine key.

Key File Operation Information:
File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\120b34a1a646eeecb1b7704addf1adea_204a83c1-4f42-470c-906d-ae78a8dc1349
Operation: Read persisted key from file.
Return Code: 0x0
Record Number: 62870
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110923201023.585010-000
Event Type: Audit Success
User:

Computer Name: Carelessjon-PC
Event Code: 5061
Message: Cryptographic operation.

Subject:
Security ID: S-1-5-18
Account Name: CARELESSJON-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: {732BAC3B-281A-40F0-89C4-2355CFA5C8AC}
Key Type: Machine key.

Cryptographic Operation:
Operation: Open Key.
Return Code: 0x0
Record Number: 62869
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110923201022.805009-000
Event Type: Audit Success
User:

Computer Name: Carelessjon-PC
Event Code: 5058
Message: Key file operation.

Subject:
Security ID: S-1-5-18
Account Name: CARELESSJON-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: Not Available.
Key Name: {732BAC3B-281A-40F0-89C4-2355CFA5C8AC}
Key Type: Machine key.

Key File Operation Information:
File Path: C:\ProgramData\Microsoft\Crypto\Keys\4d9200b2c026e3ff177b048c0da0568d_204a83c1-4f42-470c-906d-ae78a8dc1349
Operation: Read persisted key from file.
Return Code: 0x0
Record Number: 62868
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110923201022.805009-000
Event Type: Audit Success
User:

Computer Name: Carelessjon-PC
Event Code: 5061
Message: Cryptographic operation.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: cf11e609-5e16-44d3-bc20-ea62eea1625b
Key Type: Machine key.

Cryptographic Operation:
Operation: Open Key.
Return Code: 0x0
Record Number: 62867
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110923085751.711625-000
Event Type: Audit Success
User:

Computer Name: Carelessjon-PC
Event Code: 5058
Message: Key file operation.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: Not Available.
Key Name: cf11e609-5e16-44d3-bc20-ea62eea1625b
Key Type: Machine key.

Key File Operation Information:
File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\120b34a1a646eeecb1b7704addf1adea_204a83c1-4f42-470c-906d-ae78a8dc1349
Operation: Read persisted key from file.
Return Code: 0x0
Record Number: 62866
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110923085751.711625-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=2502
"TouchAppsTargetDir"=C:\Program Files (x86)\Microsoft Touch Pack for Windows 7\
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Here is the checkup.txt

Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
Java™ 6 Update 31
Adobe Flash Player 11.1.102.62
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (10.0.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
windows defender MpCmdRun.exe
``````````End of Log````````````

#5 Jonkiote

Jonkiote

    New Member

  • Members
  • Pip
  • 19 posts

Posted 24 February 2012 - 02:04 AM

Here is the bitdefender log:


QuickScan 32-bit v0.9.9.105
---------------------------
Scan date: Thu Feb 23 20:51:12 2012
Machine ID: 56FEDFD1



No infection found.
-------------------



Processes
---------
Acer Touch Portal Monitor 2976 C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
Application Updater 1584 C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
cyberlink brs 3608 C:\Program Files (x86)\CyberLink\Shared files\brs.exe
CyberLink YouCam Tray 3600 C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
Global Registration 1664 C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
Intel® Active Management Technology L 1740 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
Intel® Management & Security Applicat 3856 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
iTunes 3732 C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 3772 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Malwarebytes Anti-Malware 4932 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
Microsoft® Windows® Operating System 2612 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
Microsoft® Windows® Operating System 2440 C:\Windows\svchost.exe
MobileDeviceService 1552 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Symantec Security Technologies 1776 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
Symantec Security Technologies 2232 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
THXAudio 3616 C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe
ToolbarU Application 1960 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
Updater Service 1892 C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
Widgi Toolbar 3744 C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
Windows® Internet Explorer 4300 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 5800 C:\Program Files (x86)\Internet Explorer\iexplore.exe
(verified) GoogleToolbarNotifier 3172 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


Network activity
----------------
Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.239.8
Process svchost.exe (2440) connected on port 80 (HTTP) --> 209.197.7.31
Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.19
Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.239.8
Process svchost.exe (2440) connected on port 80 (HTTP) --> 66.150.149.23
Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.19
Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.224.187
Process svchost.exe (2440) connected on port 80 (HTTP) --> 209.197.7.31
Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.217.78.140
Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.217.78.140
Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.224.187
Process svchost.exe (2440) connected on port 80 (HTTP) --> 66.150.149.23
Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.208.5.19
Process svchost.exe (2440) connected on port 80 (HTTP) --> 93.184.215.73
Process svchost.exe (2440) connected on port 80 (HTTP) --> 208.71.123.59
Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.224.218
Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.224.218
Process svchost.exe (2440) connected on port 80 (HTTP) --> 107.20.138.220
Process svchost.exe (2440) connected on port 80 (HTTP) --> 184.87.49.107
Process svchost.exe (2440) connected on port 80 (HTTP) --> 69.171.229.15
Process svchost.exe (2440) connected on port 80 (HTTP) --> 204.236.130.144
Process svchost.exe (2440) connected on port 80 (HTTP) --> 184.72.60.74
Process svchost.exe (2440) connected on port 80 (HTTP) --> 50.16.230.70
Process svchost.exe (2440) connected on port 80 (HTTP) --> 216.137.45.245
Process svchost.exe (2440) connected on port 80 (HTTP) --> 216.137.45.245
Process svchost.exe (2440) connected on port 80 (HTTP) --> 216.137.45.245
Process svchost.exe (2440) connected on port 80 (HTTP) --> 216.137.45.245
Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.67
Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.217.66.128
Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.217.66.128
Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.208.5.19
Process svchost.exe (2440) connected on port 80 (HTTP) --> 184.28.37.55
Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.224.219
Process svchost.exe (2440) connected on port 80 (HTTP) --> 50.16.212.13
Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.67
Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.12.249.161
Process svchost.exe (2440) connected on port 80 (HTTP) --> 216.137.45.184
Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.8
Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.82
Process svchost.exe (2440) connected on port 80 (HTTP) --> 184.28.37.55
Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.49
Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.43
Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.66
Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.217.78.150
Process svchost.exe (2440) connected on port 80 (HTTP) --> 107.20.134.140
Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.43
Process svchost.exe (2440) connected on port 80 (HTTP) --> 208.40.245.50
Process svchost.exe (2440) connected on port 80 (HTTP) --> 192.150.16.64
Process svchost.exe (2440) connected on port 80 (HTTP) --> 23.49.57.42
Process svchost.exe (2440) connected on port 80 (HTTP) --> 24.143.202.10
Process svchost.exe (2440) connected on port 80 (HTTP) --> 24.143.202.10
Process svchost.exe (2440) connected on port 80 (HTTP) --> 184.50.2.77
Process svchost.exe (2440) connected on port 80 (HTTP) --> 204.11.109.22
Process svchost.exe (2440) connected on port 80 (HTTP) --> 8.19.18.172
Process svchost.exe (2440) connected on port 80 (HTTP) --> 50.18.120.113
Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.208.5.26
Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.224.218
Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.224.218
Process svchost.exe (2440) connected on port 80 (HTTP) --> 8.19.18.172
Process svchost.exe (2440) connected on port 80 (HTTP) --> 174.137.34.100
Process svchost.exe (2440) connected on port 80 (HTTP) --> 174.137.34.100
Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.208.5.27
Process svchost.exe (2440) connected on port 443 (HTTP over SSL) --> 74.125.224.197
Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.208.5.27
Process svchost.exe (2440) connected on port 80 (HTTP) --> 209.18.46.83
Process svchost.exe (2440) connected on port 80 (HTTP) --> 207.200.74.25
Process svchost.exe (2440) connected on port 80 (HTTP) --> 184.50.0.191
Process svchost.exe (2440) connected on port 80 (HTTP) --> 184.50.0.191
Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.208.5.19
Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.208.5.17
Process svchost.exe (2440) connected on port 443 (HTTP over SSL) --> 66.220.146.87
Process svchost.exe (2440) connected on port 80 (HTTP) --> 50.19.123.221
Process svchost.exe (2440) connected on port 80 (HTTP) --> 69.171.229.15
Process svchost.exe (2440) connected on port 80 (HTTP) --> 208.111.155.109
Process svchost.exe (2440) connected on port 80 (HTTP) --> 50.19.215.118
Process jusched.exe (3772) connected on port 443 (HTTP over SSL) --> 23.3.192.60
Process iexplore.exe (4300) connected on port 80 (HTTP) --> 85.195.93.243
Process iexplore.exe (4300) connected on port 80 (HTTP) --> 64.208.159.32
Process iexplore.exe (4300) connected on port 80 (HTTP) --> 74.125.239.8
Process iexplore.exe (4300) connected on port 80 (HTTP) --> 74.125.239.8

Process GregHSRW.exe (1664) listens on ports: 8093
Process LMS.exe (1740) listens on ports: 623, 16992


Autoruns and critical files
---------------------------
Acer Touch Portal Monitor C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe CS5 Service Manager C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Adobe Updater Startup Utility C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Apple Push C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
Creative Updreg C:\Windows\UpdReg.EXE
cyberlink brs C:\Program Files (x86)\CyberLink\Shared files\brs.exe
CyberLink YouCam Tray C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Malwarebytes Anti-Malware C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
Microsoft® Windows® Operating System C:\Windows\system32\userinit.exe
MUI StartMenu Application C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe
Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
SBSV 2010/02/19-11:02:07 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
THXAudio C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe
TouchPortal C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe
Widgi Toolbar C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(verified) GoogleToolbarNotifier C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


Browser plugins
---------------
AcroIEHelperShim Library C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Google Toolbar for Internet Explorer c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
Google Update C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
Java Deployment Toolkit 6.0.310.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
Java™ Platform SE 6 U31 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U31 C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
Java™ Platform SE 6 U31 c:\program files (x86)\java\jre6\bin\ssv.dll
mabinogi mabiwebframe C:\Windows\Downloaded Program Files\mabiwebframe.dll
Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
Nexon Game Controller C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
Norton Confidential c:\program files (x86)\norton internet security\engine\19.5.0.145\coieplg.dll
npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
Pando Web Plugin C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
RadioWMPCoreGecko10.dll C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko10.dll
RadioWMPCoreGecko5.dll C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko5.dll
RadioWMPCoreGecko6.dll C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko6.dll
RadioWMPCoreGecko7.dll C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko7.dll
RadioWMPCoreGecko8.dll C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko8.dll
RadioWMPCoreGecko9.dll C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko9.dll
sdhelper.dll c:\program files (x86)\spybot - search & destroy\sdhelper.dll
Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
Symantec Intrusion Detection c:\program files (x86)\norton internet security\engine\19.5.0.145\ips\ipsbho.dll
System Requirements Lab C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll
Widgi Toolbar c:\program files (x86)\youtube downloader toolbar\ie\5.0\youtubedownloadertoolbarie.dll
Windows Live™ Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) RadioWMPCoreGecko19.dll C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll


Scan
----
MD5: 2ceff13ace25a40bd8d97654944297cd \\.\globalroot\systemroot\svchost.exe
MD5: 1fa3b42da40d0f387a7899a9731a2e94 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
MD5: 505f022493d471025add399a4162208b C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
MD5: d84dd079b86dac2e3d0f92ca383b4086 C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
MD5: 2cbca94abccb2b79e4693ba0e4fc85be C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: 1f9b3487739b31c3d770728cb157a54d C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: f577910a133a592234ebaad3f3afa258 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MD5: 60c079cb2150760263d1fe5ff6218961 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll
MD5: 1f3ff6c062b311fe410ec89f6bfac213 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
MD5: 37cf2461cb5e40c4cfab82c8fc79a2bc C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
MD5: fc33cbbb9cadcec307da010fe763d04c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
MD5: 054b87c872292a960b9b8a834b34dfa7 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
MD5: 250bf888ddbe88d61eb19a9d4957c794 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: fd86c605fd7ad4a41c01ec7a4a1e1c5d C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: a3609397ef273b03295dbb10274be12c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: 18301b40411b2108076ab685b4e4b6dc C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MD5: 794950db77aa590c2964eca0a5874a09 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
MD5: df1c1cd0c7ee95cc00d71e9e415e7bcd C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
MD5: c28fd3b37b6f18751c99e6022a2a9782 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: 2503287bd19ae52e36e9de42834a2ac0 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.DLL
MD5: a56ccbbfccedce2fd9c69fed24e035e3 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: 3debbecf665dcdde3a95d9b902010817 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: 1224bc6de919f8cd8c1c945280e63852 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: 06a4250c9e3606cae3f68da45702f342 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: 905b5bf5be0a86e8412801bf20357195 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll
MD5: 41404aa06914e6f94d14b671ae1e5c37 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
MD5: 98a078f838a70f84e1bd490d7c7675f4 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MD5: 2dc64a3446c8c6e020e781456b46573d C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
MD5: ed0a4dd3439d1231b47416604a7d84dc C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tpcps.dll
MD5: 6bf01e200063d7274f3af06d226671f5 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
MD5: da579734b4375740efee86ffdfed57a7 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL
MD5: 9d4a1690af93f233e15380398bec7431 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 91b3cd7595274b90c253b74057920811 C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
MD5: 7dd73b8a2db467b0121d1331eb39812b C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth.dll
MD5: 5ccf1be80930aeb1cdebf561666325e8 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
MD5: 7a898e4a744621711be7e7b796c69876 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
MD5: 606893821219520ca2cd44a8cb2235ad C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\CTAudEp.dll
MD5: 544013c383833189a61c2f72b8814319 C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\CTLoadRs.dll
MD5: 07162b620bf03e1e6804160efcd677b5 C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\CTSetAPO.dll
MD5: 39d5953dc7be13705878e35ed093f88e C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\CTSUSDKu.dll
MD5: 1798de71b8051046cb987db000df51d9 C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\en-US\THXAudio.resources.dll
MD5: 8fc069758a9d4bd2a049226c017c083d C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe
MD5: 55371fbc7e2237e9403882c7cbde8460 C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXLgcy.dll
MD5: 32d7226f843abb61be3390339aab5556 C:\Program Files (x86)\CyberLink\Shared files\brs.exe
MD5: 212be9ad764e1eacc26994c3e08b25fb C:\Program Files (x86)\CyberLink\YouCam\Custom\Lang\ENU\IM.dll
MD5: dff1e77e82a343f71956a0d6840abffb C:\Program Files (x86)\CyberLink\YouCam\MFC71U.DLL
MD5: fa02920fb5c311b07e30cecf7cbf3a7c C:\Program Files (x86)\CyberLink\YouCam\MSVCP71.dll
MD5: 696a483efc2d7bae2734188c1a3ee07d C:\Program Files (x86)\CyberLink\YouCam\MSVCR71.dll
MD5: 7448354e89900479c227dd3118ebd6fd C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUITransfer.dll
MD5: fc6aeb9413b8f1fec4e22bf81f6d919c C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
MD5: 6858c318e8daa40e747e6fb9b214e104 C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
MD5: 56cd679490894445bc2f42214b377016 C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe
MD5: 61980095ae5d02b1e9d2ed604a90c1bf c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
MD5: e460233208906ecc0e8f057b25562f13 C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\gtn.dll
MD5: ab3668c159e1cfea184f72650bd66807 C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
MD5: 27626506e07795bb6357f7f2ef78a90b C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
MD5: 1d82a01a368255fe78c65cf66b5b8281 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
MD5: 1cbad5eee017fafea2bf75e82330783d C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\DTMessageLib.dll
MD5: d480c9220bfe667de65a46cde80ea7e9 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\StatusStrings.dll
MD5: c6142b8cb72558d91cea8e38f1b7d905 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
MD5: 122f89e0905fc656d56f65cd7a2e9b4d C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\xerces-c_2_7.dll
MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MD5: cf5d4889c15cc8a40be54f55f27093b1 C:\Program Files (x86)\Internet Explorer\IEShims.dll
MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe
MD5: 1fa3b42da40d0f387a7899a9731a2e94 C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
MD5: e4ce6c4ae730e0ec87fc5da4cd1946ad C:\Program Files (x86)\iTunes\iTunesHelper.dll
MD5: 0dcac41eb58a45049bd7ff665c32d5f4 C:\Program Files (x86)\iTunes\iTunesHelper.exe
MD5: e7be61eb1bde3921ff0cdd24f1535332 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: 93a67ad03fd9c2286a4a5ad9a67f381a C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: 64151c0799431e0304ae1bd6202131a7 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
MD5: a9770771b622a871643ea2a4a3983e95 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
MD5: 34e3709244736b8976820f730e5a8815 C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
MD5: 8e6c86726b67d3faa3144849b9aac06c c:\program files (x86)\java\jre6\bin\ssv.dll
MD5: 82f9764ebe2ef590cd2b3beb234e5671 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
MD5: d3b6d02f0d95a62dfbae7d7ea404db59 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll
MD5: 60d0647a2dc2d397b84d0afb0808f85d C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
MD5: a2c2ec01306a666c4372bb7a06659b5d C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
MD5: 056b19651bd7b7ce5f89a3ac46dbdc08 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
MD5: ed327201724ea05d509b7939abe49e98 c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
MD5: a878453a1714870eaada83e6434bdb77 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
MD5: 1fa3b42da40d0f387a7899a9731a2e94 C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: c6b68e5cc56e7cf732c75c2498a6da55 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\APPMGR32.DLL
MD5: 9261959f6c6dc6435234e97954e4902d C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\asEngine.dll
MD5: 6e5d56ae8ba13fe2be8cc649f2e66684 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\ASHELPER.DLL
MD5: 818690f79aefc5a0365bf4ff5e4976c2 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\ASOEHOOK.DLL
MD5: 9202e913a12c6c985c1003eee6ecdc16 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\AVIfc.dll
MD5: c32ad313e558cb38784ddc15445de56e C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\AVMail.dll
MD5: ee0dec36a77b6117ee45f0b3a91ae1f6 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\avModule.dll
MD5: 1f2b32dd1f96e6386ce7bcfb63327753 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\AVPAPP32.dll
MD5: 54de6a7f48a05926ba8ba37bee42bd92 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\AVPSVC32.DLL
MD5: d0c0c17e2a31c33fa495d3ab8a0d5bb2 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\BHClient.dll
MD5: 1f761da08b1855ddbdd97204d69b48dd C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\BHSVCPLG.DLL
MD5: ceaf83f1be7fb3d9794a3f93d6d1b2f5 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\CCEMLPXY.DLL
MD5: e215110df049874e42208f88ac35f470 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\CCGEVT.DLL
MD5: 0e5ab9d11235172f6e5ce988597977d1 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccGLog.dll
MD5: fa89858c35dcc34a23dc643498ed99cf C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccIPC.dll
MD5: 0616266256e18eb8813ff30d5bf6fcf8 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\CCJOBMGR.DLL
MD5: f695b4bdbeea2a64dbd87a8355cd1ea1 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccL110U.dll
MD5: 09a527ee12c7a05abd1c18cbe3744a64 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSet.dll
MD5: 5b88c32019ad04f7aba397b4fe99b77d C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\CCSUBENG.DLL
MD5: 7af5798d958f7c460db0a06c7cc4373d C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvc.dll
MD5: 9d0f43b1d0434b44183d4795e89f6c14 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
MD5: b3ab6de181dd772dcda738919ce7a244 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccVrTrst.dll
MD5: a48fc9ba3b84b79ebab1297ffe308373 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\CLTALDIS.DLL
MD5: 3c473ca451f879060293054dab80a76b C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\CLTLMS.DLL
MD5: aa2613a21a8ff0fb7f856bd7774c8585 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\cltPE.dll
MD5: 20b3c342343101167c9955123ca7823f C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\COACTMGR.DLL
MD5: c65293b51b0202b04621db8e54454d5c C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coDataPr.dll
MD5: 1a2c475bde442def24df0e877bf44c6a c:\program files (x86)\norton internet security\engine\19.5.0.145\coieplg.dll
MD5: 5b61ed457c04d2a81858eb438479fb22 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\COMM.DLL
MD5: 3d4c6ecf301e2097759ae1a21e8f849e C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coShdObj.dll
MD5: 58c38acc219e17389b137d7a5bf36c76 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\COSVCPLG.DLL
MD5: 35c511425f8b14fef155331d0a8f713b C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\DATASTOR.DLL
MD5: 6f8e100d7978ba9d53db01d7b7711b69 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\DIMASTER.DLL
MD5: f553d3f88d32022c6fb35479b1be552d C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\diStRptr.dll
MD5: 5e0c5b5be5304e133968d6d6f8840b28 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\DSCli.dll
MD5: 521d39167094d40fb7065b76a32cef5c C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\EFACli.dll
MD5: 1de3315940d277aeebe5e9607bfbd7d7 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\FWCORE.DLL
MD5: 28024a6f2d8a11f73632fcf8471440b4 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\FWGenPlg.dll
MD5: 8eae60994e660575d998ec4a6f89a8f6 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\FWSESAL.DLL
MD5: 36c381e92a4a90d978fa6f42a7a5da9f C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\HNCORE.DLL
MD5: 3cc5e2b69c67b56cd828411737163328 c:\program files (x86)\norton internet security\engine\19.5.0.145\ips\ipsbho.dll
MD5: 9eaa83d9ca0235e55e4780623d2066d3 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\IPSPLUG.DLL
MD5: 23fac53ce10497c70604019bf7aef347 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\IRON.DLL
MD5: fa943824256da6a2e00e7d3e211205b4 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\ISDATAPR.DLL
MD5: a2e1ec6fbc2afc950e50a0fc0717269f C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\ISDATASV.DLL
MD5: be8a377f362debcb92fc0e9c3187c0a7 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\NAHELPER.DLL
MD5: 604ede0da0d45de5a1bf20275c70be5c C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\NCW.DLL
MD5: 2bc45786c202e751a708daa9b8577a60 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\NPCStats.dll
MD5: 480349b65cca6438692b0d37f1af54b5 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\NPCTRAY.DLL
MD5: db5cadff710623ac0142a39f203ad394 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ProxyClt.dll
MD5: dab49e139099335b3ae936ff3d0c168f C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\QBackup.dll
MD5: c3de5413b9ad428eea62dc9e77e481e7 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\QSPLUGIN.DLL
MD5: 7f72ec268ce9e066e29e50f11d20cb92 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\SDKCMN.DLL
MD5: 7eabaa542a7da553552128f595dda08e C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\SNDSVC.DLL
MD5: eca13822896935dc641a35ead4b88ecc C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\SPOCCLNT.DLL
MD5: 91770e8f7fa61b155292db5123430aff C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\SQLite.dll
MD5: b2883ddd812199ea718ad4e315e98e62 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\SQSVC.DLL
MD5: 5caec47a463bb3f88ddaca6813c2ae7d C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\srtsp32.dll
MD5: 6487a19e0ea3228515394a4b1a780b17 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\SYMHTML.DLL
MD5: ff6b44e0bd9c3941a9d7764839100ac6 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\SymNeti.dll
MD5: 7601a29152ed8edf2478debf5cdd89b6 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\SYMRDRSV.DLL
MD5: 2cfe545abafce9ab0c375dc05ce831c7 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\SymRedir.dll
MD5: b78913e8e6a3debf7aab188975594e84 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\UIALERT.DLL
MD5: dc0d4ea3e23965a47e730e6b57f68d5a C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\USERCTXT.DLL
MD5: 6f2775cc551cc3eee10c84ddeee531bc C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\USERLOG.DLL
MD5: b2eddcd119f894769f70417e515890f7 C:\Program Files (x86)\Norton Internet Security\MUI\19.5.0.145\09\01\cltRes.loc
MD5: fed935f9471c4f28cdfbca604d08bd65 C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
MD5: af43c4f7f3c8bc95dad95024f96cdc4a C:\Program Files (x86)\QuickTime\QTTask.exe
MD5: 9f385d03b1708f6e9c9fa432433cfbab C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
MD5: ac421a44de902f2627f1e63793ed89cd C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
MD5: 73e7920f41e9d91cc131831026cbb731 c:\program files (x86)\youtube downloader toolbar\ie\5.0\youtubedownloadertoolbarie.dll
MD5: f9d908de6b166dac9b89bf62fa291ce8 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: ebbcd5dfbb1de70e8f4af8fa59e401fd C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 28ad5e311996a34025cfb07e131058dd C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 7e47c328fc4768cb8beafbcfafa70362 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
MD5: f9ec9acd504d823d9b9ca98a4f8d3ca2 C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
MD5: ee4c2a137c7088911a8919effc9812e7 C:\Program Files\iPod\bin\iPodService.exe
MD5: 0b267e5ac46693584e2e0acfd8d9ce83 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
MD5: a9f3bfc9345f49614d5859ec95b9e994 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: 6d657abadf217dbb17cf0a0af44a7e29 C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
MD5: 41da5845e1f8af445bd626cf085c4541 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys
MD5: 5b4c50526c1ddbe0f966a524548935fb C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHEngine.dll
MD5: 0b97f1a640ad3d159a7b5d2164c42e50 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVia64.sys
MD5: 58815deb605847d3e07c4f832e1d412b C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSxpx86.dll
MD5: 2dbe90210de76be6e1653bb20ec70ec2 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\ENG64.SYS
MD5: 346da70e203b8e2c850277713de8f71b C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\EX64.SYS
MD5: 8d7de77590f586fa630a2322e35b45ed C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko10.dll
MD5: c2ad81a8cb014376dcc05257bc31ca23 C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko5.dll
MD5: 402f5c01b3629e70015d4eac29bd4b80 C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko6.dll
MD5: d55024f2e996643e54d736c83b4a4e8e C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko7.dll
MD5: 6b9ecf45d72b1b47bea6fbfd62925634 C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko8.dll
MD5: 816c504ac507224f0ec4f72f2024b028 C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko9.dll
MD5: 4c790c3c2edf1aebf95b6baa248cf230 C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll
MD5: 638f45c6397c911828d2a478729b23aa C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MD5: 68b5370cc7b84ba569089715225e22e6 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MD5: 18164b0144b43860965f161c79cff4c4 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MD5: dfd0283dd8506e8506d4621717fbecf9 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MD5: 95e8d9c0e865ead5a440c91d933b7d60 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MD5: 56cebc1d7b1d98959b87149ea3d22071 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MD5: a2c3f8e5ac37dbee96c563606f710fe3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MD5: 5764f20720f350d46fd6cef6cb3a4941 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MD5: dcc1ac29aa8d2ce725cc86a626cec360 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MD5: 3d725c257ea3952158fffbb5874896da C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MD5: d3ba339de4c1c7082e815ad49a41cd38 C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MD5: dbab8613e82049d86bf9f66fecb843fa C:\Windows\Downloaded Program Files\mabiwebframe.dll
MD5: bb7fcdcd4de287340b5c1bb1949ad3c6 C:\Windows\Downloaded Program Files\qsax.dll
MD5: c4002b6b41975f057d98c439030cea07 C:\Windows\ehome\ehRecvr.exe
MD5: 332feab1435662fc6c672e25beb37be3 C:\Windows\Explorer.exe
MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: 59d16fd61802739988728790bf1232b3 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: 96076b8fcdff3c6db4ccfbf7fe3a9b28 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: 54aafdf0193f9e7cfa2a579b6f983f3e C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
MD5: 189ef45eb56724a888159c084588155d C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MD5: 773212b2aaa24c1e31f10246b15b276c C:\Windows\servicing\TrustedInstaller.exe
MD5: 2ceff13ace25a40bd8d97654944297cd C:\Windows\svchost.exe
MD5: 37ce7a79d901235504f9add99a7ac177 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: cb4863f2bd46aa02d954b86b56a149da C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: 2cae4ed96aa903578452b85e5383940c C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: e96170a923a69711b4d08e885f05d889 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 15df9eb8daba744e4d0e9b117f760f49 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: a2385b02cb492131af6f79959a42a93f C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 88dc1714e38d4eb41a4378aab98e753b C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: b302a1630e5aea2d830b76bbcd761d72 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: 22f767bb3b704f79363999bd4a49e68e C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 00b83152f99e846fefb139c574cd4a96 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 50035c36acee069d0c209288208626d9 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: cdf677ad479fa99f2e4d9766b83ef53c C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: 12c34c7325b74e8347e8db75279a8f3f C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 96324ed3218133a13fff82055afac733 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: a7bdf88a46bcc218b73e383e6547ba5f C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 573c70d7076f2f101752a727db7c2280 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 0cc90316b34118e3b8af760d92c262a4 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: 6f399c3e562c4e69df96039743a7aa26 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: f3b94e04053c2483a6fecf953d6661d6 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: c6942a18444bfffc3cceca69a7e1879c C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\system32\apphelp.dll
MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\system32\AUDIOSES.DLL
MD5: 7a6986dd659b96398a11af5173892715 C:\Windows\system32\Cabinet.dll
MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\system32\cmd.exe
MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\Windows\system32\credssp.dll
MD5: a585bebf7d054bd9618eda0922d5484a C:\Windows\system32\cryptsvc.dll
MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\Windows\system32\cscapi.dll
MD5: 35cede6439ff0d8903223a0817ffe46c C:\Windows\system32\d2d1.dll
MD5: 2de90400a63818fa38c4c5c9adb166bf C:\Windows\system32\d3d10_1.dll
MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\Windows\system32\d3d10_1core.dll
MD5: 78b7a3bda25c90daa50d36a56a8d1351 C:\Windows\system32\D3D10Warp.dll
MD5: 6ef5f3f18413c367195f06e503ab86a6 C:\Windows\system32\d3d9.dll
MD5: 91b4aad4412bb223b466f3dfb43e86da C:\Windows\system32\D3Dx10_40.dll
MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:\Windows\system32\DBGHELP.DLL
MD5: 162d247e995eaebf3ef4289069e1111c C:\Windows\system32\DEVRTL.dll
MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:\Windows\system32\dhcpcore.dll
MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\system32\dnsapi.DLL
MD5: 062373995eae5f0eac9eaa9192136bfb C:\Windows\system32\dnssd.dll
MD5: 0a5c7253183a6f956d10a3a4bbc96288 C:\Windows\system32\DWrite.dll
MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\Windows\system32\dxgi.dll
MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\Windows\system32\explorer.exe
MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\system32\explorerframe.dll
MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\Windows\System32\fwpuclnt.dll
MD5: 490fc0d07f7c0468e232ab8e8e956719 C:\Windows\system32\IEFRAME.dll
MD5: 07970aa4c392efb133d1a1bfbd66a58f C:\Windows\system32\IEUI.dll
MD5: ab142f0ddc6e236472da8ba5b23a9e66 C:\Windows\system32\igd10umd32.dll
MD5: 8020c0923cb26676e998d0bd246cfaef C:\Windows\system32\igdumd32.dll
MD5: c679f9e548ecb2e75a2879a3aacb6104 C:\Windows\system32\igdumdx32.dll
MD5: 68563ac389f92ee79f1c714288ba1dce C:\Windows\system32\ImgUtil.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\system32\IMM32.DLL
MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\system32\iphlpapi.dll
MD5: 243974ec02f7ae49e4179c54624143ab C:\Windows\System32\MMDevApi.dll
MD5: 7f8678c59f188528d60104e697c2361e C:\Windows\system32\mscms.dll
MD5: d83947a58613e9091b4c9cc0f1546a8d C:\Windows\SYSTEM32\MSCOREE.DLL
MD5: 45fb05f743e626d9e239e52602cea041 C:\Windows\system32\msctfui.dll
MD5: 497c9c3db953a60ec4f43a097e15f75e C:\Windows\system32\MSHTML.dll
MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\system32\msiexec.exe
MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll
MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\Windows\system32\mswsock.dll
MD5: 4205ca4cd43e725db9ff02b0a588a8c6 C:\Windows\System32\msxml3.dll
MD5: 269d867585cda04d3972a39f3694e7df C:\Windows\System32\msxml6.dll
MD5: 8b57a1ad493653bb57f281fe75dd175b C:\Windows\System32\NaturalLanguage6.dll
MD5: 8ce1a6d16b9077e91e192499eb611c5f C:\Windows\system32\NETAPI32.dll
MD5: 20b3934db73eaba2b49b7177873cb81f C:\Windows\system32\netutils.dll
MD5: 104a1070e90f1c530328e69b49718841 C:\Windows\system32\NLAapi.dll
MD5: 03f3b770dfbed6131653ceda8ca780f0 C:\Windows\system32\ntshrui.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\system32\OLEACC.dll
MD5: 487f44b08efeaf5ad087878357b9403d C:\Windows\system32\PDH.DLL
MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\system32\pla.dll
MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\Windows\system32\PROPSYS.dll
MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\Windows\system32\provsvc.dll
MD5: 102cf6879887bbe846a00c459e6d4abc C:\Windows\system32\RICHED20.dll
MD5: b5506b451bfe7148eca7056bda2970bd C:\Windows\system32\RICHED32.DLL
MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\system32\RpcRtRemote.dll
MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\Windows\system32\rtutils.dll
MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\system32\SAMCLI.DLL
MD5: 236f286e103fd44bd85fdd93097fd5dd C:\Windows\system32\SearchIndexer.exe
MD5: 69678722290c78d5d7198c60b5a4e3e8 C:\Windows\system32\Secur32.dll
MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\system32\sessenv.dll
MD5: 414da952a35bf5d50192e28263b40577 C:\Windows\System32\shsvcs.dll
MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\Windows\system32\srvcli.dll
MD5: 6a1e8deb746912df47cf651e138401d7 C:\Windows\System32\StructuredQuery.dll
MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\system32\SXS.DLL
MD5: 613bf4820361543956909043a265c6ac C:\Windows\System32\tapisrv.dll
MD5: 465dbf63a5049e4db4bc5c12ffe781cb C:\Windows\system32\tquery.dll
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\system32\USERENV.dll
MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 C:\Windows\system32\userinit.exe
MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\system32\wbem\fastprox.dll
MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll
MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll
MD5: d205c24a9d069049fe2df2a1b38726a7 C:\Windows\system32\wdmaud.drv
MD5: a9d880f97530d5b8fee278923349929d C:\Windows\System32\webclnt.dll
MD5: fb19fc5951a88f3c523e35c2c98d23c0 C:\Windows\system32\webio.dll
MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\Windows\system32\windowscodecs.dll
MD5: ca9f7888b524d8100b977c81f44c3234 C:\Windows\system32\WINHTTP.dll
MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\system32\WINMM.dll
MD5: 9419abf3163b6f0e3ad3dd2b381c879f C:\Windows\system32\WinSCard.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\system32\WINSPOOL.DRV
MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\system32\WINSTA.dll
MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\system32\wkscli.dll
MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\system32\ws2_32.dll
MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\system32\WsmSvc.dll
MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\system32\WTSAPI32.dll
MD5: edf2a5e96bec469da3f64e9bdd386111 C:\Windows\system32\XmlLite.dll
MD5: d2958325c1ae1ae37a83334c6229e3bc C:\Windows\SysWOW64\actxprxy.dll
MD5: 95e2376b3323f062eb562b8586d0f14a C:\Windows\syswow64\ADVAPI32.dll
MD5: 0c0350b58b6a9d3e20e8564999adfe12 C:\Windows\SysWOW64\APOMngr.DLL
MD5: f436e847fa799ecd75ad8c313673f450 C:\Windows\syswow64\CFGMGR32.dll
MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\syswow64\COMDLG32.dll
MD5: 454e292861a4ef1d72f43f42bbaf6917 C:\Windows\syswow64\CRYPT32.dll
MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C:\Windows\syswow64\DEVOBJ.dll
MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll
MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll
MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C:\Windows\syswow64\GDI32.dll
MD5: 490fc0d07f7c0468e232ab8e8e956719 C:\Windows\SysWOW64\ieframe.dll
MD5: cdf5b6aec538e02d5579e2e791042a1a C:\Windows\syswow64\iertutil.dll
MD5: b2fd31e20b423335fe3273b4bf95813c C:\Windows\syswow64\imagehlp.dll
MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\SysWOW64\IPHLPAPI.DLL
MD5: 2f0971c08f73ee881bb54cc7c11dff7b C:\Windows\SysWOW64\jscript9.dll
MD5: 99c3f8e9cc59d95666eb8d8a8b4c2beb C:\Windows\syswow64\kernel32.dll
MD5: 5c2d21c9b6b6175b89bc5d7e3cb979e1 C:\Windows\syswow64\KERNELBASE.dll
MD5: bd007d624e4cd905ab2e8df2c6de891c C:\Windows\SysWOW64\Macromed\Flash\Flash11c.ocx
MD5: 5789773089bc334c56cc31833f20daf6 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\syswow64\MSASN1.dll
MD5: 9dc80a8aaaaac397bdab3c67165a824e C:\Windows\syswow64\msvcrt.dll
MD5: e73b0f1819602cb6ef176fb78d76a47b C:\Windows\SysWOW64\ntdll.dll
MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\syswow64\ole32.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\SysWOW64\OLEACC.dll
MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\Windows\syswow64\OLEAUT32.dll
MD5: c5ad8083cf94201f1f8084ecc696a8b7 C:\Windows\syswow64\RPCRT4.dll
MD5: 1affb765af1fdcc0c185c38e9ddddaee C:\Windows\SysWOW64\schannel.dll
MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\syswow64\SETUPAPI.dll
MD5: 358fc25391c6733eaf49db480afdfd8c C:\Windows\syswow64\SHELL32.dll
MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\syswow64\SHLWAPI.dll
MD5: 44b2693080979a0e05085b3faaa43a09 C:\Windows\syswow64\SspiCli.dll
MD5: 544eff88ac6c85df5a4d6f18dfe08cfc C:\Windows\SysWOW64\taskschd.dll
MD5: 79f14b5df9e17e12193337ed4ee1c491 C:\Windows\syswow64\urlmon.dll
MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C:\Windows\syswow64\USER32.dll
MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:\Windows\syswow64\USP10.dll
MD5: 5e7a2cf7719161c5e6c0e47d67ad45ae C:\Windows\SysWOW64\vbscript.dll
MD5: 1d94fa7c81d2ffe494af094619ba706f C:\Windows\syswow64\WININET.dll
MD5: 2d0d2da87bea7144f2a17f19d0d17e4c C:\Windows\syswow64\WINTRUST.dll
MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\syswow64\WLDAP32.dll
MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\syswow64\WS2_32.dll
MD5: c419df63e0121d72411285780c2fc6cc C:\Windows\UpdReg.EXE
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\Comctl32.dll
MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MD5: 0029eba325f2fc9b6ba46bee33f32a09 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll


No file uploaded.

Scan finished - communication took 4 sec
Total traffic - 0.02 MB sent, 1.11 KB recvd
Scanned 493 files and modules - 37 seconds

==============================================================================

Also, I noticed the bitdefender scan(the log right above this) created a log with "Quickscan 32-bit" at the top. Is that a problem? I mean my system is a 64-bit OS.
Thank you for replying!

#6 Jonkiote

Jonkiote

    New Member

  • Members
  • Pip
  • 19 posts

Posted 24 February 2012 - 02:09 AM

Sorry for posting again, but I also noticed these logs keep listing Norton with my antivirus/firewall. As soon as the trial expired, I did not ever use Norton again. Should I just delete it? Or is it still helping?

#7 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 24 February 2012 - 08:10 AM

The BitDefender used 32-bit scan & that is ok.
If the Norton Internet Security Trial expired and you did not purchase a license, you'll need to plan for some alternate. For now, keep it and tell me if by chance you installed something else.
I'll help you sort it out later.

For now, I need for you to absolutely de-install Bit torrent & any other 'torrent utility. The logs show the pc has loads of open ports.
Torrents are infamous for being facilitators in spreading malware.
Confirm that you have removed all torrents / file-sharing programs !

Risks of File-Sharing Technology.

P2P file sharing: Know the risks


You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for jonkiote only. If you are a casual viewer, do NOT try this on your system!
If you are not jonkiote and have a similar problem, do NOT post here; start your own topic


The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!


Next, step 2
Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
  • Please double-click OTL.exe Posted Image to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    *****************************************************************
    :processes
    killallprocesses

    :files
    C:\Windows\svchost.exe

    :Commands
    [purity]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]

    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 3
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.
Using Internet Explorer browser only, go to ESET Online Scanner website:
http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad or Wordpad.

The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://go.eset.com/u...ine-scanner/faq

  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
  • Do not use the system while the scan is running. Once the full scan is underway, go take a long break Posted ImagePosted Image
Step 4
Save and close any work documents, close any apps that you started.
Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.


Re-enable the antivirus program.

Reply with copy of contents of OTLMoved Files log,
ESET scan log,
MBAM scan log

There will be more to do later.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#8 Jonkiote

Jonkiote

    New Member

  • Members
  • Pip
  • 19 posts

Posted 25 February 2012 - 03:04 AM

Thank you for continuing to help me!
Strange. I uninstalled/deleted bittorrent months ago.. Anyway, I deleted all files(about 4) that popped up when I searched my computer for "torrent," and double-checked to see if bittorrent was still in my system somewhere.(It wasn't.)
As for the Norton problem, I have not downloaded any replacements for it. Unless Malwarebytes or SpybotS&D count?
And now the logs:

OTLMoved Files log:
========== PROCESSES ==========
All processes killed
========== FILES ==========
C:\Windows\svchost.exe moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Carelessjon
->Flash cache emptied: 25025 bytes

User: Default
->Flash cache emptied: 56466 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 8197508 bytes

User: Public

Total Flash Files Cleaned = 8.00 mb


OTL by OldTimer - Version 3.2.33.2 log created on 02242012_183051

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

ESET scan log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1001863ced58ea4fbc46e7708c1d6056
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-25 06:30:21
# local_time=2012-02-24 08:30:21 (-1000, Hawaiian Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 0 81690316 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=324498
# found=25
# cleaned=25
# scan_time=4576
C:\$Recycle.Bin\S-1-5-21-368538222-2643626402-1821840259-1000\$RPEU5A5.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C
C:\$Recycle.Bin\S-1-5-21-368538222-2643626402-1821840259-1000\$RX7TA7M.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\YouTube Downloader\ytd_installer.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Carelessjon\Downloads\YouTubeDownloaderSetup272.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Carelessjon\Downloads\YouTubeDownloaderSetup32.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Windows\Temp\Temporary Internet Files\Content.IE5\BUJXF5AO\a012aef2fa691f6a511f19f61cdaff7f[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

MBAM log:
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.25.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Carelessjon :: CARELESSJON-PC [administrator]

Protection: Disabled

2/24/2012 8:35:54 PM
mbam-log-2012-02-24 (20-35-54).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 496732
Time elapsed: 54 minute(s), 40 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 5380 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)


Yup, still getting the svchost baloons.

#9 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 25 February 2012 - 08:03 AM

You will want to print out or copy these instructions to Notepad for Safe offline reference!

These steps are for Jonkiote only. If you are a casual viewer, do NOT try this on your system!
If you are not Jonkiote and have a similar problem, do NOT post here; start your own topic


The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!


Given you are running Windows 7, please remember that on most all tools you'll need to start them by Right-clicking, selecting Run as Administrator, AND allowing them to run at UAC prompt!

Let's have you run some additional diagnostic tools. Do as much as you can:

Step 1
Download aswMBR.exe ( 511KB ) to your desktop.
RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls


Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 2
Please read carefully and follow these steps.
  • Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have (if you have).
  • Download TDSSKiller and save it to your Desktop.
  • RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan
When the scan is done, it will display a summary screen.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step 3
Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here and click the "Download EXE" button & Save the file to ARK folder

RIGHT-click the exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)
Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

Step 4
Close all non-essential programs & windows that you have open.
Go here and download & SAVE Silent Runners.vbs (use IE to download it) to a new folder on your drive and run it. It generates a log too {name will start with "Startup Programs". It takes a minute or two and it will notify you with a popup when your log is ready (it will be in the new folder you created). Please post the information back in this thread. If your AV queries the script, allow it to run. It's not malicious. It simply generates a report on your system, and does not do any cleanup.


Step 5
Reply with copy of contents of aswmbr log,
the TDSSKILLER log,
the GMER log,
the Silent Runners log,
also provide an update on current status (eg, are things better, or are you still in Safe Mode with Networking)
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#10 Jonkiote

Jonkiote

    New Member

  • Members
  • Pip
  • 19 posts

Posted 25 February 2012 - 10:56 AM

Thanks for replying!
Here are a few things I noted during this process:
1.The GMER scan ended saying something like "unable to find any..." and when I clicked "copy" and pasted it on a notepad, it pasted nothing. I tried clicking "save" instead and that produced a blank log.
2.After the ASWMBR scan, the "fix" button was enabled, but I did not click it.
3.After the TDSSKILLER scan was complete, there were two infections found one was set to cure and the other was set to skip. Seeing nothing of this in your instructions, I simply clicked continue.
4.Google no longer redirects me! svchost balloons no longer appear, however while I was running the GMER scan, I got a svchost quarantine pop-up from MBAM...
aswmbr log:
aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-25 04:54:22
-----------------------------
04:54:22.091 OS Version: Windows x64 6.1.7601 Service Pack 1
04:54:22.091 Number of processors: 4 586 0x2502
04:54:22.091 ComputerName: CARELESSJON-PC UserName: Carelessjon
04:54:23.307 Initialize success
04:56:40.708 AVAST engine defs: 12022500
04:56:53.688 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
04:56:53.688 Disk 0 Vendor: WDC_WD6400AAKS-22A7B2 01.03B01 Size: 610480MB BusType: 11
04:56:53.688 Device \Driver\atapi -> MajorFunction fffffa80052b15c4
04:56:53.688 Disk 0 MBR read successfully
04:56:53.688 Disk 0 MBR scan
04:56:53.703 Disk 0 MBR:Pihar-C [Rtk]
04:56:53.703 Disk 0 TDL4@MBR code has been found
04:56:53.703 Disk 0 Windows 7 default MBR code found via API
04:56:53.703 Disk 0 MBR hidden
04:56:53.719 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
04:56:53.719 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
04:56:53.734 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 596042 MB offset 29566976
04:56:53.734 Disk 0 MBR [TDL4] **ROOTKIT**
04:56:54.202 Scan finished successfully
04:57:19.568 Disk 0 MBR has been saved successfully to "C:\Users\Carelessjon\Desktop\MBR.dat"
04:57:19.568 The log file has been saved successfully to "C:\Users\Carelessjon\Desktop\aswMBR.txt"

TDSSKILLER log:
04:59:13.0708 1360 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
04:59:14.0238 1360 ============================================================
04:59:14.0238 1360 Current date / time: 2012/02/25 04:59:14.0238
04:59:14.0238 1360 SystemInfo:
04:59:14.0238 1360
04:59:14.0238 1360 OS Version: 6.1.7601 ServicePack: 1.0
04:59:14.0238 1360 Product type: Workstation
04:59:14.0238 1360 ComputerName: CARELESSJON-PC
04:59:14.0238 1360 UserName: Carelessjon
04:59:14.0238 1360 Windows directory: C:\Windows
04:59:14.0238 1360 System windows directory: C:\Windows
04:59:14.0238 1360 Running under WOW64
04:59:14.0238 1360 Processor architecture: Intel x64
04:59:14.0238 1360 Number of processors: 4
04:59:14.0238 1360 Page size: 0x1000
04:59:14.0238 1360 Boot type: Normal boot
04:59:14.0238 1360 ============================================================
04:59:15.0112 1360 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:59:15.0112 1360 \Device\Harddisk0\DR0:
04:59:15.0112 1360 MBR used
04:59:15.0112 1360 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
04:59:15.0112 1360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x48C25000
04:59:15.0143 1360 Initialize success
04:59:15.0143 1360 ============================================================
04:59:38.0481 4660 ============================================================
04:59:38.0481 4660 Scan started
04:59:38.0481 4660 Mode: Manual; SigCheck; TDLFS;
04:59:38.0481 4660 ============================================================
04:59:39.0120 4660 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
04:59:39.0183 4660 1394ohci - ok
04:59:39.0214 4660 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
04:59:39.0230 4660 ACPI - ok
04:59:39.0230 4660 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
04:59:39.0308 4660 AcpiPmi - ok
04:59:39.0339 4660 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
04:59:39.0354 4660 adp94xx - ok
04:59:39.0386 4660 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
04:59:39.0401 4660 adpahci - ok
04:59:39.0401 4660 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
04:59:39.0417 4660 adpu320 - ok
04:59:39.0464 4660 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
04:59:39.0526 4660 AFD - ok
04:59:39.0557 4660 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
04:59:39.0573 4660 agp440 - ok
04:59:39.0588 4660 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
04:59:39.0588 4660 aliide - ok
04:59:39.0604 4660 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
04:59:39.0620 4660 amdide - ok
04:59:39.0620 4660 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
04:59:39.0682 4660 AmdK8 - ok
04:59:39.0682 4660 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
04:59:39.0729 4660 AmdPPM - ok
04:59:39.0729 4660 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
04:59:39.0744 4660 amdsata - ok
04:59:39.0760 4660 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
04:59:39.0760 4660 amdsbs - ok
04:59:39.0791 4660 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
04:59:39.0807 4660 amdxata - ok
04:59:39.0822 4660 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
04:59:39.0963 4660 AppID - ok
04:59:40.0025 4660 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
04:59:40.0025 4660 arc - ok
04:59:40.0041 4660 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
04:59:40.0056 4660 arcsas - ok
04:59:40.0088 4660 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
04:59:40.0212 4660 AsyncMac - ok
04:59:40.0244 4660 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
04:59:40.0259 4660 atapi - ok
04:59:40.0322 4660 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
04:59:40.0368 4660 b06bdrv - ok
04:59:40.0415 4660 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
04:59:40.0446 4660 b57nd60a - ok
04:59:40.0493 4660 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
04:59:40.0540 4660 Beep - ok
04:59:40.0680 4660 BHDrvx64 (41da5845e1f8af445bd626cf085c4541) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys
04:59:40.0743 4660 BHDrvx64 - ok
04:59:40.0774 4660 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
04:59:40.0821 4660 blbdrive - ok
04:59:40.0883 4660 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
04:59:40.0930 4660 bowser - ok
04:59:40.0961 4660 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:59:40.0992 4660 BrFiltLo - ok
04:59:41.0039 4660 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:59:41.0055 4660 BrFiltUp - ok
04:59:41.0070 4660 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
04:59:41.0117 4660 Brserid - ok
04:59:41.0148 4660 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
04:59:41.0164 4660 BrSerWdm - ok
04:59:41.0180 4660 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
04:59:41.0211 4660 BrUsbMdm - ok
04:59:41.0211 4660 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
04:59:41.0242 4660 BrUsbSer - ok
04:59:41.0242 4660 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
04:59:41.0273 4660 BTHMODEM - ok
04:59:41.0336 4660 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys
04:59:41.0351 4660 ccSet_NIS - ok
04:59:41.0382 4660 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
04:59:41.0429 4660 cdfs - ok
04:59:41.0476 4660 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
04:59:41.0523 4660 cdrom - ok
04:59:41.0570 4660 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
04:59:41.0601 4660 circlass - ok
04:59:41.0648 4660 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
04:59:41.0679 4660 CLFS - ok
04:59:41.0897 4660 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
04:59:41.0960 4660 CmBatt - ok
04:59:41.0975 4660 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
04:59:41.0975 4660 cmdide - ok
04:59:42.0022 4660 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
04:59:42.0038 4660 CNG - ok
04:59:42.0053 4660 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
04:59:42.0069 4660 Compbatt - ok
04:59:42.0100 4660 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
04:59:42.0131 4660 CompositeBus - ok
04:59:42.0147 4660 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
04:59:42.0147 4660 crcdisk - ok
04:59:42.0209 4660 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
04:59:42.0287 4660 DfsC - ok
04:59:42.0318 4660 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
04:59:42.0381 4660 discache - ok
04:59:42.0428 4660 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
04:59:42.0428 4660 Disk - ok
04:59:42.0474 4660 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
04:59:42.0490 4660 drmkaud - ok
04:59:42.0537 4660 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
04:59:42.0584 4660 DXGKrnl - ok
04:59:42.0615 4660 e1kexpress (f369e83f6cdab987ca2dd764278659a6) C:\Windows\system32\DRIVERS\e1k62x64.sys
04:59:42.0615 4660 e1kexpress - ok
04:59:42.0646 4660 EagleX64 - ok
04:59:42.0740 4660 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
04:59:42.0833 4660 ebdrv - ok
04:59:42.0911 4660 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
04:59:42.0927 4660 eeCtrl - ok
04:59:42.0974 4660 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
04:59:42.0989 4660 elxstor - ok
04:59:43.0052 4660 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
04:59:43.0052 4660 EraserUtilRebootDrv - ok
04:59:43.0067 4660 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
04:59:43.0114 4660 ErrDev - ok
04:59:43.0161 4660 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
04:59:43.0208 4660 exfat - ok
04:59:43.0239 4660 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
04:59:43.0286 4660 fastfat - ok
04:59:43.0317 4660 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
04:59:43.0348 4660 fdc - ok
04:59:43.0395 4660 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
04:59:43.0395 4660 FileInfo - ok
04:59:43.0410 4660 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
04:59:43.0473 4660 Filetrace - ok
04:59:43.0488 4660 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
04:59:43.0504 4660 flpydisk - ok
04:59:43.0535 4660 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
04:59:43.0551 4660 FltMgr - ok
04:59:43.0582 4660 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
04:59:43.0582 4660 FsDepends - ok
04:59:43.0598 4660 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
04:59:43.0598 4660 Fs_Rec - ok
04:59:43.0644 4660 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
04:59:43.0644 4660 fvevol - ok
04:59:43.0676 4660 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
04:59:43.0691 4660 gagp30kx - ok
04:59:43.0707 4660 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:59:43.0722 4660 GEARAspiWDM - ok
04:59:43.0769 4660 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
04:59:43.0816 4660 hcw85cir - ok
04:59:43.0863 4660 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
04:59:43.0878 4660 HdAudAddService - ok
04:59:43.0925 4660 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
04:59:43.0972 4660 HDAudBus - ok
04:59:44.0003 4660 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
04:59:44.0003 4660 HECIx64 - ok
04:59:44.0019 4660 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
04:59:44.0019 4660 HidBatt - ok
04:59:44.0050 4660 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
04:59:44.0175 4660 HidBth - ok
04:59:44.0206 4660 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
04:59:44.0222 4660 HidIr - ok
04:59:44.0253 4660 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
04:59:44.0284 4660 HidUsb - ok
04:59:44.0300 4660 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
04:59:44.0315 4660 HpSAMD - ok
04:59:44.0362 4660 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
04:59:44.0424 4660 HTTP - ok
04:59:44.0456 4660 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
04:59:44.0456 4660 hwpolicy - ok
04:59:44.0502 4660 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
04:59:44.0518 4660 i8042prt - ok
04:59:44.0534 4660 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
04:59:44.0549 4660 iaStorV - ok
04:59:44.0643 4660 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVia64.sys
04:59:44.0658 4660 IDSVia64 - ok
04:59:44.0830 4660 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys
04:59:45.0111 4660 igfx - ok
04:59:45.0158 4660 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
04:59:45.0158 4660 iirsp - ok
04:59:45.0267 4660 int15.sys (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\System32\OEM\Factory\int15.sys
04:59:45.0282 4660 int15.sys - ok
04:59:45.0345 4660 IntcAzAudAddService (935faa1a0af889f1ef46be55666100d0) C:\Windows\system32\drivers\RTKVHD64.sys
04:59:45.0407 4660 IntcAzAudAddService - ok
04:59:45.0438 4660 IntcDAud (d248aae81c156c0d47a77cd61bc24cd4) C:\Windows\system32\DRIVERS\IntcDAud.sys
04:59:45.0485 4660 IntcDAud - ok
04:59:45.0501 4660 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
04:59:45.0501 4660 intelide - ok
04:59:45.0516 4660 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
04:59:45.0548 4660 intelppm - ok
04:59:45.0579 4660 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:59:45.0641 4660 IpFilterDriver - ok
04:59:45.0657 4660 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
04:59:45.0672 4660 IPMIDRV - ok
04:59:45.0704 4660 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
04:59:45.0766 4660 IPNAT - ok
04:59:45.0813 4660 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
04:59:45.0844 4660 IRENUM - ok
04:59:45.0860 4660 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
04:59:45.0875 4660 isapnp - ok
04:59:45.0891 4660 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
04:59:45.0906 4660 iScsiPrt - ok
04:59:45.0938 4660 itecir (729cc577a823542aad779a0f1327bdb6) C:\Windows\system32\DRIVERS\itecir.sys
04:59:45.0938 4660 itecir - ok
04:59:45.0969 4660 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
04:59:45.0969 4660 kbdclass - ok
04:59:45.0984 4660 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
04:59:46.0000 4660 kbdhid - ok
04:59:46.0016 4660 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
04:59:46.0031 4660 KSecDD - ok
04:59:46.0062 4660 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
04:59:46.0062 4660 KSecPkg - ok
04:59:46.0078 4660 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
04:59:46.0140 4660 ksthunk - ok
04:59:46.0172 4660 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
04:59:46.0234 4660 lltdio - ok
04:59:46.0296 4660 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
04:59:46.0312 4660 LSI_FC - ok
04:59:46.0328 4660 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
04:59:46.0328 4660 LSI_SAS - ok
04:59:46.0343 4660 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:59:46.0343 4660 LSI_SAS2 - ok
04:59:46.0359 4660 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:59:46.0374 4660 LSI_SCSI - ok
04:59:46.0390 4660 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
04:59:46.0452 4660 luafv - ok
04:59:46.0515 4660 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
04:59:46.0530 4660 MBAMProtector - ok
04:59:46.0562 4660 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
04:59:46.0562 4660 MBfilt - ok
04:59:46.0577 4660 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
04:59:46.0593 4660 megasas - ok
04:59:46.0624 4660 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
04:59:46.0640 4660 MegaSR - ok
04:59:46.0671 4660 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
04:59:46.0718 4660 Modem - ok
04:59:46.0749 4660 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
04:59:46.0796 4660 monitor - ok
04:59:46.0811 4660 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
04:59:46.0827 4660 mouclass - ok
04:59:46.0827 4660 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
04:59:46.0874 4660 mouhid - ok
04:59:46.0905 4660 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
04:59:46.0905 4660 mountmgr - ok
04:59:46.0952 4660 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
04:59:46.0967 4660 mpio - ok
04:59:46.0998 4660 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
04:59:47.0045 4660 mpsdrv - ok
04:59:47.0092 4660 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
04:59:47.0139 4660 MRxDAV - ok
04:59:47.0186 4660 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:59:47.0248 4660 mrxsmb - ok
04:59:47.0279 4660 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:59:47.0310 4660 mrxsmb10 - ok
04:59:47.0326 4660 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:59:47.0342 4660 mrxsmb20 - ok
04:59:47.0357 4660 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
04:59:47.0373 4660 msahci - ok
04:59:47.0373 4660 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
04:59:47.0388 4660 msdsm - ok
04:59:47.0420 4660 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
04:59:47.0451 4660 Msfs - ok
04:59:47.0466 4660 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
04:59:47.0498 4660 mshidkmdf - ok
04:59:47.0513 4660 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
04:59:47.0529 4660 msisadrv - ok
04:59:47.0544 4660 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
04:59:47.0607 4660 MSKSSRV - ok
04:59:47.0638 4660 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
04:59:47.0685 4660 MSPCLOCK - ok
04:59:47.0716 4660 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
04:59:47.0778 4660 MSPQM - ok
04:59:47.0810 4660 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
04:59:47.0825 4660 MsRPC - ok
04:59:47.0841 4660 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
04:59:47.0856 4660 mssmbios - ok
04:59:47.0856 4660 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
04:59:47.0919 4660 MSTEE - ok
04:59:47.0934 4660 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
04:59:47.0950 4660 MTConfig - ok
04:59:47.0981 4660 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
04:59:47.0997 4660 Mup - ok
04:59:48.0012 4660 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
04:59:48.0059 4660 NativeWifiP - ok
04:59:48.0153 4660 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\ENG64.SYS
04:59:48.0153 4660 NAVENG - ok
04:59:48.0231 4660 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\EX64.SYS
04:59:48.0293 4660 NAVEX15 - ok
04:59:48.0340 4660 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
04:59:48.0371 4660 NDIS - ok
04:59:48.0387 4660 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
04:59:48.0449 4660 NdisCap - ok
04:59:48.0480 4660 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
04:59:48.0527 4660 NdisTapi - ok
04:59:48.0574 4660 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
04:59:48.0636 4660 Ndisuio - ok
04:59:48.0668 4660 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
04:59:48.0730 4660 NdisWan - ok
04:59:48.0777 4660 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
04:59:48.0824 4660 NDProxy - ok
04:59:48.0855 4660 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
04:59:48.0886 4660 NetBIOS - ok
04:59:48.0902 4660 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
04:59:48.0948 4660 NetBT - ok
04:59:49.0026 4660 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys
04:59:49.0058 4660 netr28x - ok
04:59:49.0104 4660 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
04:59:49.0104 4660 nfrd960 - ok
04:59:49.0151 4660 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
04:59:49.0198 4660 Npfs - ok
04:59:49.0229 4660 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
04:59:49.0276 4660 nsiproxy - ok
04:59:49.0338 4660 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
04:59:49.0385 4660 Ntfs - ok
04:59:49.0401 4660 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
04:59:49.0463 4660 Null - ok
04:59:49.0510 4660 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
04:59:49.0510 4660 nvraid - ok
04:59:49.0526 4660 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
04:59:49.0541 4660 nvstor - ok
04:59:49.0572 4660 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
04:59:49.0588 4660 nv_agp - ok
04:59:49.0604 4660 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
04:59:49.0635 4660 ohci1394 - ok
04:59:49.0650 4660 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
04:59:49.0666 4660 Parport - ok
04:59:49.0697 4660 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
04:59:49.0697 4660 partmgr - ok
04:59:49.0713 4660 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
04:59:49.0728 4660 pci - ok
04:59:49.0744 4660 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
04:59:49.0744 4660 pciide - ok
04:59:49.0791 4660 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
04:59:49.0791 4660 pcmcia - ok
04:59:49.0838 4660 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
04:59:49.0838 4660 pcw - ok
04:59:49.0869 4660 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
04:59:49.0947 4660 PEAUTH - ok
04:59:50.0009 4660 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
04:59:50.0087 4660 PptpMiniport - ok
04:59:50.0087 4660 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
04:59:50.0103 4660 Processor - ok
04:59:50.0165 4660 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
04:59:50.0212 4660 Psched - ok
04:59:50.0259 4660 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
04:59:50.0306 4660 ql2300 - ok
04:59:50.0321 4660 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
04:59:50.0337 4660 ql40xx - ok
04:59:50.0352 4660 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
04:59:50.0399 4660 QWAVEdrv - ok
04:59:50.0415 4660 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
04:59:50.0462 4660 RasAcd - ok
04:59:50.0493 4660 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
04:59:50.0524 4660 RasAgileVpn - ok
04:59:50.0540 4660 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:59:50.0602 4660 Rasl2tp - ok
04:59:50.0633 4660 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
04:59:50.0696 4660 RasPppoe - ok
04:59:50.0727 4660 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
04:59:50.0758 4660 RasSstp - ok
04:59:50.0789 4660 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
04:59:50.0852 4660 rdbss - ok
04:59:50.0867 4660 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
04:59:50.0883 4660 rdpbus - ok
04:59:50.0914 4660 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:59:50.0961 4660 RDPCDD - ok
04:59:50.0976 4660 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
04:59:51.0039 4660 RDPENCDD - ok
04:59:51.0070 4660 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
04:59:51.0101 4660 RDPREFMP - ok
04:59:51.0132 4660 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
04:59:51.0164 4660 RDPWD - ok
04:59:51.0195 4660 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
04:59:51.0210 4660 rdyboost - ok
04:59:51.0242 4660 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
04:59:51.0288 4660 rspndr - ok
04:59:51.0351 4660 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\System32\Drivers\RtsUStor.sys
04:59:51.0366 4660 RSUSBSTOR - ok
04:59:51.0382 4660 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
04:59:51.0382 4660 sbp2port - ok
04:59:51.0444 4660 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
04:59:51.0476 4660 scfilter - ok
04:59:51.0507 4660 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
04:59:51.0554 4660 secdrv - ok
04:59:51.0569 4660 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
04:59:51.0585 4660 Serenum - ok
04:59:51.0616 4660 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
04:59:51.0632 4660 Serial - ok
04:59:51.0647 4660 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
04:59:51.0678 4660 sermouse - ok
04:59:51.0694 4660 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
04:59:51.0710 4660 sffdisk - ok
04:59:51.0725 4660 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
04:59:51.0741 4660 sffp_mmc - ok
04:59:51.0756 4660 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
04:59:51.0772 4660 sffp_sd - ok
04:59:51.0772 4660 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
04:59:51.0788 4660 sfloppy - ok
04:59:51.0819 4660 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:59:51.0819 4660 SiSRaid2 - ok
04:59:51.0834 4660 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
04:59:51.0850 4660 SiSRaid4 - ok
04:59:51.0866 4660 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
04:59:51.0897 4660 Smb - ok
04:59:51.0928 4660 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
04:59:51.0944 4660 spldr - ok
04:59:52.0006 4660 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS
04:59:52.0037 4660 SRTSP - ok
04:59:52.0053 4660 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS
04:59:52.0053 4660 SRTSPX - ok
04:59:52.0084 4660 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
04:59:52.0100 4660 srv - ok
04:59:52.0131 4660 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
04:59:52.0209 4660 srv2 - ok
04:59:52.0240 4660 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
04:59:52.0271 4660 srvnet - ok
04:59:52.0334 4660 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
04:59:52.0349 4660 stexstor - ok
04:59:52.0396 4660 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
04:59:52.0412 4660 swenum - ok
04:59:52.0474 4660 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS
04:59:52.0490 4660 SymDS - ok
04:59:52.0536 4660 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS
04:59:52.0568 4660 SymEFA - ok
04:59:52.0599 4660 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
04:59:52.0614 4660 SymEvent - ok
04:59:52.0646 4660 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS
04:59:52.0646 4660 SymIRON - ok
04:59:52.0677 4660 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS
04:59:52.0692 4660 SymNetS - ok
04:59:52.0739 4660 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
04:59:52.0802 4660 Tcpip - ok
04:59:52.0833 4660 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
04:59:52.0864 4660 TCPIP6 - ok
04:59:52.0895 4660 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
04:59:52.0942 4660 tcpipreg - ok
04:59:52.0989 4660 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
04:59:53.0036 4660 TDPIPE - ok
04:59:53.0067 4660 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
04:59:53.0145 4660 TDTCP - ok
04:59:53.0192 4660 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
04:59:53.0223 4660 tdx - ok
04:59:53.0270 4660 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
04:59:53.0270 4660 TermDD - ok
04:59:53.0301 4660 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:59:53.0348 4660 tssecsrv - ok
04:59:53.0426 4660 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
04:59:53.0441 4660 TsUsbFlt - ok
04:59:53.0472 4660 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
04:59:53.0519 4660 tunnel - ok
04:59:53.0550 4660 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
04:59:53.0550 4660 uagp35 - ok
04:59:53.0597 4660 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
04:59:53.0628 4660 udfs - ok
04:59:53.0644 4660 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
04:59:53.0660 4660 uliagpkx - ok
04:59:53.0675 4660 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
04:59:53.0722 4660 umbus - ok
04:59:53.0738 4660 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
04:59:53.0784 4660 UmPass - ok
04:59:53.0816 4660 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
04:59:53.0862 4660 USBAAPL64 - ok
04:59:53.0894 4660 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
04:59:53.0909 4660 usbccgp - ok
04:59:53.0940 4660 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
04:59:53.0956 4660 usbcir - ok
04:59:53.0987 4660 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
04:59:54.0003 4660 usbehci - ok
04:59:54.0034 4660 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
04:59:54.0065 4660 usbhub - ok
04:59:54.0081 4660 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
04:59:54.0096 4660 usbohci - ok
04:59:54.0112 4660 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
04:59:54.0128 4660 usbprint - ok
04:59:54.0159 4660 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:59:54.0206 4660 USBSTOR - ok
04:59:54.0206 4660 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
04:59:54.0237 4660 usbuhci - ok
04:59:54.0284 4660 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
04:59:54.0299 4660 usbvideo - ok
04:59:54.0330 4660 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
04:59:54.0346 4660 vdrvroot - ok
04:59:54.0362 4660 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
04:59:54.0377 4660 vga - ok
04:59:54.0408 4660 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
04:59:54.0471 4660 VgaSave - ok
04:59:54.0486 4660 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
04:59:54.0502 4660 vhdmp - ok
04:59:54.0502 4660 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
04:59:54.0518 4660 viaide - ok
04:59:54.0518 4660 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
04:59:54.0533 4660 volmgr - ok
04:59:54.0564 4660 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
04:59:54.0580 4660 volmgrx - ok
04:59:54.0611 4660 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
04:59:54.0611 4660 volsnap - ok
04:59:54.0658 4660 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
04:59:54.0658 4660 vsmraid - ok
04:59:54.0720 4660 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
04:59:54.0752 4660 vwifibus - ok
04:59:54.0798 4660 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
04:59:54.0830 4660 vwififlt - ok
04:59:54.0876 4660 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
04:59:54.0892 4660 vwifimp - ok
04:59:54.0908 4660 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
04:59:54.0939 4660 WacomPen - ok
04:59:54.0986 4660 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:59:55.0032 4660 WANARP - ok
04:59:55.0064 4660 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:59:55.0095 4660 Wanarpv6 - ok
04:59:55.0110 4660 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
04:59:55.0126 4660 Wd - ok
04:59:55.0157 4660 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
04:59:55.0173 4660 Wdf01000 - ok
04:59:55.0204 4660 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
04:59:55.0235 4660 WfpLwf - ok
04:59:55.0266 4660 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
04:59:55.0266 4660 WIMMount - ok
04:59:55.0298 4660 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
04:59:55.0329 4660 WinUsb - ok
04:59:55.0376 4660 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
04:59:55.0391 4660 WmiAcpi - ok
04:59:55.0422 4660 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
04:59:55.0454 4660 ws2ifsl - ok
04:59:55.0485 4660 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
04:59:55.0532 4660 WudfPf - ok
04:59:55.0578 4660 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:59:55.0625 4660 WUDFRd - ok
04:59:55.0656 4660 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
04:59:55.0688 4660 xusb21 - ok
04:59:55.0766 4660 {60DB6561-0A84-4c94-AF33-288405CFD56D} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerCinema Movie\000.fcl
04:59:55.0781 4660 {60DB6561-0A84-4c94-AF33-288405CFD56D} - ok
04:59:55.0797 4660 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
04:59:55.0812 4660 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
04:59:55.0812 4660 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
04:59:55.0844 4660 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
04:59:55.0844 4660 \Device\Harddisk0\DR0 - detected TDSS File System (1)
04:59:55.0859 4660 Boot (0x1200) (69f1d6595ccff5ed5e003954c3ddf376) \Device\Harddisk0\DR0\Partition0
04:59:55.0875 4660 \Device\Harddisk0\DR0\Partition0 - ok
04:59:55.0875 4660 Boot (0x1200) (f91a56594bb57a1e167718f5df3c7eac) \Device\Harddisk0\DR0\Partition1
04:59:55.0875 4660 \Device\Harddisk0\DR0\Partition1 - ok
04:59:55.0875 4660 ============================================================
04:59:55.0875 4660 Scan finished
04:59:55.0875 4660 ============================================================
04:59:55.0875 4460 Detected object count: 2
04:59:55.0875 4460 Actual detected object count: 2
05:01:20.0818 4460 \Device\Harddisk0\DR0\# - copied to quarantine
05:01:20.0818 4460 \Device\Harddisk0\DR0 - copied to quarantine
05:01:20.0833 4460 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
05:01:20.0833 4460 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
05:01:20.0833 4460 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
05:01:20.0849 4460 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
05:01:20.0849 4460 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
05:01:20.0849 4460 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
05:01:20.0865 4460 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
05:01:20.0880 4460 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
05:01:20.0880 4460 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
05:01:20.0880 4460 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
05:01:20.0911 4460 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
05:01:20.0911 4460 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
05:01:20.0911 4460 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
05:01:20.0911 4460 \Device\Harddisk0\DR0 - ok
05:01:21.0114 4460 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
05:01:21.0114 4460 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
05:01:21.0114 4460 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
05:01:37.0136 1364 Deinitialize success

GMER log:

SilentRunners log:
"Silent Runners.vbs", revision 63, http://www.silentrunners.org/
Operating System: Windows 7 SP1
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"swg" = ""C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"TouchORB" = "C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe" ["Acer Corp."]
"RtHDVCpl" = "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" ["Realtek Semiconductor"]
"TouchPortal" = "C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe" [null data]
"RunDLLEntry_THXCfg" = "C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64" [MS]
"AdobeAAMUpdater-1.0" = ""C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"" ["Adobe Systems Incorporated"]
"IgfxTray" = "C:\Windows\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\Windows\system32\hkcmd.exe" ["Intel Corporation"]
"Persistence" = "C:\Windows\system32\igfxpers.exe" ["Intel Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live ID Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> ("livessp" [MS]) "Security Packages" = "kerberos"|"msv1_0"|"schannel"|"wdigest"|"tspkg"|"pku2u"|"livessp"

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = "WLIDCredentialProvider"
-> {HKLM...CLSID} = "WLIDCredentialProvider"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = ""C:\Program Files (x86)\Norton Internet Security\Engine64\19.5.0.145\NavShExt.dll"" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"
-> {HKLM...CLSID} = "GraphicsShellExt Class"
\InProcServer32\(Default) = "C:\Windows\system32\igfxpph.dll" ["Intel Corporation"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = ""C:\Program Files (x86)\Norton Internet Security\Engine64\19.5.0.145\NavShExt.dll"" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" ["Alexander Roshal"]


Default executables:
--------------------

HKLM\SOFTWARE\Classes\.hta\(Default) = "htafile"
<<!>> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "C:\Windows\SysWOW64\mshta.exe "%1" %*" [MS]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoActiveDesktop" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"ForceActiveDesktopOn" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

DVDDecrypterPlayDVDMovieOnArrival\
"Provider" = "DVD Decrypter"
"InvokeProgID" = "DVDDecrypter"
"InvokeVerb" = "PlayDVDMovieOnArrival_Decrypt"
HKLM\SOFTWARE\Classes\DVDDecrypter\shell\PlayDVDMovieOnArrival_Decrypt\Command\(Default) = ""C:\Program Files (x86)\DVD Decrypter\DVDDecrypter.exe" /MODE READ /SOURCE "%1"" ["LIGHTNING UK!"]

iTunesBurnCDOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.BurnCD"
"InvokeVerb" = "burn"
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

iTunesImportSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ImportSongsOnCD"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

iTunesPlaySongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.PlaySongsOnCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

iTunesShowSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ShowSongsOnCD"
"InvokeVerb" = "showsongs"
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

MSLivePhotoAcquireDropHandler\
"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"
"InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll" [MS]

MSLiveShowPicturesOnArrival\
"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"
"InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll" [MS]

MSPlayCDAudioOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.AudioCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"" [MS]

MSPlayDVDMovieOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.DVD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"" [MS]

MSPlaySuperVideoCDMovieOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.VCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS]

MSPlayVideoCDMovieOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.VCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS]

MSTPCollageHandler\
"Provider" = "@C:\Program Files (x86)\Microsoft Touch Pack for Windows 7\TouchpackShellResources.dll,-117"
"InvokeProgID" = "Microsoft.Surface.TouchApps.Collage.1.0"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Microsoft.Surface.TouchApps.Collage.1.0\shell\open\command\(Default) = ""C:\Program Files (x86)\Microsoft Touch Pack for Windows 7\Collage.exe" "%1"" [null data]

MSWMPBurnCDOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.BurnCD"
"InvokeVerb" = "Burn"
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L"" [MS]

NeroAutoPlay9CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay9CopyCD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe -w /Dialog:DiscCopy" ["Nero AG"]

NeroAutoPlay9DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe -w /New:ISODisc" ["Nero AG"]

NeroAutoPlay9LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

PCinemaPlayCDAudioOnArrival\
"Provider" = "PowerCinema"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithPowerCinema"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerCinema\Command\(Default) = ""C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY CD "%L"" ["CyberLink Corp."]

PCMMoviePlayBluRayOnArrival\
"Provider" = "PowerCinema"
"InvokeProgID" = "BD"
"InvokeVerb" = "PlayWithPCMMovie"
HKLM\SOFTWARE\Classes\BD\shell\PlayWithPCMMovie\Command\(Default) = ""C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

PCMMoviePlayDVDMovieOnArrival\
"Provider" = "PowerCinema"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPCMMovie"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPCMMovie\Command\(Default) = ""C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

PCMMoviePlaySVCDOnArrival\
"Provider" = "PowerCinema"
"InvokeProgID" = "SVCD"
"InvokeVerb" = "PlayWithPCMMovie"
HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPCMMovie\Command\(Default) = ""C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe" "%L"" ["CyberLink Corp."]

PCMMoviePlayVCDMovieOnArrival\
"Provider" = "PowerCinema"
"InvokeProgID" = "VCD"
"InvokeVerb" = "PlayWithPCMMovie"
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPCMMovie\Command\(Default) = ""C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

VLCPlayCDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.CDAudio"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda://%1" ["the VideoLAN Team"]

VLCPlayDVDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.OPENFolder"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1" ["the VideoLAN Team"]

VLCPlayDVDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.DVDMovie"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd://%1" ["the VideoLAN Team"]

VLCPlayMusicFilesOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.OPENFolder"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1" ["the VideoLAN Team"]

VLCPlaySVCDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.SVCDMovie"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1" ["the VideoLAN Team"]

VLCPlayVCDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.VCDMovie"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1" ["the VideoLAN Team"]

VLCPlayVideoFilesOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.OPENFolder"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1" ["the VideoLAN Team"]


Non-disabled Scheduled Tasks:
-----------------------------

C:\Users\Carelessjon\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

C:\Windows\System32\Tasks
"GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
"Norton WSC Integration" -> (HIDDEN!) launches: ""C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\WSCStub.exe" /taskschd" ["Symantec Corporation"]
"SidebarExecute" -> launches: "C:\Program Files\Windows Sidebar\sidebar.exe /addGadget" [MS]
"{20AE7520-2D03-45B6-BE7D-9CA1891CD077}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\BITTOR~2\UNWISE.EXE -c /U C:\PROGRA~2\BITTOR~2\INSTALL.LOG" [MS]
"{47DE368C-76A2-4183-9E97-921C121DDFC1}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe" -c /AppMode=SETUP /Uninstall" [MS]
"{94FFBEEF-134C-457E-B93F-E5AB77B6B09E}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\Carelessjon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYMU1UKO\258.96_desktop_win7_winvista_64bit_english_whql[1].exe" -d C:\Users\Carelessjon\Desktop" [MS]

C:\Windows\System32\Tasks\Apple
"AppleSoftwareUpdate" -> launches: "C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
"AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}"
-> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
"AitAgent" -> launches: "aitagent" [MS]
"ProgramDataUpdater" -> launches: "%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
"Proxy" -> launches: "%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]
"KernelCeipTask" -> (HIDDEN!) launches: "{e7ed314f-2816-4c26-aeb5-54a34d02404c}"
-> {HKLM...CLSID} = "KernelCeipCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\kernelceip.dll" [MS]
"Uploader" -> launches: "%windir%\system32\WSqmCons.exe -u" [MS]
"UsbCeip" -> (HIDDEN!) launches: "{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}"
-> {HKLM...CLSID} = "UsbCeip"
\InProcServer32\(Default) = "C:\Windows\System32\usbceip.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
"Scheduled" -> (HIDDEN!) launches: "{c1f85ef8-bcc2-4606-bb39-70c523715eb3}"
-> {HKLM...CLSID} = "ScheduledDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\sdiagschd.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
"Notifications" -> launches: "%windir%\System32\LocationNotifications.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
"WinSAT" -> launches: "{A9A33436-678B-4C9C-A211-7CC38785E79D}"
-> {HKLM...CLSID} = "WinSAT Task Manger Task"
\InProcServer32\(Default) = "C:\Windows\system32\WinSATAPI.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
"ActivateWindowsSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch" [MS]
"ConfigureInternetTimeService" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService" [MS]
"DispatchRecoveryTasks" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)" [MS]
"ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]
"InstallPlayReady" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)" [MS]
"mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0)" [MS]
"MediaCenterRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask" [MS]
"ObjectStoreRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask" [MS]
"OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]
"OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)" [MS]
"PBDADiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery" [MS]
"PBDADiscoveryW1" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery" [MS]
"PBDADiscoveryW2" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery" [MS]
"PvrRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask" [MS]
"PvrScheduleTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrSchedule" [MS]
"RegisterSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)" [MS]
"ReindexSearchRoot" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot" [MS]
"SqlLiteRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask" [MS]
"StartRecording" -> launches: "%SystemRoot%\ehome\ehrec /StartRecording" [MS]
"UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
"CorruptionDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
-> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]
"DecompressionFailureDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
-> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"
-> {HKLM...CLSID} = "HotStart User Agent"
\InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"
-> {HKLM...CLSID} = "Microsoft PlaySoundService Class"
\InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
"GatherNetworkInfo" -> launches: "%windir%\system32\gatherNetworkInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack
"BackgroundConfigSurveyor" -> (HIDDEN!) launches: "{EA9155A3-8A39-40b4-8963-D3C761B18371}"
-> {HKLM...CLSID} = "PerfTrack TaskHandler class"
\InProcServer32\(Default) = "C:\Windows\System32\perftrack.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
"AnalyzeSystem" -> launches: "%SystemRoot%\System32\powercfg.exe -energy -auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
"RacTask" -> (HIDDEN!) launches: "{42060D27-CA53-41f5-96E4-B1E8169308A6}"
-> {HKLM...CLSID} = "ReliabilityAnalysisCustomHandler"
\InProcServer32\(Default) = "C:\Windows\system32\RacEngn.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
"MobilityManager" -> launches: "{c463a0fc-794f-4fdf-9201-01938ceacafa}"
-> {HKLM...CLSID} = "RasMobilityManager"
\InProcServer32\(Default) = "C:\Windows\system32\rasmbmgr.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
"RegIdleBackup" -> (HIDDEN!) launches: "{ca767aa8-9157-4604-b64b-40747123d5f2}"
-> {HKLM...CLSID} = "RegistryIdleBackupHandler"
\InProcServer32\(Default) = "C:\Windows\System32\regidle.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
"GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"
-> {HKLM...CLSID} = "GadgetsManager Class"
\InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
"SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TabletPC
"InputPersonalization" -> launches: "%CommonProgramFiles%\Microsoft Shared\Ink\InputPersonalization.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
"Interactive" -> (HIDDEN!) launches: "{855fec53-d2e4-4999-9e87-3414e9cf0ff4}"
-> {HKLM...CLSID} = "RunTask"
\InProcServer32\(Default) = "C:\Windows\system32\wdc.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
"IpAddressConflict1" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]
"IpAddressConflict2" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"
-> {HKLM...CLSID} = "MsCtfMonitor task handler"
\InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
"SynchronizeTime" -> launches: "%windir%\system32\sc.exe start w32time task_started" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"
-> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
"ValidationTask" -> (HIDDEN!) launches: "%SystemRoot%\system32\Wat\WatAdminSvc.exe /run" [MS]
"ValidationTaskDeadline" -> (HIDDEN!) launches: "%SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
"BfeOnServiceStartTypeChange" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
"UpdateLibrary" -> launches: ""%ProgramFiles%\Windows Media Player\wmpnscfg.exe"" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
"ConfigNotification" -> launches: "%systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Defender
"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
"Extractor Definitions Update Task" -> launches: "{3519154C-227E-47F3-9CC9-12C3F05817F1}"" [InProcServer32 entry not found]

C:\Windows\System32\Tasks\Norton Internet Security
"Norton Error Analyzer" -> launches: "C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\SymErr.exe /analyze" ["Symantec Corporation"]
"Norton Error Processor" -> launches: "C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\SymErr.exe /submit" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS]
000000000006\LibraryPath = "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS]
000000000007\LibraryPath = "C:\Program Files (x86)\Bonjour\mdnsNSP.dll" ["Apple Inc."]
000000000008\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000009\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "Google Toolbar"
\InProcServer32\(Default) = "C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar"
\InProcServer32\(Default) = "C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll" ["Google Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Apple Mobile Device, Apple Mobile Device, ""C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"" ["Apple Inc."]
Bonjour Service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]
GRegService, Greg_Service, "C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe" ["Acer Incorporated"]
Intel® Management & Security Application User Notification Service, UNS, ""C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"" ["Intel Corporation"]
Intel® Management and Security Application Local Management Service, LMS, "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" ["Intel Corporation"]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
MBAMService, MBAMService, ""C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"" ["Malwarebytes Corporation"]
Norton Internet Security, NIS, ""C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll" /prefetch:1" ["Symantec Corporation"]
Updater Service, Updater Service, "C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe" ["Acer Group"]
vToolbarUpdater, vToolbarUpdater, "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe" [null data]
Windows Live ID Sign-in Assistant, wlidsvc, ""C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"" [MS]


---------- (launch time: 2012-02-25 05:39:24)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 33 seconds, including 18 seconds for message boxes)

#11 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 25 February 2012 - 11:20 AM

  • Delete any previous copy of Roguekiller.exe which (if any)
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Temporarily disable any anti-virus program.
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.
Re-enable your anti-virus.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#12 Jonkiote

Jonkiote

    New Member

  • Members
  • Pip
  • 19 posts

Posted 25 February 2012 - 11:26 AM

Thanks for responding!
Here it is:

RogueKiller V7.1.0 [02/15/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Carelessjon [Admin rights]
Mode: Scan -- Date: 02/25/2012 06:23:47

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-22A7B2 ATA Device +++++
--- User ---
[MBR] ebe60ec8dd1041ac5bb31652596469e4
[BSP] b650f728c07196848c923e7dac09c9d5 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 596042 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#13 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 25 February 2012 - 12:52 PM

Be aware that your pc has a rootkit infection.

You will want to print out or copy these instructions to Notepad for Safe offline reference!
These steps are for jonkiote only. If you are a casual viewer, do NOT try this on your system!
If you are not jonkiote and have a similar problem, do NOT post here; start your own topic
The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

Please close/exit all programs you started.
If you have any external HDD drives, please disconnect.

Step 1
Step 2
  • Run RogueKiller one time normally. Save the new log.

Step 3
Please read carefully and follow these steps.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Reply with copy of last RogueKiller log & the new TDSSKILLER log
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#14 Jonkiote

Jonkiote

    New Member

  • Members
  • Pip
  • 19 posts

Posted 25 February 2012 - 05:42 PM

Hmm. MBAM no longer detects anything svchost seems to be gone! Thank you so much!
When running roguekiller, I assumed I was supposed to click scan after the pre-scan since under the registry tab, there was nothing listed. And so I did. The scan found 2 files which I deleted.
The TDSS killer scan showed no infections, so I didn't reboot or cure anything.(yay?)
RogueKiller log:
RogueKiller V7.1.0 [02/15/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Carelessjon [Admin rights]
Mode: Scan -- Date: 02/25/2012 12:31:10

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-22A7B2 ATA Device +++++
--- User ---
[MBR] ebe60ec8dd1041ac5bb31652596469e4
[BSP] b650f728c07196848c923e7dac09c9d5 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 596042 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

TDSSKiller log:
12:32:19.0077 2348 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
12:32:19.0686 2348 ============================================================
12:32:19.0686 2348 Current date / time: 2012/02/25 12:32:19.0686
12:32:19.0686 2348 SystemInfo:
12:32:19.0686 2348
12:32:19.0686 2348 OS Version: 6.1.7601 ServicePack: 1.0
12:32:19.0686 2348 Product type: Workstation
12:32:19.0686 2348 ComputerName: CARELESSJON-PC
12:32:19.0686 2348 UserName: Carelessjon
12:32:19.0686 2348 Windows directory: C:\Windows
12:32:19.0686 2348 System windows directory: C:\Windows
12:32:19.0686 2348 Running under WOW64
12:32:19.0686 2348 Processor architecture: Intel x64
12:32:19.0686 2348 Number of processors: 4
12:32:19.0686 2348 Page size: 0x1000
12:32:19.0686 2348 Boot type: Normal boot
12:32:19.0686 2348 ============================================================
12:32:21.0449 2348 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:32:21.0464 2348 \Device\Harddisk0\DR0:
12:32:21.0464 2348 MBR used
12:32:21.0464 2348 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
12:32:21.0464 2348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x48C25000
12:32:21.0480 2348 Initialize success
12:32:21.0480 2348 ============================================================
12:32:30.0247 4192 ============================================================
12:32:30.0247 4192 Scan started
12:32:30.0247 4192 Mode: Manual;
12:32:30.0247 4192 ============================================================
12:32:31.0667 4192 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:32:31.0698 4192 1394ohci - ok
12:32:31.0745 4192 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:32:31.0745 4192 ACPI - ok
12:32:31.0776 4192 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:32:31.0776 4192 AcpiPmi - ok
12:32:31.0838 4192 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:32:31.0838 4192 adp94xx - ok
12:32:31.0901 4192 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:32:31.0916 4192 adpahci - ok
12:32:31.0932 4192 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:32:31.0932 4192 adpu320 - ok
12:32:31.0994 4192 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:32:31.0994 4192 AFD - ok
12:32:32.0010 4192 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:32:32.0010 4192 agp440 - ok
12:32:32.0025 4192 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:32:32.0025 4192 aliide - ok
12:32:32.0041 4192 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:32:32.0041 4192 amdide - ok
12:32:32.0057 4192 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:32:32.0057 4192 AmdK8 - ok
12:32:32.0057 4192 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:32:32.0057 4192 AmdPPM - ok
12:32:32.0072 4192 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:32:32.0072 4192 amdsata - ok
12:32:32.0088 4192 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:32:32.0088 4192 amdsbs - ok
12:32:32.0103 4192 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:32:32.0103 4192 amdxata - ok
12:32:32.0135 4192 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:32:32.0135 4192 AppID - ok
12:32:32.0197 4192 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:32:32.0197 4192 arc - ok
12:32:32.0213 4192 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:32:32.0213 4192 arcsas - ok
12:32:32.0244 4192 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:32:32.0259 4192 AsyncMac - ok
12:32:32.0275 4192 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:32:32.0275 4192 atapi - ok
12:32:32.0322 4192 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:32:32.0337 4192 b06bdrv - ok
12:32:32.0400 4192 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:32:32.0400 4192 b57nd60a - ok
12:32:32.0431 4192 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:32:32.0431 4192 Beep - ok
12:32:32.0556 4192 BHDrvx64 (41da5845e1f8af445bd626cf085c4541) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys
12:32:32.0556 4192 BHDrvx64 - ok
12:32:32.0603 4192 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:32:32.0603 4192 blbdrive - ok
12:32:32.0649 4192 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:32:32.0649 4192 bowser - ok
12:32:32.0681 4192 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:32:32.0681 4192 BrFiltLo - ok
12:32:32.0712 4192 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:32:32.0712 4192 BrFiltUp - ok
12:32:32.0727 4192 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:32:32.0727 4192 Brserid - ok
12:32:32.0743 4192 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:32:32.0743 4192 BrSerWdm - ok
12:32:32.0759 4192 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:32:32.0759 4192 BrUsbMdm - ok
12:32:32.0774 4192 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:32:32.0774 4192 BrUsbSer - ok
12:32:32.0774 4192 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:32:32.0790 4192 BTHMODEM - ok
12:32:32.0837 4192 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys
12:32:32.0837 4192 ccSet_NIS - ok
12:32:32.0868 4192 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:32:32.0868 4192 cdfs - ok
12:32:32.0899 4192 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:32:32.0899 4192 cdrom - ok
12:32:32.0946 4192 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:32:32.0946 4192 circlass - ok
12:32:32.0977 4192 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:32:32.0977 4192 CLFS - ok
12:32:33.0039 4192 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:32:33.0039 4192 CmBatt - ok
12:32:33.0055 4192 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:32:33.0055 4192 cmdide - ok
12:32:33.0086 4192 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:32:33.0086 4192 CNG - ok
12:32:33.0102 4192 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:32:33.0102 4192 Compbatt - ok
12:32:33.0133 4192 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:32:33.0133 4192 CompositeBus - ok
12:32:33.0149 4192 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:32:33.0149 4192 crcdisk - ok
12:32:33.0195 4192 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:32:33.0195 4192 DfsC - ok
12:32:33.0227 4192 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:32:33.0227 4192 discache - ok
12:32:33.0242 4192 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:32:33.0242 4192 Disk - ok
12:32:33.0273 4192 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:32:33.0273 4192 drmkaud - ok
12:32:33.0336 4192 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:32:33.0336 4192 DXGKrnl - ok
12:32:33.0367 4192 e1kexpress (f369e83f6cdab987ca2dd764278659a6) C:\Windows\system32\DRIVERS\e1k62x64.sys
12:32:33.0367 4192 e1kexpress - ok
12:32:33.0398 4192 EagleX64 - ok
12:32:33.0492 4192 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:32:33.0570 4192 ebdrv - ok
12:32:33.0648 4192 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:32:33.0648 4192 eeCtrl - ok
12:32:33.0695 4192 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:32:33.0710 4192 elxstor - ok
12:32:33.0757 4192 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:32:33.0757 4192 EraserUtilRebootDrv - ok
12:32:33.0773 4192 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:32:33.0773 4192 ErrDev - ok
12:32:33.0819 4192 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:32:33.0819 4192 exfat - ok
12:32:33.0835 4192 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:32:33.0851 4192 fastfat - ok
12:32:33.0882 4192 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:32:33.0882 4192 fdc - ok
12:32:33.0913 4192 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:32:33.0913 4192 FileInfo - ok
12:32:33.0944 4192 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:32:33.0944 4192 Filetrace - ok
12:32:33.0960 4192 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:32:33.0960 4192 flpydisk - ok
12:32:33.0991 4192 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:32:33.0991 4192 FltMgr - ok
12:32:34.0022 4192 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:32:34.0022 4192 FsDepends - ok
12:32:34.0038 4192 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:32:34.0038 4192 Fs_Rec - ok
12:32:34.0069 4192 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:32:34.0069 4192 fvevol - ok
12:32:34.0085 4192 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:32:34.0085 4192 gagp30kx - ok
12:32:34.0116 4192 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:32:34.0116 4192 GEARAspiWDM - ok
12:32:34.0178 4192 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:32:34.0178 4192 hcw85cir - ok
12:32:34.0225 4192 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:32:34.0241 4192 HdAudAddService - ok
12:32:34.0272 4192 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:32:34.0272 4192 HDAudBus - ok
12:32:34.0287 4192 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
12:32:34.0287 4192 HECIx64 - ok
12:32:34.0303 4192 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:32:34.0303 4192 HidBatt - ok
12:32:34.0350 4192 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:32:34.0350 4192 HidBth - ok
12:32:34.0381 4192 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:32:34.0381 4192 HidIr - ok
12:32:34.0397 4192 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
12:32:34.0397 4192 HidUsb - ok
12:32:34.0412 4192 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:32:34.0412 4192 HpSAMD - ok
12:32:34.0459 4192 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:32:34.0459 4192 HTTP - ok
12:32:34.0490 4192 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:32:34.0490 4192 hwpolicy - ok
12:32:34.0506 4192 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:32:34.0506 4192 i8042prt - ok
12:32:34.0553 4192 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:32:34.0553 4192 iaStorV - ok
12:32:34.0677 4192 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVia64.sys
12:32:34.0677 4192 IDSVia64 - ok
12:32:34.0865 4192 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:32:35.0005 4192 igfx - ok
12:32:35.0052 4192 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:32:35.0052 4192 iirsp - ok
12:32:35.0161 4192 int15.sys (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\System32\OEM\Factory\int15.sys
12:32:35.0161 4192 int15.sys - ok
12:32:35.0223 4192 IntcAzAudAddService (935faa1a0af889f1ef46be55666100d0) C:\Windows\system32\drivers\RTKVHD64.sys
12:32:35.0239 4192 IntcAzAudAddService - ok
12:32:35.0255 4192 IntcDAud (d248aae81c156c0d47a77cd61bc24cd4) C:\Windows\system32\DRIVERS\IntcDAud.sys
12:32:35.0270 4192 IntcDAud - ok
12:32:35.0270 4192 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:32:35.0270 4192 intelide - ok
12:32:35.0301 4192 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:32:35.0301 4192 intelppm - ok
12:32:35.0333 4192 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:32:35.0333 4192 IpFilterDriver - ok
12:32:35.0364 4192 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:32:35.0379 4192 IPMIDRV - ok
12:32:35.0411 4192 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:32:35.0426 4192 IPNAT - ok
12:32:35.0457 4192 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:32:35.0473 4192 IRENUM - ok
12:32:35.0473 4192 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:32:35.0473 4192 isapnp - ok
12:32:35.0520 4192 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:32:35.0520 4192 iScsiPrt - ok
12:32:35.0551 4192 itecir (729cc577a823542aad779a0f1327bdb6) C:\Windows\system32\DRIVERS\itecir.sys
12:32:35.0551 4192 itecir - ok
12:32:35.0567 4192 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:32:35.0567 4192 kbdclass - ok
12:32:35.0582 4192 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:32:35.0582 4192 kbdhid - ok
12:32:35.0613 4192 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:32:35.0613 4192 KSecDD - ok
12:32:35.0629 4192 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:32:35.0629 4192 KSecPkg - ok
12:32:35.0645 4192 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:32:35.0645 4192 ksthunk - ok
12:32:35.0691 4192 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:32:35.0691 4192 lltdio - ok
12:32:35.0723 4192 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:32:35.0738 4192 LSI_FC - ok
12:32:35.0738 4192 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:32:35.0738 4192 LSI_SAS - ok
12:32:35.0754 4192 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:32:35.0754 4192 LSI_SAS2 - ok
12:32:35.0785 4192 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:32:35.0785 4192 LSI_SCSI - ok
12:32:35.0832 4192 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:32:35.0832 4192 luafv - ok
12:32:35.0879 4192 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
12:32:35.0879 4192 MBAMProtector - ok
12:32:35.0910 4192 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
12:32:35.0910 4192 MBfilt - ok
12:32:35.0925 4192 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:32:35.0925 4192 megasas - ok
12:32:35.0941 4192 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:32:35.0941 4192 MegaSR - ok
12:32:35.0957 4192 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:32:35.0972 4192 Modem - ok
12:32:35.0988 4192 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:32:35.0988 4192 monitor - ok
12:32:35.0988 4192 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
12:32:35.0988 4192 mouclass - ok
12:32:36.0003 4192 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:32:36.0003 4192 mouhid - ok
12:32:36.0050 4192 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:32:36.0050 4192 mountmgr - ok
12:32:36.0066 4192 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:32:36.0081 4192 mpio - ok
12:32:36.0113 4192 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:32:36.0113 4192 mpsdrv - ok
12:32:36.0144 4192 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:32:36.0144 4192 MRxDAV - ok
12:32:36.0191 4192 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:32:36.0191 4192 mrxsmb - ok
12:32:36.0222 4192 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:32:36.0222 4192 mrxsmb10 - ok
12:32:36.0253 4192 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:32:36.0253 4192 mrxsmb20 - ok
12:32:36.0269 4192 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:32:36.0269 4192 msahci - ok
12:32:36.0284 4192 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:32:36.0284 4192 msdsm - ok
12:32:36.0315 4192 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:32:36.0315 4192 Msfs - ok
12:32:36.0347 4192 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:32:36.0347 4192 mshidkmdf - ok
12:32:36.0362 4192 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:32:36.0362 4192 msisadrv - ok
12:32:36.0393 4192 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:32:36.0393 4192 MSKSSRV - ok
12:32:36.0409 4192 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:32:36.0409 4192 MSPCLOCK - ok
12:32:36.0425 4192 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:32:36.0425 4192 MSPQM - ok
12:32:36.0471 4192 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:32:36.0471 4192 MsRPC - ok
12:32:36.0487 4192 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:32:36.0487 4192 mssmbios - ok
12:32:36.0503 4192 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:32:36.0503 4192 MSTEE - ok
12:32:36.0518 4192 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:32:36.0518 4192 MTConfig - ok
12:32:36.0534 4192 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:32:36.0534 4192 Mup - ok
12:32:36.0565 4192 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:32:36.0565 4192 NativeWifiP - ok
12:32:36.0643 4192 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\ENG64.SYS
12:32:36.0659 4192 NAVENG - ok
12:32:36.0721 4192 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\EX64.SYS
12:32:36.0752 4192 NAVEX15 - ok
12:32:36.0799 4192 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:32:36.0815 4192 NDIS - ok
12:32:36.0846 4192 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:32:36.0846 4192 NdisCap - ok
12:32:36.0893 4192 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:32:36.0893 4192 NdisTapi - ok
12:32:36.0924 4192 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:32:36.0924 4192 Ndisuio - ok
12:32:36.0955 4192 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:32:36.0955 4192 NdisWan - ok
12:32:36.0986 4192 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:32:36.0986 4192 NDProxy - ok
12:32:37.0002 4192 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:32:37.0002 4192 NetBIOS - ok
12:32:37.0033 4192 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:32:37.0049 4192 NetBT - ok
12:32:37.0111 4192 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys
12:32:37.0111 4192 netr28x - ok
12:32:37.0158 4192 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:32:37.0158 4192 nfrd960 - ok
12:32:37.0189 4192 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:32:37.0205 4192 Npfs - ok
12:32:37.0220 4192 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:32:37.0220 4192 nsiproxy - ok
12:32:37.0267 4192 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:32:37.0298 4192 Ntfs - ok
12:32:37.0314 4192 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:32:37.0314 4192 Null - ok
12:32:37.0345 4192 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:32:37.0345 4192 nvraid - ok
12:32:37.0361 4192 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:32:37.0361 4192 nvstor - ok
12:32:37.0423 4192 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:32:37.0423 4192 nv_agp - ok
12:32:37.0439 4192 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:32:37.0439 4192 ohci1394 - ok
12:32:37.0454 4192 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:32:37.0454 4192 Parport - ok
12:32:37.0501 4192 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:32:37.0501 4192 partmgr - ok
12:32:37.0517 4192 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:32:37.0517 4192 pci - ok
12:32:37.0532 4192 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:32:37.0532 4192 pciide - ok
12:32:37.0563 4192 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:32:37.0563 4192 pcmcia - ok
12:32:37.0595 4192 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:32:37.0595 4192 pcw - ok
12:32:37.0626 4192 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:32:37.0641 4192 PEAUTH - ok
12:32:37.0704 4192 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:32:37.0704 4192 PptpMiniport - ok
12:32:37.0704 4192 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:32:37.0704 4192 Processor - ok
12:32:37.0751 4192 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:32:37.0751 4192 Psched - ok
12:32:37.0813 4192 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:32:37.0844 4192 ql2300 - ok
12:32:37.0844 4192 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:32:37.0844 4192 ql40xx - ok
12:32:37.0875 4192 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:32:37.0875 4192 QWAVEdrv - ok
12:32:37.0891 4192 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:32:37.0891 4192 RasAcd - ok
12:32:37.0907 4192 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:32:37.0907 4192 RasAgileVpn - ok
12:32:37.0938 4192 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:32:37.0938 4192 Rasl2tp - ok
12:32:37.0953 4192 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:32:37.0953 4192 RasPppoe - ok
12:32:37.0969 4192 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:32:37.0969 4192 RasSstp - ok
12:32:38.0000 4192 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:32:38.0000 4192 rdbss - ok
12:32:38.0016 4192 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:32:38.0016 4192 rdpbus - ok
12:32:38.0031 4192 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:32:38.0031 4192 RDPCDD - ok
12:32:38.0063 4192 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:32:38.0063 4192 RDPENCDD - ok
12:32:38.0078 4192 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:32:38.0078 4192 RDPREFMP - ok
12:32:38.0109 4192 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:32:38.0109 4192 RDPWD - ok
12:32:38.0156 4192 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:32:38.0156 4192 rdyboost - ok
12:32:38.0187 4192 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:32:38.0187 4192 rspndr - ok
12:32:38.0234 4192 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\System32\Drivers\RtsUStor.sys
12:32:38.0234 4192 RSUSBSTOR - ok
12:32:38.0250 4192 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:32:38.0250 4192 sbp2port - ok
12:32:38.0297 4192 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:32:38.0297 4192 scfilter - ok
12:32:38.0328 4192 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:32:38.0328 4192 secdrv - ok
12:32:38.0359 4192 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:32:38.0359 4192 Serenum - ok
12:32:38.0375 4192 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:32:38.0375 4192 Serial - ok
12:32:38.0390 4192 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:32:38.0390 4192 sermouse - ok
12:32:38.0406 4192 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:32:38.0406 4192 sffdisk - ok
12:32:38.0421 4192 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:32:38.0421 4192 sffp_mmc - ok
12:32:38.0421 4192 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:32:38.0421 4192 sffp_sd - ok
12:32:38.0437 4192 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:32:38.0437 4192 sfloppy - ok
12:32:38.0453 4192 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:32:38.0453 4192 SiSRaid2 - ok
12:32:38.0468 4192 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:32:38.0468 4192 SiSRaid4 - ok
12:32:38.0484 4192 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:32:38.0484 4192 Smb - ok
12:32:38.0515 4192 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:32:38.0515 4192 spldr - ok
12:32:38.0577 4192 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS
12:32:38.0593 4192 SRTSP - ok
12:32:38.0609 4192 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS
12:32:38.0609 4192 SRTSPX - ok
12:32:38.0655 4192 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:32:38.0655 4192 srv - ok
12:32:38.0671 4192 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:32:38.0687 4192 srv2 - ok
12:32:38.0687 4192 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:32:38.0687 4192 srvnet - ok
12:32:38.0718 4192 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:32:38.0718 4192 stexstor - ok
12:32:38.0733 4192 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:32:38.0733 4192 swenum - ok
12:32:38.0780 4192 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS
12:32:38.0780 4192 SymDS - ok
12:32:38.0811 4192 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS
12:32:38.0827 4192 SymEFA - ok
12:32:38.0858 4192 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:32:38.0858 4192 SymEvent - ok
12:32:38.0889 4192 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS
12:32:38.0889 4192 SymIRON - ok
12:32:38.0921 4192 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS
12:32:38.0921 4192 SymNetS - ok
12:32:38.0999 4192 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:32:39.0030 4192 Tcpip - ok
12:32:39.0061 4192 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:32:39.0077 4192 TCPIP6 - ok
12:32:39.0108 4192 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:32:39.0108 4192 tcpipreg - ok
12:32:39.0123 4192 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:32:39.0123 4192 TDPIPE - ok
12:32:39.0155 4192 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:32:39.0155 4192 TDTCP - ok
12:32:39.0201 4192 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:32:39.0201 4192 tdx - ok
12:32:39.0217 4192 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:32:39.0217 4192 TermDD - ok
12:32:39.0264 4192 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:32:39.0264 4192 tssecsrv - ok
12:32:39.0311 4192 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:32:39.0311 4192 TsUsbFlt - ok
12:32:39.0342 4192 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:32:39.0342 4192 tunnel - ok
12:32:39.0373 4192 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:32:39.0373 4192 uagp35 - ok
12:32:39.0420 4192 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:32:39.0420 4192 udfs - ok
12:32:39.0435 4192 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:32:39.0435 4192 uliagpkx - ok
12:32:39.0467 4192 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:32:39.0467 4192 umbus - ok
12:32:39.0482 4192 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:32:39.0482 4192 UmPass - ok
12:32:39.0513 4192 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:32:39.0529 4192 USBAAPL64 - ok
12:32:39.0545 4192 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:32:39.0545 4192 usbccgp - ok
12:32:39.0576 4192 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:32:39.0576 4192 usbcir - ok
12:32:39.0607 4192 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:32:39.0607 4192 usbehci - ok
12:32:39.0623 4192 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:32:39.0623 4192 usbhub - ok
12:32:39.0638 4192 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:32:39.0638 4192 usbohci - ok
12:32:39.0669 4192 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:32:39.0669 4192 usbprint - ok
12:32:39.0716 4192 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:32:39.0716 4192 USBSTOR - ok
12:32:39.0716 4192 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:32:39.0732 4192 usbuhci - ok
12:32:39.0763 4192 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:32:39.0763 4192 usbvideo - ok
12:32:39.0779 4192 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:32:39.0779 4192 vdrvroot - ok
12:32:39.0794 4192 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:32:39.0794 4192 vga - ok
12:32:39.0825 4192 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:32:39.0841 4192 VgaSave - ok
12:32:39.0872 4192 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:32:39.0872 4192 vhdmp - ok
12:32:39.0888 4192 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:32:39.0888 4192 viaide - ok
12:32:39.0888 4192 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:32:39.0888 4192 volmgr - ok
12:32:39.0935 4192 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:32:39.0935 4192 volmgrx - ok
12:32:39.0966 4192 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:32:39.0966 4192 volsnap - ok
12:32:39.0997 4192 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:32:39.0997 4192 vsmraid - ok
12:32:40.0059 4192 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:32:40.0059 4192 vwifibus - ok
12:32:40.0091 4192 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:32:40.0091 4192 vwififlt - ok
12:32:40.0122 4192 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:32:40.0122 4192 vwifimp - ok
12:32:40.0137 4192 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:32:40.0137 4192 WacomPen - ok
12:32:40.0169 4192 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:32:40.0169 4192 WANARP - ok
12:32:40.0169 4192 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:32:40.0169 4192 Wanarpv6 - ok
12:32:40.0200 4192 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:32:40.0200 4192 Wd - ok
12:32:40.0231 4192 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:32:40.0231 4192 Wdf01000 - ok
12:32:40.0278 4192 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:32:40.0278 4192 WfpLwf - ok
12:32:40.0309 4192 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:32:40.0309 4192 WIMMount - ok
12:32:40.0356 4192 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:32:40.0356 4192 WinUsb - ok
12:32:40.0387 4192 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:32:40.0387 4192 WmiAcpi - ok
12:32:40.0403 4192 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:32:40.0403 4192 ws2ifsl - ok
12:32:40.0434 4192 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:32:40.0434 4192 WudfPf - ok
12:32:40.0465 4192 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:32:40.0465 4192 WUDFRd - ok
12:32:40.0496 4192 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
12:32:40.0512 4192 xusb21 - ok
12:32:40.0605 4192 {60DB6561-0A84-4c94-AF33-288405CFD56D} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerCinema Movie\000.fcl
12:32:40.0605 4192 {60DB6561-0A84-4c94-AF33-288405CFD56D} - ok
12:32:40.0621 4192 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:32:40.0668 4192 \Device\Harddisk0\DR0 - ok
12:32:40.0668 4192 Boot (0x1200) (69f1d6595ccff5ed5e003954c3ddf376) \Device\Harddisk0\DR0\Partition0
12:32:40.0668 4192 \Device\Harddisk0\DR0\Partition0 - ok
12:32:40.0668 4192 Boot (0x1200) (f91a56594bb57a1e167718f5df3c7eac) \Device\Harddisk0\DR0\Partition1
12:32:40.0668 4192 \Device\Harddisk0\DR0\Partition1 - ok
12:32:40.0683 4192 ============================================================
12:32:40.0683 4192 Scan finished
12:32:40.0683 4192 ============================================================
12:32:40.0683 4180 Detected object count: 0
12:32:40.0683 4180 Actual detected object count: 0
12:33:13.0927 4936 Deinitialize success

#15 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 25 February 2012 - 06:47 PM

Looking better.

If you have a prior copy of Combofix, delete it now
Download Combofix from any of the links below, and SAVE it to your Desktop.
Link 1
Link 2
**Note: It is important that it is saved directly to your Desktop and not run straight away from download **
Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Temporarily turn off (disable) your antivirus program.

Right- click on Combo-Fix.exe on your Desktop Posted Image and select "Run as Administrator".
  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light.
If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt.
Note:
Do not mouseclick combofix's window nor run any program while Combofix is running.
That may cause it to stall.
Reply with a copy of the C:\Combofix.txt log

Re-enable your antivirus program.

Check to insure your Adobe Reader is up-to-date for any patches/fixes.
Start Adobe Reader. Go to the Help menu item, select the Check for Updates option, and follow the prompts.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#16 Jonkiote

Jonkiote

    New Member

  • Members
  • Pip
  • 19 posts

Posted 25 February 2012 - 09:58 PM

Um. I ran combofix, but now I can't really do anything else. Whenever I click any icon, I get this pop-up "illegal operation being attempted on a registry key that has been marked for deletion." The only things I can run are icons that have the "run as admin" option if I right click it, but not everything has that option.. :( It was going so well..
I could not start adobe reader, and therefore could not update it.

Combofix log:
ComboFix 12-02-25.02 - Carelessjon 02/25/2012 16:25:19.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2363 [GMT -10:00]
Running from: c:\users\Carelessjon\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-26 02:34 . 2012-02-26 02:34 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-02-26 02:34 . 2012-02-26 02:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-25 15:33 . 2012-02-25 15:39 -------- d-----w- C:\SilentRunner
2012-02-25 15:04 . 2012-02-25 15:31 -------- d-----w- C:\ARK
2012-02-25 15:01 . 2012-02-25 15:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-25 04:43 . 2012-02-25 04:43 -------- d-----w- c:\program files (x86)\ESET
2012-02-25 04:30 . 2012-02-25 04:30 -------- d-----w- C:\_OTL
2012-02-24 06:50 . 2012-02-24 06:51 -------- d-----w- c:\users\Carelessjon\AppData\Roaming\QuickScan
2012-02-24 06:40 . 2012-02-24 06:40 -------- d-----w- C:\rsit
2012-02-24 06:40 . 2012-02-24 06:40 -------- d-----w- c:\program files\trend micro
2012-02-24 06:34 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEFE10DA-72EB-4B52-99B7-B47BDE9562A3}\mpengine.dll
2012-02-24 06:33 . 2012-02-24 06:34 -------- d-----w- c:\program files (x86)\ERUNT
2012-02-16 07:44 . 2012-02-16 07:44 -------- d-----w- c:\programdata\Intel
2012-02-15 09:52 . 2012-02-15 09:52 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-15 09:24 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 09:24 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 09:24 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 09:24 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 09:24 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 09:24 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 09:24 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 09:24 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-12 15:09 . 2012-02-25 05:19 -------- d-----w- c:\program files (x86)\Application Updater
2012-02-12 15:09 . 2012-02-12 15:09 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar
2012-02-12 15:09 . 2012-02-12 15:09 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-02-02 12:20 . 2012-02-17 22:40 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-01-31 13:56 . 2012-01-31 19:55 -------- d-----w- c:\windows\system32\drivers\NISx64\1305000.091
2012-01-29 03:33 . 2012-01-29 03:34 -------- d-----w- c:\program files\iTunes
2012-01-29 03:33 . 2012-01-29 03:33 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 05:22 . 2011-06-18 05:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 09:52 . 2010-12-31 10:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-31 13:56 . 2010-10-17 10:42 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-01-29 15:10 . 2012-01-21 03:09 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 08:43 . 2012-01-11 08:43 167704 ----a-w- c:\windows\system32\igfxtray.exe
2012-01-11 08:43 . 2012-01-11 08:43 510232 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-01-11 08:43 . 2012-01-11 08:43 417560 ----a-w- c:\windows\system32\igfxpers.exe
2012-01-11 08:43 . 2012-01-11 08:43 239896 ----a-w- c:\windows\system32\igfxext.exe
2012-01-11 08:43 . 2012-01-11 08:43 4379416 ----a-w- c:\windows\system32\GfxUI.exe
2012-01-11 08:43 . 2012-01-11 08:43 392984 ----a-w- c:\windows\system32\hkcmd.exe
2012-01-11 08:43 . 2012-01-11 08:43 184600 ----a-w- c:\windows\system32\difx64.exe
2012-01-11 08:37 . 2012-01-11 08:37 90112 ----a-w- c:\windows\system32\igfxCoIn_v2622.dll
2012-01-11 08:28 . 2012-01-11 08:28 8313856 ----a-w- c:\windows\system32\igdumd64.dll
2012-01-11 08:28 . 2012-01-11 08:28 12311904 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-01-11 08:27 . 2012-01-11 08:27 867020 ----a-w- c:\windows\system32\igkrng575.bin
2012-01-11 08:27 . 2012-01-11 08:27 128204 ----a-w- c:\windows\system32\igcompkrng575.bin
2012-01-11 08:27 . 2012-01-11 08:27 105608 ----a-w- c:\windows\system32\igfcg575m.bin
2012-01-11 08:18 . 2010-08-26 05:31 6323712 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-01-11 08:12 . 2010-08-26 05:28 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2012-01-11 08:06 . 2010-08-26 05:26 9528832 ----a-w- c:\windows\system32\igd10umd64.dll
2012-01-11 07:55 . 2010-08-26 05:23 7988224 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-01-11 07:42 . 2012-01-11 07:42 18653696 ----a-w- c:\windows\system32\ig4icd64.dll
2012-01-11 07:29 . 2012-01-11 07:29 13904384 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-01-11 07:20 . 2012-01-11 07:20 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-01-11 07:20 . 2012-01-11 07:20 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2012-01-11 07:20 . 2012-01-11 07:20 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-01-11 07:20 . 2012-01-11 07:20 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-01-11 07:20 . 2012-01-11 07:20 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-01-11 07:20 . 2012-01-11 07:20 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-01-11 07:20 . 2012-01-11 07:20 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-01-11 07:20 . 2012-01-11 07:20 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2012-01-11 07:20 . 2012-01-11 07:20 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-01-11 07:20 . 2012-01-11 07:20 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-01-11 07:20 . 2012-01-11 07:20 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-01-11 07:20 . 2012-01-11 07:20 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-01-11 07:20 . 2012-01-11 07:20 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-01-11 07:20 . 2012-01-11 07:20 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-01-11 07:20 . 2012-01-11 07:20 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-01-11 07:20 . 2012-01-11 07:20 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2012-01-11 07:20 . 2012-01-11 07:20 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-01-11 07:20 . 2012-01-11 07:20 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-01-11 07:20 . 2012-01-11 07:20 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-01-11 07:20 . 2012-01-11 07:20 375808 ----a-w- c:\windows\system32\igfxpph.dll
2012-01-11 07:19 . 2012-01-11 07:19 378368 ----a-w- c:\windows\system32\igfxTMM.dll
2012-01-11 07:19 . 2012-01-11 07:19 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-01-11 07:19 . 2010-08-26 05:04 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-01-11 07:19 . 2010-08-26 05:04 110080 ----a-w- c:\windows\system32\hccutils.dll
2012-01-11 07:19 . 2012-01-11 07:19 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-01-11 07:19 . 2012-01-11 07:19 390656 ----a-w- c:\windows\system32\igfxdev.dll
2012-01-11 07:19 . 2012-01-11 07:19 146432 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-01-11 07:18 . 2012-01-11 07:18 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-01-11 07:18 . 2012-01-11 07:18 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-01-11 07:18 . 2010-08-26 05:03 9014784 ----a-w- c:\windows\system32\igfxress.dll
2012-01-11 07:15 . 2012-01-11 07:15 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-01-11 07:14 . 2012-01-11 07:14 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-01-11 07:12 . 2012-01-11 07:12 98304 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-01-11 07:12 . 2012-01-11 07:12 98304 ----a-w- c:\windows\system32\iglhcp64.dll
2012-01-11 07:12 . 2012-01-11 07:12 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll
2012-01-11 07:12 . 2012-01-11 07:12 376832 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-01-11 07:12 . 2012-01-11 07:12 376832 ----a-w- c:\windows\system32\iglhsip64.dll
2012-01-11 07:12 . 2012-01-11 07:12 2177536 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-01-11 07:12 . 2012-01-11 07:12 171520 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-01-11 07:12 . 2012-01-11 07:12 1663488 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-01-11 07:12 . 2012-01-11 07:12 148480 ----a-w- c:\windows\system32\igfxcmrt64.dll
2011-12-11 01:24 . 2012-01-14 21:25 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2009-11-24 167008]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-02-08 74984]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2010-02-23 1016832]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-25 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-14 460872]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-19 254696]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-9-21 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664]
R2 SBSDWSCService;SBSD Security Center Service; [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys [2011-09-02 1151096]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVia64.sys [2011-07-21 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {60DB6561-0A84-4c94-AF33-288405CFD56D};Power Control [2010/04/12 00:48];c:\program files (x86)\CyberLink\PowerCinema Movie\000.fcl [2010-02-09 03:43 146928]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-14 652360]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-30 138248]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-29 2320920]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-29 243232]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2012-01-14 869216]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-14 138360]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 11:20]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 11:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchORB"="c:\program files (x86)\TouchSettings\TouchPortalOBR.exe" [2010-02-04 153416]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-23 10081312]
"TouchPortal"="c:\program files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe" [2010-03-09 6310432]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27361010l200p0427y155k45m1r27r
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.minecraftwiki.net/wiki/Minecraft_Wiki
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-Locked - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{60DB6561-0A84-4c94-AF33-288405CFD56D}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerCinema Movie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-368538222-2643626402-1821840259-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-368538222-2643626402-1821840259-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2012-02-25 16:47:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-26 02:47
.
Pre-Run: 33,842,069,504 bytes free
Post-Run: 35,544,367,104 bytes free
.
- - End Of File - - 5B94ACC2255DB4E1BD17A4ACB200CD42


Awaiting orders, sir.

#17 Jonkiote

Jonkiote

    New Member

  • Members
  • Pip
  • 19 posts

Posted 25 February 2012 - 10:01 PM

Also, I was not able to turn windows defender back on after the scan. But I could turn MBAM back on due to it being an icon on my desktop with the run as admin opt.

#18 Jonkiote

Jonkiote

    New Member

  • Members
  • Pip
  • 19 posts

Posted 25 February 2012 - 10:14 PM

I was able to update Adobe Reader, but I still can't open any file without the admin option..

#19 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 25 February 2012 - 10:49 PM

Locate, then use Notepad to open, copy all lines, then Paste into a reply C:\Qoobox\ComboFix-quarantined-files.txt
That will show us what Combofix quarantined (if any).

Then, start MBAM, do an Update run, then do a Quick scan. Copy & paste that log report back here.

You should have Rsitx64 on your Desktop. Start it & run. Copy & paste contents of Log.txt & Info.txt

Remember, you can use Winkey to begin the Start option, then type in to the search box the name of an exe to locate & run an application.
e.g. NOTEPAD for the Notepad applet.
MBAM.exe
Rsitx64.exe
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#20 Jonkiote

Jonkiote

    New Member

  • Members
  • Pip
  • 19 posts

Posted 25 February 2012 - 11:10 PM

Hi again, The Rsitx64 did not create an info.txt this time, only a log.txt
I'm sorry, but what do you mean by "Winkey"?

Combofix log:

2012-02-26 02:46:02 . 2012-02-26 02:46:02 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D}.reg.dat
2012-02-26 02:46:02 . 2012-02-26 02:46:02 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527}.reg.dat
2012-02-26 02:46:01 . 2012-02-26 02:46:01 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2012-02-26 02:45:51 . 2012-02-26 02:45:51 676 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233}.reg.dat
2012-02-26 02:45:51 . 2012-02-26 02:45:51 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2012-02-26 02:45:50 . 2012-02-26 02:45:50 718 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-BHO-{95B7759C-8C7F-4BF1-B163-73684A933233}.reg.dat
2012-02-26 02:45:49 . 2012-02-26 02:45:49 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527}.reg.dat
2012-02-26 02:29:54 . 2012-02-26 02:29:54 6,273 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-02-26 02:21:53 . 2012-02-26 02:21:53 51 ----a-w- C:\Qoobox\Quarantine\catchme.log



MBAM log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.25.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Carelessjon :: CARELESSJON-PC [administrator]
Protection: Enabled
2/25/2012 5:58:14 PM
mbam-log-2012-02-25 (17-58-14).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221065
Time elapsed: 4 minute(s), 24 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)



RSIT log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Carelessjon at 2012-02-25 18:05:11
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 33 GB (6%) free of 596 GB
Total RAM: 3895 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:05:19 PM, on 2/25/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\Carelessjon.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...27y155k45m1r27r
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.star.haw...Script/smsx.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.co...sreqlab_nvd.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bit...m/qsax/qsax.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://nxcache.nexon...b.2010.5.03.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown owner - (no file)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12394 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
/QuitInfo:0000000000000264;00000000000002C8; /AddRef;
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll" /prefetch:1
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe"
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1856
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"taskhost.exe"
"C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe" /c /a /s UserSession
/QuitInfo:00000000000008D4;00000000000008D8; /AddRef;
/QuitInfo:0000000000000884;00000000000008B8;
/loadhooks /Parent:00000000000004E0
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /startalways
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3956 CREDAT:145409
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Carelessjon\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default
prefs.js - "browser.startup.homepage" - "http://www.minecraft.../Minecraft_Wiki"
prefs.js - "extensions.enabledItems" - "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.8.1.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2, {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.2.1.6, wtxpcom@mybrowserbar.com:4.9, youtubedownloader@mybrowserbar.com:4.9, {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}:1.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.25"
prefs.js - "keyword.URL" - "chrome://browser-region/locale/region.properties"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0]
"Description"=Virtual Earth 3D
"Path"=C:\Program Files (x86)\Virtual Earth 3D\
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nexon.net/NxGame]
"Description"=Nexon Game Controller
"Path"=C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0]
"Description"=
"Path"=C:\Program Files (x86)\Virtual Earth 3D\
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
avg-secure-search.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml
C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\
adblockpopups@jessehakanen.net
{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}
{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-01-11 458352]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll [2011-12-14 501176]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL [2011-11-23 210360]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-14 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-11 342128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-14 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-01-11 458352]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll [2011-12-14 501176]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-11 342128]
{95B7759C-8C7F-4BF1-B163-73684A933233} -
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TouchORB"=C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe [2010-02-03 153416]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-02-23 10081312]
"TouchPortal"=C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe [2010-03-08 6310432]
"RunDLLEntry_THXCfg"=C:\Windows\system32\THXCfg64.dll [2009-09-30 17920]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-01-10 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-01-10 392984]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-01-10 417560]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-03-10 39408]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"=C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"YouCam Mirror Tray icon"=C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2009-11-23 167008]
"BDRegion"=C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [2010-02-08 74984]
"THX Audio Control Panel"=C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [2010-02-22 1016832]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-10 90112]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-01 59240]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-01-16 421736]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-01-10 390656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-11-12 249344]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2012-02-25 16:47:08 ----D---- C:\Windows\temp
2012-02-25 16:47:06 ----A---- C:\ComboFix.txt
2012-02-25 16:22:01 ----A---- C:\Windows\zip.exe
2012-02-25 16:22:01 ----A---- C:\Windows\SWSC.exe
2012-02-25 16:22:01 ----A---- C:\Windows\SWREG.exe
2012-02-25 16:22:01 ----A---- C:\Windows\sed.exe
2012-02-25 16:22:01 ----A---- C:\Windows\PEV.exe
2012-02-25 16:22:01 ----A---- C:\Windows\NIRCMD.exe
2012-02-25 16:22:01 ----A---- C:\Windows\MBR.exe
2012-02-25 16:22:01 ----A---- C:\Windows\grep.exe
2012-02-25 16:21:50 ----D---- C:\Qoobox
2012-02-25 12:32:19 ----A---- C:\TDSSKiller.2.7.14.0_25.02.2012_12.32.19_log.txt
2012-02-25 05:33:38 ----D---- C:\SilentRunner
2012-02-25 05:04:30 ----D---- C:\ARK
2012-02-25 05:01:20 ----D---- C:\TDSSKiller_Quarantine
2012-02-25 04:59:13 ----A---- C:\TDSSKiller.2.7.14.0_25.02.2012_04.59.13_log.txt
2012-02-24 18:43:55 ----D---- C:\Program Files (x86)\ESET
2012-02-24 18:30:51 ----D---- C:\_OTL
2012-02-23 20:50:58 ----D---- C:\Users\Carelessjon\AppData\Roaming\QuickScan
2012-02-23 20:40:15 ----D---- C:\rsit
2012-02-23 20:40:15 ----D---- C:\Program Files\trend micro
2012-02-23 20:35:04 ----D---- C:\Windows\ERDNT
2012-02-23 20:33:52 ----D---- C:\Program Files (x86)\ERUNT
2012-02-15 21:44:05 ----D---- C:\ProgramData\Intel
2012-02-15 00:40:31 ----A---- C:\Windows\system32\MRT.INI
2012-02-15 00:37:41 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-02-15 00:37:41 ----A---- C:\Windows\system32\mshtmled.dll
2012-02-15 00:37:40 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-02-15 00:37:40 ----A---- C:\Windows\system32\jscript9.dll
2012-02-15 00:37:40 ----A---- C:\Windows\system32\iertutil.dll
2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\url.dll
2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-02-15 00:37:39 ----A---- C:\Windows\system32\url.dll
2012-02-15 00:37:39 ----A---- C:\Windows\system32\jscript.dll
2012-02-15 00:37:39 ----A---- C:\Windows\system32\ieui.dll
2012-02-15 00:37:38 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-02-15 00:37:38 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-02-15 00:37:38 ----A---- C:\Windows\system32\wininet.dll
2012-02-15 00:37:38 ----A---- C:\Windows\system32\urlmon.dll
2012-02-15 00:37:38 ----A---- C:\Windows\system32\jsproxy.dll
2012-02-15 00:37:37 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-02-15 00:37:36 ----A---- C:\Windows\system32\mshtml.dll
2012-02-15 00:37:35 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-02-15 00:37:34 ----A---- C:\Windows\system32\ieframe.dll
2012-02-14 23:52:40 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-02-14 23:52:40 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-02-14 23:52:40 ----A---- C:\Windows\SYSWOW64\java.exe
2012-02-14 23:24:35 ----A---- C:\Windows\system32\shell32.dll
2012-02-14 23:24:33 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-02-14 23:24:33 ----A---- C:\Windows\SYSWOW64\ntshrui.dll
2012-02-14 23:24:33 ----A---- C:\Windows\system32\ntshrui.dll
2012-02-14 23:24:29 ----A---- C:\Windows\system32\win32k.sys
2012-02-14 23:24:28 ----A---- C:\Windows\system32\drivers\afd.sys
2012-02-14 23:24:25 ----A---- C:\Windows\SYSWOW64\msvcrt.dll
2012-02-14 23:24:25 ----A---- C:\Windows\system32\msvcrt.dll
2012-02-12 05:09:02 ----D---- C:\Program Files (x86)\YouTube Downloader Toolbar
2012-02-12 05:09:02 ----D---- C:\Program Files (x86)\Application Updater
2012-01-28 17:33:17 ----D---- C:\Program Files\iTunes
2012-01-28 17:33:17 ----D---- C:\Program Files\iPod
======List of files/folders modified in the last 1 month======
2012-02-25 17:59:19 ----D---- C:\Windows\system32\config
2012-02-25 16:52:57 ----SHD---- C:\Windows\Installer
2012-02-25 16:52:50 ----D---- C:\ProgramData\Adobe
2012-02-25 16:47:09 ----D---- C:\Windows\system32\drivers
2012-02-25 16:47:08 ----D---- C:\Windows
2012-02-25 16:42:00 ----A---- C:\Windows\system.ini
2012-02-25 16:41:53 ----D---- C:\Windows\system32\drivers\etc
2012-02-25 16:41:07 ----D---- C:\Windows\System32
2012-02-25 16:41:07 ----D---- C:\Windows\inf
2012-02-25 16:41:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-02-25 16:36:55 ----A---- C:\Windows\SYSWOW64\log.txt
2012-02-25 16:29:12 ----D---- C:\Windows\SYSWOW64\drivers
2012-02-25 16:29:12 ----D---- C:\Windows\SysWOW64
2012-02-25 16:29:12 ----D---- C:\Windows\AppPatch
2012-02-25 16:29:11 ----D---- C:\Program Files\Common Files
2012-02-25 16:29:11 ----D---- C:\Program Files (x86)\Common Files
2012-02-24 19:37:05 ----D---- C:\ProgramData\YouTube Downloader
2012-02-24 18:43:59 ----D---- C:\Windows\Downloaded Program Files
2012-02-24 18:43:55 ----RD---- C:\Program Files (x86)
2012-02-24 18:31:11 ----SHD---- C:\System Volume Information
2012-02-24 18:28:04 ----D---- C:\Windows\Prefetch
2012-02-23 20:40:15 ----RD---- C:\Program Files
2012-02-22 13:25:14 ----A---- C:\Windows\wininit.ini
2012-02-21 22:10:14 ----D---- C:\Windows\system32\Tasks
2012-02-17 12:40:50 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-02-16 13:41:29 ----RSD---- C:\Windows\assembly
2012-02-16 13:41:29 ----D---- C:\Windows\Microsoft.NET
2012-02-15 21:44:05 ----D---- C:\ProgramData
2012-02-15 21:42:34 ----D---- C:\Windows\system32\catroot2
2012-02-15 21:41:58 ----D---- C:\Program Files (x86)\Intel
2012-02-15 21:41:22 ----D---- C:\Windows\system32\catroot
2012-02-15 21:41:18 ----D---- C:\Windows\system32\DriverStore
2012-02-15 17:51:24 ----D---- C:\Windows\winsxs
2012-02-15 17:49:50 ----D---- C:\Windows\SYSWOW64\migration
2012-02-15 17:49:50 ----D---- C:\Windows\system32\migration
2012-02-15 17:49:50 ----D---- C:\Program Files\Internet Explorer
2012-02-15 17:49:50 ----D---- C:\Program Files (x86)\Internet Explorer
2012-02-15 00:41:18 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 00:38:39 ----D---- C:\Windows\debug
2012-02-15 00:38:37 ----A---- C:\Windows\system32\MRT.exe
2012-02-14 23:52:35 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2012-02-14 22:55:50 ----D---- C:\Windows\system32\NDF
2012-02-13 13:29:04 ----D---- C:\Users\Carelessjon\AppData\Roaming\uTorrent
2012-02-09 10:25:30 ----D---- C:\Windows\system32\FxsTmp
2012-02-01 16:12:33 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-31 09:56:35 ----D---- C:\Windows\system32\drivers\NISx64
2012-01-31 03:57:07 ----D---- C:\Program Files\Symantec
2012-01-30 12:01:20 ----D---- C:\ProgramData\AVG Secure Search
2012-01-29 05:10:42 ----N---- C:\Windows\system32\MpSigStub.exe
2012-01-28 17:34:01 ----D---- C:\Program Files (x86)\iTunes
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [2011-07-25 451192]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [2011-11-23 1092728]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys [2011-09-01 1151096]
R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [2011-11-04 167048]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2011-12-14 482936]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVia64.sys [2011-07-20 488568]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS [2011-11-23 37496]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [2011-11-16 190072]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [2011-11-16 405624]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]
R2 {60DB6561-0A84-4c94-AF33-288405CFD56D};Power Control [2010/04/12 00:48:29]; \??\C:\Program Files (x86)\CyberLink\PowerCinema Movie\000.fcl [2010-02-08 146928]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K; C:\Windows\system32\DRIVERS\e1k62x64.sys [2009-12-24 294064]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-14 138360]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-01-10 12311904]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-02-23 2272544]
R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2009-12-24 244736]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2010-02-24 67616]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 23152]
R3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2010-02-01 852256]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2012-01-31 175736]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-13 95232]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 int15.sys;int15.sys; \??\C:\Windows\syswow64\OEM\Factory\int15.sys []
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\ENG64.SYS [2011-12-14 117880]
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\EX64.SYS [2011-12-14 2048632]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-02-08 239136]
S3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS [2011-11-23 738936]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-05-10 51712]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-08-13 73984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 Greg_Service;GRegService; C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-27 1150496]
R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2009-12-28 268824]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-29 138248]
R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-28 2320920]
R2 Updater Service;Updater Service; C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
R2 vToolbarUpdater;vToolbarUpdater; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2012-01-14 869216]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe [2009-10-09 238328]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-10 182768]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 934760]
S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-01-15 935208]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-03 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-18 1255736]
-----------------EOF-----------------





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users