Jump to content

Svchost.exe does not go away.


Recommended Posts

Hi, I'm getting repeated notices that malwarebytes is blocking a program called svchost.exe. I have no idea what to do in order to fix it, and I would greatly appreciate your assistance. It is incredibly annoying to have those little balloons show up every minute or so with the occasional pop-up telling me to quarantine svchost.

While I don't think svchost has actually caused any damage yet, there was this one instance where I got the quarantine pop-up and my computer started running really slow. So I opened up task manager, and found svchost taking up quite a bit of memory. I quickly shut down the process and ran a quick scan with Malwarebytes which revealed 2 infections which were svchost and svchost(memory)? Needless to say, I deleted them and restarted, but the balloons still appear. It should also be noted that every time I use the scan be it quick or full, the same 2 infections appear every time.

Here is the DDS log I got by running DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Carelessjon at 20:55:33 on 2012-02-21

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1629 [GMT -10:00]

.

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

-netsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe

C:\Program Files (x86)\Java\jre6\bin\java.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27361010l200p0427y155k45m1r27r

mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27361010l200p0427y155k45m1r27r

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27361010l200p0427y155k45m1r27r

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll

uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll

mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll

BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: {95b7759c-8c7f-4bf1-b163-73684a933233} - AVG Security Toolbar

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} -

TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [<NO NAME>]

mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.star.hawaii.edu:10012/studentinterface/PrintScript/smsx.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{96059DF4-BD72-42CB-9A0E-796370067E7B} : DhcpNameServer = 192.168.2.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll

BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - AVG Safe Search

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: {95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll

TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll

TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -

TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll

mRun-x64: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

mRun-x64: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [(Default)]

mRun-x64: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.minecraftwiki.net/wiki/Minecraft_Wiki

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\components\IPSFFPl.dll

FF - component: C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko5.dll

FF - component: C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko6.dll

FF - component: C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko7.dll

FF - component: C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko8.dll

FF - component: C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko9.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys [2011-12-14 1151096]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSviA64.sys [2011-12-14 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 {60DB6561-0A84-4c94-AF33-288405CFD56D};Power Control [2010/04/12 00:48:29];C:\Program Files (x86)\CyberLink\PowerCinema Movie\000.fcl [2010-2-8 146928]

R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-2-6 748440]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-27 1150496]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-1 652360]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe [2012-1-31 138248]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-3-10 2320920]

R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-3-10 243232]

R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2012-1-14 869216]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-14 138360]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664]

S2 SBSDWSCService;SBSD Security Center Service; [x]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-02-22 01:05:47 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AE8CA75F-975E-407B-AB5A-9D41891355EF}\mpengine.dll

2012-02-15 09:24:33 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-15 09:24:33 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-15 09:24:30 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-15 09:24:30 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-02-15 09:24:29 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-02-15 09:24:28 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-02-15 09:24:25 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-02-15 09:24:25 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2012-02-12 15:09:02 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar

2012-02-12 15:09:02 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot

2012-02-12 15:09:02 -------- d-----w- C:\Program Files (x86)\Application Updater

2012-02-02 12:20:25 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2012-01-31 13:56:42 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\symnets.sys

2012-01-31 13:56:42 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\symefa64.sys

2012-01-31 13:56:41 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\srtsp64.sys

2012-01-31 13:56:41 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1305000.091\symds64.sys

2012-01-31 13:56:41 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\srtspx64.sys

2012-01-31 13:56:41 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\ironx64.sys

2012-01-31 13:56:41 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\ccsetx64.sys

2012-01-31 13:56:36 -------- d-----w- C:\Windows\System32\drivers\NISx64\1305000.091

2012-01-29 03:33:17 -------- d-----w- C:\Program Files\iTunes

2012-01-29 03:33:17 -------- d-----w- C:\Program Files\iPod

2012-01-25 00:31:47 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

.

==================== Find3M ====================

.

2012-02-17 05:22:51 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-15 09:52:35 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-01-31 13:56:47 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-01-29 15:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-11 08:43:30 167704 ----a-w- C:\Windows\System32\igfxtray.exe

2012-01-11 08:43:28 510232 ----a-w- C:\Windows\System32\igfxsrvc.exe

2012-01-11 08:43:26 417560 ----a-w- C:\Windows\System32\igfxpers.exe

2012-01-11 08:43:20 239896 ----a-w- C:\Windows\System32\igfxext.exe

2012-01-11 08:43:08 4379416 ----a-w- C:\Windows\System32\GfxUI.exe

2012-01-11 08:43:08 392984 ----a-w- C:\Windows\System32\hkcmd.exe

2012-01-11 08:43:06 184600 ----a-w- C:\Windows\System32\difx64.exe

2012-01-11 08:37:38 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2622.dll

2012-01-11 08:28:32 8313856 ----a-w- C:\Windows\System32\igdumd64.dll

2012-01-11 08:28:18 12311904 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys

2012-01-11 08:27:26 867020 ----a-w- C:\Windows\SysWow64\igkrng575.bin

2012-01-11 08:27:26 867020 ----a-w- C:\Windows\System32\igkrng575.bin

2012-01-11 08:27:26 128204 ----a-w- C:\Windows\SysWow64\igcompkrng575.bin

2012-01-11 08:27:26 128204 ----a-w- C:\Windows\System32\igcompkrng575.bin

2012-01-11 08:27:26 105608 ----a-w- C:\Windows\SysWow64\igfcg575m.bin

2012-01-11 08:27:26 105608 ----a-w- C:\Windows\System32\igfcg575m.bin

2012-01-11 08:18:36 6323712 ----a-w- C:\Windows\SysWow64\igdumd32.dll

2012-01-11 08:12:26 581120 ----a-w- C:\Windows\SysWow64\igdumdx32.dll

2012-01-11 08:06:22 9528832 ----a-w- C:\Windows\System32\igd10umd64.dll

2012-01-11 07:55:08 7988224 ----a-w- C:\Windows\SysWow64\igd10umd32.dll

2012-01-11 07:42:26 18653696 ----a-w- C:\Windows\System32\ig4icd64.dll

2012-01-11 07:29:54 13904384 ----a-w- C:\Windows\SysWow64\ig4icd32.dll

2012-01-11 07:19:58 378368 ----a-w- C:\Windows\System32\igfxTMM.dll

2012-01-11 07:19:52 28672 ----a-w- C:\Windows\System32\igfxexps.dll

2012-01-11 07:19:42 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll

2012-01-11 07:19:14 110080 ----a-w- C:\Windows\System32\hccutils.dll

2012-01-11 07:19:06 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll

2012-01-11 07:19:06 390656 ----a-w- C:\Windows\System32\igfxdev.dll

2012-01-11 07:19:06 146432 ----a-w- C:\Windows\System32\gfxSrvc.dll

2012-01-11 07:18:36 285696 ----a-w- C:\Windows\System32\igfxrenu.lrc

2012-01-11 07:18:32 9014784 ----a-w- C:\Windows\System32\igfxress.dll

2012-01-11 07:18:32 142336 ----a-w- C:\Windows\System32\igfxdo.dll

2012-01-11 07:15:16 24576 ----a-w- C:\Windows\SysWow64\igfxexps32.dll

2012-01-11 07:14:34 294400 ----a-w- C:\Windows\SysWow64\igfxdv32.dll

2012-01-11 07:12:12 98304 ----a-w- C:\Windows\SysWow64\iglhcp32.dll

2012-01-11 07:12:12 98304 ----a-w- C:\Windows\System32\iglhcp64.dll

2012-01-11 07:12:12 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll

2012-01-11 07:12:12 376832 ----a-w- C:\Windows\SysWow64\iglhsip32.dll

2012-01-11 07:12:12 376832 ----a-w- C:\Windows\System32\iglhsip64.dll

2012-01-11 07:12:12 2177536 ----a-w- C:\Windows\System32\igfxcmjit64.dll

2012-01-11 07:12:12 171520 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll

2012-01-11 07:12:12 1663488 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll

2012-01-11 07:12:12 148480 ----a-w- C:\Windows\System32\igfxcmrt64.dll

2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll

2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-12-11 01:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 20:56:43.00 ===============

Link to post
Share on other sites

Hello Jonkiote, and welcome to MalwareBytes forum.

Please do the following.

First, disable Teatimer and keep it disabled, otherwise it will revert any malware fixes we may do.

Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode

then select Advanced Mode

On the left hand side, slect Tools

Then click on the Resident icon in the list

Uncheck Resident TeaTimer and OK any prompts.

Now Logoff & Restart your computer fresh.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

Go to your Desktop

  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender.

Use separate replies as needed if logs do not fit into one reply box.

Edited by Maurice Naggar
Link to post
Share on other sites

Here is the Log.txt:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Carelessjon at 2012-02-23 20:40:15

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 29 GB (5%) free of 596 GB

Total RAM: 3895 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:40:30 PM, on 2/23/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files\trend micro\Carelessjon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27361010l200p0427y155k45m1r27r

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27361010l200p0427y155k45m1r27r

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27361010l200p0427y155k45m1r27r

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll

R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

O4 - HKLM\..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.star.hawaii.edu:10012/studentinterface/PrintScript/smsx.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown owner - (no file)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14405 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

/QuitInfo:0000000000000304;0000000000000318; /AddRef;

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

"C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe"

"C:\Program Files\Bonjour\mDNSResponder.exe"

"C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"

"C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll" /prefetch:1

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe"

"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe"

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

WLIDSvcM.exe 1988

-netsvcs

\??\C:\Windows\system32\conhost.exe "59880542667788685646282671-1373317506-10043856741464174483-1192844600-161465234

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe" /c /a /s UserSession2

/QuitInfo:00000000000008B0;00000000000008B4; /AddRef;

/QuitInfo:00000000000007A8;00000000000008BC;

/loadhooks /Parent:0000000000000984

"taskhost.exe"

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

"C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe"

"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s

"C:\Windows\System32\rundll32.exe" C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

"C:\Windows\System32\igfxtray.exe"

"C:\Windows\System32\hkcmd.exe"

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

C:\Windows\system32\wbem\unsecapp.exe -Embedding

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

"C:\Program Files (x86)\CyberLink\Shared files\brs.exe"

"C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

"C:\Program Files\iPod\bin\iPodService.exe"

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"

C:\Windows\System32\svchost.exe -k secsvcs

"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"

C:\Windows\servicing\TrustedInstaller.exe

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\ERUNT\README.TXT

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528

"C:\Users\Carelessjon\Desktop\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default

prefs.js - "browser.startup.homepage" - "http://www.minecraftwiki.net/wiki/Minecraft_Wiki"

prefs.js - "extensions.enabledItems" - "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.8.1.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2, {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.2.1.6, wtxpcom@mybrowserbar.com:4.9, youtubedownloader@mybrowserbar.com:4.9, {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}:1.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.25"

prefs.js - "keyword.URL" - "chrome://browser-region/locale/region.properties"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 10.1 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0]

"Description"=Virtual Earth 3D

"Path"=C:\Program Files (x86)\Virtual Earth 3D\

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nexon.net/NxGame]

"Description"=Nexon Game Controller

"Path"=C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]

"Description"=This plugin detects and launches Pando Media Booster

"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0]

"Description"=

"Path"=C:\Program Files (x86)\Virtual Earth 3D\

C:\Program Files (x86)\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\

npdeployJava1.dll

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

npqtplugin7.dll

QuickTimePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\

amazondotcom.xml

avg-secure-search.xml

bing.xml

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\

adblockpopups@jessehakanen.net

{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}

{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-01-11 458352]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll [2011-12-14 501176]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL [2011-11-23 210360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-14 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

AVG Security Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-11 342128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-14 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]

YouTube Downloader Toolbar - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll [2012-02-06 1074016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-01-11 458352]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll [2011-12-14 501176]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-11 342128]

{95B7759C-8C7F-4BF1-B163-73684A933233} -

{F3FEE66E-E034-436a-86E4-9690573BEE8A} - YouTube Downloader Toolbar - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll [2012-02-06 1074016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"TouchORB"=C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe [2010-02-03 153416]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-02-23 10081312]

"TouchPortal"=C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe [2010-03-08 6310432]

"RunDLLEntry_THXCfg"=C:\Windows\system32\THXCfg64.dll [2009-09-30 17920]

"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-01-10 167704]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-01-10 392984]

"Persistence"=C:\Windows\system32\igfxpers.exe [2012-01-10 417560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-03-10 39408]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"UCam_Menu"=C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

"YouCam Mirror Tray icon"=C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2009-11-23 167008]

"BDRegion"=C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [2010-02-08 74984]

"THX Audio Control Panel"=C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [2010-02-22 1016832]

"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-10 90112]

"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-01 59240]

"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]

"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]

"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-01-16 421736]

""= []

"SearchSettings"=C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [2012-02-06 934240]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2012-01-10 390656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-02-23 20:40:15 ----D---- C:\rsit

2012-02-23 20:40:15 ----D---- C:\Program Files\trend micro

2012-02-23 20:35:04 ----D---- C:\Windows\ERDNT

2012-02-23 20:33:52 ----D---- C:\Program Files (x86)\ERUNT

2012-02-15 21:44:05 ----D---- C:\ProgramData\Intel

2012-02-15 00:40:31 ----A---- C:\Windows\system32\MRT.INI

2012-02-15 00:37:41 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2012-02-15 00:37:41 ----A---- C:\Windows\system32\mshtmled.dll

2012-02-15 00:37:40 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2012-02-15 00:37:40 ----A---- C:\Windows\system32\jscript9.dll

2012-02-15 00:37:40 ----A---- C:\Windows\system32\iertutil.dll

2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\url.dll

2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\jscript.dll

2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\ieui.dll

2012-02-15 00:37:39 ----A---- C:\Windows\system32\url.dll

2012-02-15 00:37:39 ----A---- C:\Windows\system32\jscript.dll

2012-02-15 00:37:39 ----A---- C:\Windows\system32\ieui.dll

2012-02-15 00:37:38 ----A---- C:\Windows\SYSWOW64\wininet.dll

2012-02-15 00:37:38 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2012-02-15 00:37:38 ----A---- C:\Windows\system32\wininet.dll

2012-02-15 00:37:38 ----A---- C:\Windows\system32\urlmon.dll

2012-02-15 00:37:38 ----A---- C:\Windows\system32\jsproxy.dll

2012-02-15 00:37:37 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2012-02-15 00:37:36 ----A---- C:\Windows\system32\mshtml.dll

2012-02-15 00:37:35 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2012-02-15 00:37:34 ----A---- C:\Windows\system32\ieframe.dll

2012-02-14 23:52:40 ----A---- C:\Windows\SYSWOW64\javaws.exe

2012-02-14 23:52:40 ----A---- C:\Windows\SYSWOW64\javaw.exe

2012-02-14 23:52:40 ----A---- C:\Windows\SYSWOW64\java.exe

2012-02-14 23:24:35 ----A---- C:\Windows\system32\shell32.dll

2012-02-14 23:24:33 ----A---- C:\Windows\SYSWOW64\shell32.dll

2012-02-14 23:24:33 ----A---- C:\Windows\SYSWOW64\ntshrui.dll

2012-02-14 23:24:33 ----A---- C:\Windows\system32\ntshrui.dll

2012-02-14 23:24:29 ----A---- C:\Windows\system32\win32k.sys

2012-02-14 23:24:28 ----A---- C:\Windows\system32\drivers\afd.sys

2012-02-14 23:24:25 ----A---- C:\Windows\SYSWOW64\msvcrt.dll

2012-02-14 23:24:25 ----A---- C:\Windows\system32\msvcrt.dll

2012-02-12 05:09:02 ----D---- C:\Program Files (x86)\YouTube Downloader Toolbar

2012-02-12 05:09:02 ----D---- C:\Program Files (x86)\Application Updater

2012-01-28 17:33:17 ----D---- C:\Program Files\iTunes

2012-01-28 17:33:17 ----D---- C:\Program Files\iPod

======List of files/folders modified in the last 1 month======

2012-02-23 20:40:29 ----D---- C:\Windows\Prefetch

2012-02-23 20:40:26 ----D---- C:\Windows\Temp

2012-02-23 20:40:15 ----RD---- C:\Program Files

2012-02-23 20:35:04 ----D---- C:\Windows

2012-02-23 20:34:32 ----D---- C:\Windows\System32

2012-02-23 20:34:32 ----D---- C:\Windows\inf

2012-02-23 20:34:32 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-02-23 20:33:52 ----RD---- C:\Program Files (x86)

2012-02-23 20:33:25 ----D---- C:\Windows\system32\config

2012-02-23 20:30:02 ----A---- C:\Windows\SYSWOW64\log.txt

2012-02-22 13:25:14 ----A---- C:\Windows\wininit.ini

2012-02-21 22:10:14 ----D---- C:\Windows\system32\Tasks

2012-02-21 15:04:20 ----SHD---- C:\System Volume Information

2012-02-17 12:40:50 ----D---- C:\Program Files (x86)\Mozilla Firefox

2012-02-16 13:41:29 ----RSD---- C:\Windows\assembly

2012-02-16 13:41:29 ----D---- C:\Windows\Microsoft.NET

2012-02-15 21:44:05 ----D---- C:\ProgramData

2012-02-15 21:43:20 ----D---- C:\Windows\SysWOW64

2012-02-15 21:42:34 ----D---- C:\Windows\system32\catroot2

2012-02-15 21:41:58 ----D---- C:\Program Files (x86)\Intel

2012-02-15 21:41:27 ----D---- C:\Windows\system32\drivers

2012-02-15 21:41:22 ----D---- C:\Windows\system32\catroot

2012-02-15 21:41:18 ----D---- C:\Windows\system32\DriverStore

2012-02-15 17:51:24 ----D---- C:\Windows\winsxs

2012-02-15 17:49:50 ----D---- C:\Windows\SYSWOW64\migration

2012-02-15 17:49:50 ----D---- C:\Windows\system32\migration

2012-02-15 17:49:50 ----D---- C:\Program Files\Internet Explorer

2012-02-15 17:49:50 ----D---- C:\Program Files (x86)\Internet Explorer

2012-02-15 00:45:05 ----SHD---- C:\Windows\Installer

2012-02-15 00:41:18 ----D---- C:\Program Files (x86)\Microsoft Silverlight

2012-02-15 00:38:39 ----D---- C:\Windows\debug

2012-02-15 00:38:37 ----A---- C:\Windows\system32\MRT.exe

2012-02-14 23:52:52 ----D---- C:\Program Files (x86)\Common Files

2012-02-14 23:52:35 ----A---- C:\Windows\SYSWOW64\deployJava1.dll

2012-02-14 22:55:50 ----D---- C:\Windows\system32\NDF

2012-02-13 13:29:04 ----D---- C:\Users\Carelessjon\AppData\Roaming\uTorrent

2012-02-09 10:25:30 ----D---- C:\Windows\system32\FxsTmp

2012-02-01 16:12:33 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-01-31 09:56:35 ----D---- C:\Windows\system32\drivers\NISx64

2012-01-31 03:57:07 ----D---- C:\Program Files\Symantec

2012-01-30 12:01:20 ----D---- C:\ProgramData\AVG Secure Search

2012-01-29 05:10:42 ----N---- C:\Windows\system32\MpSigStub.exe

2012-01-28 17:34:01 ----D---- C:\Program Files (x86)\iTunes

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [2011-07-25 451192]

R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [2011-11-23 1092728]

R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys [2011-09-01 1151096]

R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [2011-11-04 167048]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2011-12-14 482936]

R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVia64.sys [2011-07-20 488568]

R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS [2011-11-23 37496]

R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [2011-11-16 190072]

R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [2011-11-16 405624]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]

R2 {60DB6561-0A84-4c94-AF33-288405CFD56D};Power Control [2010/04/12 00:48:29]; \??\C:\Program Files (x86)\CyberLink\PowerCinema Movie\000.fcl [2010-02-08 146928]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K; C:\Windows\system32\DRIVERS\e1k62x64.sys [2009-12-24 294064]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-14 138360]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]

R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-01-10 12311904]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-02-23 2272544]

R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2009-12-24 244736]

R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2010-02-24 67616]

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 23152]

R3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2010-02-01 852256]

R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2012-01-31 175736]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]

S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []

S3 int15.sys;int15.sys; \??\C:\Windows\syswow64\OEM\Factory\int15.sys []

S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\ENG64.SYS [2011-12-14 117880]

S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\EX64.SYS [2011-12-14 2048632]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-02-08 239136]

S3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS [2011-11-23 738936]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-05-10 51712]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-08-13 73984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]

R2 Application Updater;Application Updater; C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-02-06 748440]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

R2 Greg_Service;GRegService; C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-27 1150496]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2009-12-28 268824]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-29 138248]

R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-28 2320920]

R2 Updater Service;Updater Service; C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]

R2 vToolbarUpdater;vToolbarUpdater; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2012-01-14 869216]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 934760]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664]

S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe [2009-10-09 238328]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664]

S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-10 182768]

S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-01-15 935208]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-03 441712]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-18 1255736]

-----------------EOF-----------------

Here is the Info.txt

info.txt logfile of random's system information tool 1.09 2012-02-23 20:40:31

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}

-->"C:\Program Files (x86)\Gateway Games\Game Explorer Categories - main\Uninstall.exe"

-->"C:\Program Files (x86)\Gateway Games\Web Link - Club Penguin\Uninstall.exe"

-->"C:\Program Files (x86)\InstallShield Installation Information\{70CC0095-AA68-45BE-AE98-D8170182E9EB}\Setup.exe" /z-uninstall

-->"C:\Program Files (x86)\InstallShield Installation Information\{74D911AE-4A04-4481-902F-7B496E721F7F}\setup.exe" /z-uninstall

-->"C:\ProgramData\{CD365A7B-CF03-4BDA-BFCA-FC24F7407C39}\Best Buy pc app Setup.exe" REMOVE=TRUE MODIFY=FALSE

-->C:\ProgramData\{CD365A7B-CF03-4BDA-BFCA-FC24F7407C39}\Best Buy pc app Setup.exe

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7662728E-ED8B-4995-ABFD-ABB9B5098C30}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7662728E-ED8B-4995-ABFD-ABB9B5098C30}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DDCCBB78-8FFB-4FDE-912F-930E4D9FBC67}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DDCCBB78-8FFB-4FDE-912F-930E4D9FBC67}\setup.exe" -l0x9 /remove

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}

Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}

Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}

Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}

Adobe Download Assistant-->msiexec /qb /x {E1845F1C-068C-F8F4-D31D-D3540D47C453}

Adobe Download Assistant-->MsiExec.exe /I{E1845F1C-068C-F8F4-D31D-D3540D47C453}

Adobe Flash Player 11 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_0_1_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe -maintain plugin

Adobe Photoshop CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}"

Adobe Reader 9.5.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A95000000001}

Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}

Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}

Apple Mobile Device Support-->MsiExec.exe /I{75104836-CAC7-444E-A39E-3F54151942F5}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

Bandisoft MPEG-1 Decoder-->"C:\Program Files (x86)\BandiMPEG1\uninstall.exe"

Bejeweled 2 Deluxe-->"C:\Program Files (x86)\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe"

Blackhawk Striker 2-->"C:\Program Files (x86)\Gateway Games\Blackhawk Striker 2\Uninstall.exe"

Bob the Builder Can-Do-Zoo-->"C:\Program Files (x86)\Gateway Games\Bob the Builder Can-Do-Zoo\Uninstall.exe"

Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}

Build-a-lot 2-->"C:\Program Files (x86)\Gateway Games\Build-a-lot 2\Uninstall.exe"

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

CyberLink PowerCinema Movie-->"C:\Program Files (x86)\InstallShield Installation Information\{70CC0095-AA68-45BE-AE98-D8170182E9EB}\Setup.exe" /z-uninstall

CyberLink PowerCinema-->"C:\Program Files (x86)\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall

CyberLink PowerCinema-->"C:\Program Files (x86)\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall

CyberLink Touch Browser-->"C:\Program Files (x86)\InstallShield Installation Information\{74D911AE-4A04-4481-902F-7B496E721F7F}\setup.exe" /z-uninstall

CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall /s

CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall /s

D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

DVD Decrypter (Remove Only)-->"C:\Program Files (x86)\DVD Decrypter\uninstall.exe"

ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"

Escape Rosecliff Island-->"C:\Program Files (x86)\Gateway Games\Escape Rosecliff Island\Uninstall.exe"

Faerie Solitaire-->"C:\Program Files (x86)\Gateway Games\Faerie Solitaire\Uninstall.exe"

Gateway Game Console-->"C:\Program Files (x86)\Gateway Games\Gateway Game Console\Uninstall.exe"

Gateway Games-->"C:\Program Files (x86)\Gateway Games\Uninstall.exe"

Gateway InfoCentre-->C:\Program Files (x86)\Gateway\InfoCentre\Uninstall.exe

Gateway Recovery Management-->"C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x409 -removeonly

Gateway Registration-->C:\Program Files (x86)\Gateway\Registration\Uninstall.exe

Gateway ScreenSaver-->C:\Program Files (x86)\Gateway\Screensaver\Uninstall.exe

Gateway Touch Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{C652F86F-348A-4A65-8BE8-A3F7A6370D98}\setup.exe" -runfromtemp -l0x409 -removeonly

Gateway Updater-->"C:\Program Files (x86)\InstallShield Installation Information\{EE171732-BEB4-4576-887D-CB62727F01CA}\setup.exe" -runfromtemp -l0x409 -removeonly

Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_A0AC09CE5247ECEF.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Identity Card-->C:\Program Files (x86)\Gateway\Identity Card\Uninstall.exe

Intel® Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm

Intel® Graphics Media Accelerator Driver-->C:\Program Files (x86)\Intel\Intel® Graphics Media Accelerator Driver\Uninstall\setup.exe -uninstall

Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall

ITE Infrared Transceiver-->C:\Program Files (x86)\InstallShield Installation Information\{40580068-9B10-40B5-9548-536CE88AB23C}\setup.exe -runfromtemp -l0x0009 -removeonly

iTunes-->MsiExec.exe /I{5E11C972-1E76-45FE-8F92-14E0D1140B1B}

Java 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}

Jewel Quest Solitaire 3-->"C:\Program Files (x86)\Gateway Games\Jewel Quest Solitaire 3\Uninstall.exe"

Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

Katawa Shoujo-->"C:\Program Files (x86)\Katawa Shoujo\Uninstall Katawa Shoujo.exe"

Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

MapleStory-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -game:33563155 -locale:US

Microsoft .NET Framework 4 Client Profile-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}

Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE}

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Touch Pack for Windows 7-->MsiExec.exe /I{8FF90DB8-6DED-44A3-B182-244FEC09012F}

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175-->MsiExec.exe /X{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570-->MsiExec.exe /X{8338783A-0968-3B85-AFC7-BAAE0A63DC50}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Works-->MsiExec.exe /I{67E03279-F703-408F-B4BF-46B5FC8D70CD}

Microsoft XNA Framework Redistributable 3.0-->MsiExec.exe /I{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}

Microsoft XNA Framework Redistributable 3.1-->MsiExec.exe /I{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}

Microsoft_VC80_ATL_x86_x64-->MsiExec.exe /I{925D058B-564A-443A-B4B2-7E90C6432E55}

Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}

Microsoft_VC80_CRT_x86_x64-->MsiExec.exe /I{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}

Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}

Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}

Microsoft_VC80_MFCLOC_x86_x64-->MsiExec.exe /I{1E9FC118-651D-4934-97BE-E53CAE5C7D45}

Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}

Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}

Microsoft_VC90_CRT_x86_x64-->MsiExec.exe /I{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}

Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}

Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}

Monopoly-->"C:\Program Files (x86)\Gateway Games\Monopoly\Uninstall.exe"

MotioninJoy ds3 driver version 0.6.0001-->"C:\Program Files\MotioninJoy\unins000.exe"

Mozilla Firefox 10.0.2 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}

MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Mystery P.I. - Lost in Los Angeles-->"C:\Program Files (x86)\Gateway Games\Mystery P.I. - Lost in Los Angeles\Uninstall.exe"

Nero 9 Essentials-->C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="2M02-K09C-CW07-4933-7UKZ-4K5H-CZA8-0XA6-T4X7-P288-2P9U-AZ0M-1E68-AE4Z-1A7E-7T4H-0000"

Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}

Nero ControlCenter-->MsiExec.exe /X{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}

Nero DiscSpeed Help-->MsiExec.exe /X{CC019E3F-59D2-4486-8D4B-878105B62A71}

Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}

Nero DriveSpeed Help-->MsiExec.exe /X{E5C7D048-F9B4-4219-B323-8BDB01A2563D}

Nero DriveSpeed-->MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A}

Nero Express Help-->MsiExec.exe /X{83202942-84B3-4C50-8622-B8C0AA2D2885}

Nero InfoTool Help-->MsiExec.exe /X{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}

Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139}

Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}

Nero Online Upgrade-->MsiExec.exe /X{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}

Nero StartSmart Help-->MsiExec.exe /X{2348B586-C9AE-46CE-936C-A68E9426E214}

Nero StartSmart OEM-->MsiExec.exe /X{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}

Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}

NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Nexon Game Manager-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:0 -locale:US -load_from_local

Norton Internet Security-->C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\19.5.0.145\InstStub.exe /X /ARP

Pando Media Booster-->C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe

Penguins!-->"C:\Program Files (x86)\Gateway Games\Penguins!\Uninstall.exe"

Plants vs. Zombies-->"C:\Program Files (x86)\Gateway Games\Plants vs. Zombies\Uninstall.exe"

Polar Bowler-->"C:\Program Files (x86)\Gateway Games\Polar Bowler\Uninstall.exe"

Polar Golfer-->"C:\Program Files (x86)\Gateway Games\Polar Golfer\Uninstall.exe"

QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly

Realtek USB 2.0 Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -removeonly

Scrabble Plus-->"C:\Program Files (x86)\Gateway Games\Scrabble Plus\Uninstall.exe"

Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}

Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}

Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}

Security Update for 2007 Microsoft Office System (KB2553089)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {01D4CA59-7070-4420-9BCC-0EFA7C5D76BE}

Security Update for 2007 Microsoft Office System (KB2553090)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {643C12A2-AF9A-4712-B8BE-3B7650AFE00A}

Security Update for 2007 Microsoft Office System (KB2584063)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BF3F1CBD-B05C-4644-AE43-6EE0FCC227A4}

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}

Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"

System Requirements Lab-->C:\Program Files (x86)\SystemRequirementsLab\Uninstall.exe

The Price is Right-->"C:\Program Files (x86)\Gateway Games\The Price is Right\Uninstall.exe"

THX TruStudio PC-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F5298C34-48DC-400B-A2DB-E3E11CB7C373}\setup.exe" -l0x9 /remove

TouchSettings-->"C:\Program Files (x86)\InstallShield Installation Information\{75880CD4-9436-4EDD-B7E7-400EBFD60B2C}\setup.exe" -runfromtemp -l0x0009 -removeonly

Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202}

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF}

Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF}

Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}

Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}

Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}

Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}

Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}

Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}

Vindictus-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -game:33562635 -locale:US

Virtual Earth 3D (Beta)-->MsiExec.exe /I{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}

Virtual Families-->"C:\Program Files (x86)\Gateway Games\Virtual Families\Uninstall.exe"

Virtual Villagers - A New Home-->"C:\Program Files (x86)\Gateway Games\Virtual Villagers - A New Home\Uninstall.exe"

Visual Studio 2008 x64 Redistributables-->MsiExec.exe /I{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}

VLC media player 1.1.10-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe

Welcome Center-->C:\Program Files (x86)\Gateway\Welcome Center\Uninstall.exe

WinASO Registry Optimizer 4.7.5-->"C:\Program Files (x86)\WinASO\Registry Optimizer\unins000.exe"

Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}

Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}

Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}

Windows Live Language Selector-->MsiExec.exe /I{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}

Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}

Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}

Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}

Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}

Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}

Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}

Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}

Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}

Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}

Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}

Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}

Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}

Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}

Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}

Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}

WinRAR 4.00 (32-bit)-->C:\Program Files (x86)\WinRAR\uninstall.exe

Yahtzee-->"C:\Program Files (x86)\Gateway Games\Yahtzee\Uninstall.exe"

YouTube Downloader 3.4-->"C:\Program Files (x86)\YouTube Downloader\uninstall.exe"

YouTube Downloader Toolbar v5.0-->MsiExec.exe /X{B9B55E8C-7EF6-4937-85F2-282A9F645EAC}

Zuma Deluxe-->"C:\Program Files (x86)\Gateway Games\Zuma Deluxe\Uninstall.exe"

======Hosts File======

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

======System event log======

Computer Name: Carelessjon-PC

Event Code: 27

Message: Intel® 82578DC Gigabit Network Connection

Network link has been disconnected.

Record Number: 138055

Source Name: e1kexpress

Time Written: 20111029221023.788026-000

Event Type: Warning

User:

Computer Name: Carelessjon-PC

Event Code: 4001

Message: WLAN AutoConfig service has successfully stopped.

Record Number: 138010

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20111029220949.656075-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Carelessjon-PC

Event Code: 1014

Message: Name resolution for the name photos-b.ak.fbcdn.net timed out after none of the configured DNS servers responded.

Record Number: 137896

Source Name: Microsoft-Windows-DNS-Client

Time Written: 20111029201017.602557-000

Event Type: Warning

User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Carelessjon-PC

Event Code: 27

Message: Intel® 82578DC Gigabit Network Connection

Network link has been disconnected.

Record Number: 137842

Source Name: e1kexpress

Time Written: 20111029200907.209227-000

Event Type: Warning

User:

Computer Name: Carelessjon-PC

Event Code: 4001

Message: WLAN AutoConfig service has successfully stopped.

Record Number: 137805

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20111029200831.637083-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Carelessjon-PC

Event Code: 100

Message: 316: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Record Number: 44208

Source Name: Bonjour Service

Time Written: 20110924095521.000000-000

Event Type: Error

User:

Computer Name: Carelessjon-PC

Event Code: 1008

Message: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Record Number: 44195

Source Name: Microsoft-Windows-CEIP

Time Written: 20110924031707.000000-000

Event Type: Error

User:

Computer Name: Carelessjon-PC

Event Code: 100

Message: 484: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Record Number: 44106

Source Name: Bonjour Service

Time Written: 20110923215747.000000-000

Event Type: Error

User:

Computer Name: Carelessjon-PC

Event Code: 100

Message: 220: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Record Number: 44105

Source Name: Bonjour Service

Time Written: 20110923215747.000000-000

Event Type: Error

User:

Computer Name: Carelessjon-PC

Event Code: 100

Message: 492: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Record Number: 44104

Source Name: Bonjour Service

Time Written: 20110923215747.000000-000

Event Type: Error

User:

=====Security event log=====

Computer Name: Carelessjon-PC

Event Code: 5058

Message: Key file operation.

Subject:

Security ID: S-1-5-19

Account Name: LOCAL SERVICE

Account Domain: NT AUTHORITY

Logon ID: 0x3e5

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: Not Available.

Key Name: cf11e609-5e16-44d3-bc20-ea62eea1625b

Key Type: Machine key.

Key File Operation Information:

File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\120b34a1a646eeecb1b7704addf1adea_204a83c1-4f42-470c-906d-ae78a8dc1349

Operation: Read persisted key from file.

Return Code: 0x0

Record Number: 62870

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110923201023.585010-000

Event Type: Audit Success

User:

Computer Name: Carelessjon-PC

Event Code: 5061

Message: Cryptographic operation.

Subject:

Security ID: S-1-5-18

Account Name: CARELESSJON-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: RSA

Key Name: {732BAC3B-281A-40F0-89C4-2355CFA5C8AC}

Key Type: Machine key.

Cryptographic Operation:

Operation: Open Key.

Return Code: 0x0

Record Number: 62869

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110923201022.805009-000

Event Type: Audit Success

User:

Computer Name: Carelessjon-PC

Event Code: 5058

Message: Key file operation.

Subject:

Security ID: S-1-5-18

Account Name: CARELESSJON-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: Not Available.

Key Name: {732BAC3B-281A-40F0-89C4-2355CFA5C8AC}

Key Type: Machine key.

Key File Operation Information:

File Path: C:\ProgramData\Microsoft\Crypto\Keys\4d9200b2c026e3ff177b048c0da0568d_204a83c1-4f42-470c-906d-ae78a8dc1349

Operation: Read persisted key from file.

Return Code: 0x0

Record Number: 62868

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110923201022.805009-000

Event Type: Audit Success

User:

Computer Name: Carelessjon-PC

Event Code: 5061

Message: Cryptographic operation.

Subject:

Security ID: S-1-5-19

Account Name: LOCAL SERVICE

Account Domain: NT AUTHORITY

Logon ID: 0x3e5

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: RSA

Key Name: cf11e609-5e16-44d3-bc20-ea62eea1625b

Key Type: Machine key.

Cryptographic Operation:

Operation: Open Key.

Return Code: 0x0

Record Number: 62867

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110923085751.711625-000

Event Type: Audit Success

User:

Computer Name: Carelessjon-PC

Event Code: 5058

Message: Key file operation.

Subject:

Security ID: S-1-5-19

Account Name: LOCAL SERVICE

Account Domain: NT AUTHORITY

Logon ID: 0x3e5

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: Not Available.

Key Name: cf11e609-5e16-44d3-bc20-ea62eea1625b

Key Type: Machine key.

Key File Operation Information:

File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\120b34a1a646eeecb1b7704addf1adea_204a83c1-4f42-470c-906d-ae78a8dc1349

Operation: Read persisted key from file.

Return Code: 0x0

Record Number: 62866

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110923085751.711625-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=4

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 37 Stepping 2, GenuineIntel

"PROCESSOR_REVISION"=2502

"TouchAppsTargetDir"=C:\Program Files (x86)\Microsoft Touch Pack for Windows 7\

"asl.log"=Destination=file

"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Here is the checkup.txt

Results of screen317's Security Check version 0.99.31

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

MVPS Hosts File

Spybot - Search & Destroy

Java 6 Update 31

Adobe Flash Player 11.1.102.62

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox (10.0.2)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

windows defender MpCmdRun.exe

``````````End of Log````````````

Link to post
Share on other sites

Here is the bitdefender log:

QuickScan 32-bit v0.9.9.105

---------------------------

Scan date: Thu Feb 23 20:51:12 2012

Machine ID: 56FEDFD1

No infection found.

-------------------

Processes

---------

Acer Touch Portal Monitor 2976 C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe

Application Updater 1584 C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

cyberlink brs 3608 C:\Program Files (x86)\CyberLink\Shared files\brs.exe

CyberLink YouCam Tray 3600 C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe

Global Registration 1664 C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

Intel® Active Management Technology L 1740 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

Intel® Management & Security Applicat 3856 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

iTunes 3732 C:\Program Files (x86)\iTunes\iTunesHelper.exe

Java Platform SE Auto Updater 2 0 3772 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

Malwarebytes Anti-Malware 4932 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

Microsoft® Windows® Operating System 2612 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe

Microsoft® Windows® Operating System 2440 C:\Windows\svchost.exe

MobileDeviceService 1552 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

Symantec Security Technologies 1776 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe

Symantec Security Technologies 2232 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe

THXAudio 3616 C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe

ToolbarU Application 1960 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

Updater Service 1892 C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

Widgi Toolbar 3744 C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

Windows® Internet Explorer 4300 C:\Program Files (x86)\Internet Explorer\iexplore.exe

Windows® Internet Explorer 5800 C:\Program Files (x86)\Internet Explorer\iexplore.exe

(verified) GoogleToolbarNotifier 3172 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

Network activity

----------------

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.239.8

Process svchost.exe (2440) connected on port 80 (HTTP) --> 209.197.7.31

Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.19

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.239.8

Process svchost.exe (2440) connected on port 80 (HTTP) --> 66.150.149.23

Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.19

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.224.187

Process svchost.exe (2440) connected on port 80 (HTTP) --> 209.197.7.31

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.217.78.140

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.217.78.140

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.224.187

Process svchost.exe (2440) connected on port 80 (HTTP) --> 66.150.149.23

Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.208.5.19

Process svchost.exe (2440) connected on port 80 (HTTP) --> 93.184.215.73

Process svchost.exe (2440) connected on port 80 (HTTP) --> 208.71.123.59

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.224.218

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.224.218

Process svchost.exe (2440) connected on port 80 (HTTP) --> 107.20.138.220

Process svchost.exe (2440) connected on port 80 (HTTP) --> 184.87.49.107

Process svchost.exe (2440) connected on port 80 (HTTP) --> 69.171.229.15

Process svchost.exe (2440) connected on port 80 (HTTP) --> 204.236.130.144

Process svchost.exe (2440) connected on port 80 (HTTP) --> 184.72.60.74

Process svchost.exe (2440) connected on port 80 (HTTP) --> 50.16.230.70

Process svchost.exe (2440) connected on port 80 (HTTP) --> 216.137.45.245

Process svchost.exe (2440) connected on port 80 (HTTP) --> 216.137.45.245

Process svchost.exe (2440) connected on port 80 (HTTP) --> 216.137.45.245

Process svchost.exe (2440) connected on port 80 (HTTP) --> 216.137.45.245

Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.67

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.217.66.128

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.217.66.128

Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.208.5.19

Process svchost.exe (2440) connected on port 80 (HTTP) --> 184.28.37.55

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.224.219

Process svchost.exe (2440) connected on port 80 (HTTP) --> 50.16.212.13

Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.67

Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.12.249.161

Process svchost.exe (2440) connected on port 80 (HTTP) --> 216.137.45.184

Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.8

Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.82

Process svchost.exe (2440) connected on port 80 (HTTP) --> 184.28.37.55

Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.49

Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.43

Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.66

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.217.78.150

Process svchost.exe (2440) connected on port 80 (HTTP) --> 107.20.134.140

Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.43

Process svchost.exe (2440) connected on port 80 (HTTP) --> 208.40.245.50

Process svchost.exe (2440) connected on port 80 (HTTP) --> 192.150.16.64

Process svchost.exe (2440) connected on port 80 (HTTP) --> 23.49.57.42

Process svchost.exe (2440) connected on port 80 (HTTP) --> 24.143.202.10

Process svchost.exe (2440) connected on port 80 (HTTP) --> 24.143.202.10

Process svchost.exe (2440) connected on port 80 (HTTP) --> 184.50.2.77

Process svchost.exe (2440) connected on port 80 (HTTP) --> 204.11.109.22

Process svchost.exe (2440) connected on port 80 (HTTP) --> 8.19.18.172

Process svchost.exe (2440) connected on port 80 (HTTP) --> 50.18.120.113

Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.208.5.26

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.224.218

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.224.218

Process svchost.exe (2440) connected on port 80 (HTTP) --> 8.19.18.172

Process svchost.exe (2440) connected on port 80 (HTTP) --> 174.137.34.100

Process svchost.exe (2440) connected on port 80 (HTTP) --> 174.137.34.100

Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.208.5.27

Process svchost.exe (2440) connected on port 443 (HTTP over SSL) --> 74.125.224.197

Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.208.5.27

Process svchost.exe (2440) connected on port 80 (HTTP) --> 209.18.46.83

Process svchost.exe (2440) connected on port 80 (HTTP) --> 207.200.74.25

Process svchost.exe (2440) connected on port 80 (HTTP) --> 184.50.0.191

Process svchost.exe (2440) connected on port 80 (HTTP) --> 184.50.0.191

Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.208.5.19

Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.208.5.17

Process svchost.exe (2440) connected on port 443 (HTTP over SSL) --> 66.220.146.87

Process svchost.exe (2440) connected on port 80 (HTTP) --> 50.19.123.221

Process svchost.exe (2440) connected on port 80 (HTTP) --> 69.171.229.15

Process svchost.exe (2440) connected on port 80 (HTTP) --> 208.111.155.109

Process svchost.exe (2440) connected on port 80 (HTTP) --> 50.19.215.118

Process jusched.exe (3772) connected on port 443 (HTTP over SSL) --> 23.3.192.60

Process iexplore.exe (4300) connected on port 80 (HTTP) --> 85.195.93.243

Process iexplore.exe (4300) connected on port 80 (HTTP) --> 64.208.159.32

Process iexplore.exe (4300) connected on port 80 (HTTP) --> 74.125.239.8

Process iexplore.exe (4300) connected on port 80 (HTTP) --> 74.125.239.8

Process GregHSRW.exe (1664) listens on ports: 8093

Process LMS.exe (1740) listens on ports: 623, 16992

Autoruns and critical files

---------------------------

Acer Touch Portal Monitor C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe

Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe

Adobe CS5 Service Manager C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Adobe Updater Startup Utility C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe

Apple Push C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

Creative Updreg C:\Windows\UpdReg.EXE

cyberlink brs C:\Program Files (x86)\CyberLink\Shared files\brs.exe

CyberLink YouCam Tray C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe

iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe

Java Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

Malwarebytes Anti-Malware C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

Microsoft® Windows® Operating System C:\Windows\system32\userinit.exe

MUI StartMenu Application C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe

Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

SBSV 2010/02/19-11:02:07 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

THXAudio C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe

TouchPortal C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe

Widgi Toolbar C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

(verified) GoogleToolbarNotifier C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

Browser plugins

---------------

AcroIEHelperShim Library C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll

Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll

Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll

Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

Google Toolbar for Internet Explorer c:\program files (x86)\google\google toolbar\googletoolbar_32.dll

Google Update C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

Java Deployment Toolkit 6.0.310.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

Java Platform SE 6 U31 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

Java Platform SE 6 U31 C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

Java Platform SE 6 U31 c:\program files (x86)\java\jre6\bin\ssv.dll

mabinogi mabiwebframe C:\Windows\Downloaded Program Files\mabiwebframe.dll

Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll

Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll

Nexon Game Controller C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

Norton Confidential c:\program files (x86)\norton internet security\engine\19.5.0.145\coieplg.dll

npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

Pando Web Plugin C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

RadioWMPCoreGecko10.dll C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko10.dll

RadioWMPCoreGecko5.dll C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko5.dll

RadioWMPCoreGecko6.dll C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko6.dll

RadioWMPCoreGecko7.dll C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko7.dll

RadioWMPCoreGecko8.dll C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko8.dll

RadioWMPCoreGecko9.dll C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko9.dll

sdhelper.dll c:\program files (x86)\spybot - search & destroy\sdhelper.dll

Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

Symantec Intrusion Detection c:\program files (x86)\norton internet security\engine\19.5.0.145\ips\ipsbho.dll

System Requirements Lab C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll

Widgi Toolbar c:\program files (x86)\youtube downloader toolbar\ie\5.0\youtubedownloadertoolbarie.dll

Windows Live Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

(verified) RadioWMPCoreGecko19.dll C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll

Scan

----

MD5: 2ceff13ace25a40bd8d97654944297cd \\.\globalroot\systemroot\svchost.exe

MD5: 1fa3b42da40d0f387a7899a9731a2e94 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

MD5: 505f022493d471025add399a4162208b C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe

MD5: d84dd079b86dac2e3d0f92ca383b4086 C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files (x86)\Bonjour\mdnsNSP.dll

MD5: 2cbca94abccb2b79e4693ba0e4fc85be C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

MD5: 1f9b3487739b31c3d770728cb157a54d C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: f577910a133a592234ebaad3f3afa258 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

MD5: 60c079cb2150760263d1fe5ff6218961 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll

MD5: 1f3ff6c062b311fe410ec89f6bfac213 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

MD5: 37cf2461cb5e40c4cfab82c8fc79a2bc C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll

MD5: fc33cbbb9cadcec307da010fe763d04c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll

MD5: 054b87c872292a960b9b8a834b34dfa7 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll

MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll

MD5: 250bf888ddbe88d61eb19a9d4957c794 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll

MD5: fd86c605fd7ad4a41c01ec7a4a1e1c5d C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll

MD5: a3609397ef273b03295dbb10274be12c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll

MD5: 18301b40411b2108076ab685b4e4b6dc C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MD5: 794950db77aa590c2964eca0a5874a09 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll

MD5: df1c1cd0c7ee95cc00d71e9e415e7bcd C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll

MD5: c28fd3b37b6f18751c99e6022a2a9782 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll

MD5: 2503287bd19ae52e36e9de42834a2ac0 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.DLL

MD5: a56ccbbfccedce2fd9c69fed24e035e3 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MD5: 3debbecf665dcdde3a95d9b902010817 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

MD5: 1224bc6de919f8cd8c1c945280e63852 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll

MD5: 06a4250c9e3606cae3f68da45702f342 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll

MD5: 905b5bf5be0a86e8412801bf20357195 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll

MD5: 41404aa06914e6f94d14b671ae1e5c37 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

MD5: 98a078f838a70f84e1bd490d7c7675f4 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

MD5: 2dc64a3446c8c6e020e781456b46573d C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe

MD5: ed0a4dd3439d1231b47416604a7d84dc C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tpcps.dll

MD5: 6bf01e200063d7274f3af06d226671f5 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

MD5: da579734b4375740efee86ffdfed57a7 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL

MD5: 9d4a1690af93f233e15380398bec7431 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

MD5: 91b3cd7595274b90c253b74057920811 C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

MD5: 7dd73b8a2db467b0121d1331eb39812b C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth.dll

MD5: 5ccf1be80930aeb1cdebf561666325e8 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

MD5: 7a898e4a744621711be7e7b796c69876 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

MD5: 606893821219520ca2cd44a8cb2235ad C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\CTAudEp.dll

MD5: 544013c383833189a61c2f72b8814319 C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\CTLoadRs.dll

MD5: 07162b620bf03e1e6804160efcd677b5 C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\CTSetAPO.dll

MD5: 39d5953dc7be13705878e35ed093f88e C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\CTSUSDKu.dll

MD5: 1798de71b8051046cb987db000df51d9 C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\en-US\THXAudio.resources.dll

MD5: 8fc069758a9d4bd2a049226c017c083d C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe

MD5: 55371fbc7e2237e9403882c7cbde8460 C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXLgcy.dll

MD5: 32d7226f843abb61be3390339aab5556 C:\Program Files (x86)\CyberLink\Shared files\brs.exe

MD5: 212be9ad764e1eacc26994c3e08b25fb C:\Program Files (x86)\CyberLink\YouCam\Custom\Lang\ENU\IM.dll

MD5: dff1e77e82a343f71956a0d6840abffb C:\Program Files (x86)\CyberLink\YouCam\MFC71U.DLL

MD5: fa02920fb5c311b07e30cecf7cbf3a7c C:\Program Files (x86)\CyberLink\YouCam\MSVCP71.dll

MD5: 696a483efc2d7bae2734188c1a3ee07d C:\Program Files (x86)\CyberLink\YouCam\MSVCR71.dll

MD5: 7448354e89900479c227dd3118ebd6fd C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUITransfer.dll

MD5: fc6aeb9413b8f1fec4e22bf81f6d919c C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe

MD5: 6858c318e8daa40e747e6fb9b214e104 C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe

MD5: 56cd679490894445bc2f42214b377016 C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe

MD5: 61980095ae5d02b1e9d2ed604a90c1bf c:\program files (x86)\google\google toolbar\googletoolbar_32.dll

MD5: e460233208906ecc0e8f057b25562f13 C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\gtn.dll

MD5: ab3668c159e1cfea184f72650bd66807 C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

MD5: 27626506e07795bb6357f7f2ef78a90b C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

MD5: 1d82a01a368255fe78c65cf66b5b8281 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

MD5: 1cbad5eee017fafea2bf75e82330783d C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\DTMessageLib.dll

MD5: d480c9220bfe667de65a46cde80ea7e9 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\StatusStrings.dll

MD5: c6142b8cb72558d91cea8e38f1b7d905 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

MD5: 122f89e0905fc656d56f65cd7a2e9b4d C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\xerces-c_2_7.dll

MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll

MD5: cf5d4889c15cc8a40be54f55f27093b1 C:\Program Files (x86)\Internet Explorer\IEShims.dll

MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe

MD5: 1fa3b42da40d0f387a7899a9731a2e94 C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

MD5: e4ce6c4ae730e0ec87fc5da4cd1946ad C:\Program Files (x86)\iTunes\iTunesHelper.dll

MD5: 0dcac41eb58a45049bd7ff665c32d5f4 C:\Program Files (x86)\iTunes\iTunesHelper.exe

MD5: e7be61eb1bde3921ff0cdd24f1535332 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL

MD5: 93a67ad03fd9c2286a4a5ad9a67f381a C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.DLL

MD5: 64151c0799431e0304ae1bd6202131a7 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

MD5: a9770771b622a871643ea2a4a3983e95 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

MD5: 34e3709244736b8976820f730e5a8815 C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

MD5: 8e6c86726b67d3faa3144849b9aac06c c:\program files (x86)\java\jre6\bin\ssv.dll

MD5: 82f9764ebe2ef590cd2b3beb234e5671 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll

MD5: d3b6d02f0d95a62dfbae7d7ea404db59 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll

MD5: 60d0647a2dc2d397b84d0afb0808f85d C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

MD5: a2c2ec01306a666c4372bb7a06659b5d C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll

MD5: 056b19651bd7b7ce5f89a3ac46dbdc08 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

MD5: ed327201724ea05d509b7939abe49e98 c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

MD5: a878453a1714870eaada83e6434bdb77 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

MD5: 1fa3b42da40d0f387a7899a9731a2e94 C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

MD5: c6b68e5cc56e7cf732c75c2498a6da55 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\APPMGR32.DLL

MD5: 9261959f6c6dc6435234e97954e4902d C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\asEngine.dll

MD5: 6e5d56ae8ba13fe2be8cc649f2e66684 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\ASHELPER.DLL

MD5: 818690f79aefc5a0365bf4ff5e4976c2 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\ASOEHOOK.DLL

MD5: 9202e913a12c6c985c1003eee6ecdc16 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\AVIfc.dll

MD5: c32ad313e558cb38784ddc15445de56e C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\AVMail.dll

MD5: ee0dec36a77b6117ee45f0b3a91ae1f6 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\avModule.dll

MD5: 1f2b32dd1f96e6386ce7bcfb63327753 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\AVPAPP32.dll

MD5: 54de6a7f48a05926ba8ba37bee42bd92 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\AVPSVC32.DLL

MD5: d0c0c17e2a31c33fa495d3ab8a0d5bb2 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\BHClient.dll

MD5: 1f761da08b1855ddbdd97204d69b48dd C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\BHSVCPLG.DLL

MD5: ceaf83f1be7fb3d9794a3f93d6d1b2f5 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\CCEMLPXY.DLL

MD5: e215110df049874e42208f88ac35f470 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\CCGEVT.DLL

MD5: 0e5ab9d11235172f6e5ce988597977d1 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccGLog.dll

MD5: fa89858c35dcc34a23dc643498ed99cf C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccIPC.dll

MD5: 0616266256e18eb8813ff30d5bf6fcf8 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\CCJOBMGR.DLL

MD5: f695b4bdbeea2a64dbd87a8355cd1ea1 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccL110U.dll

MD5: 09a527ee12c7a05abd1c18cbe3744a64 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSet.dll

MD5: 5b88c32019ad04f7aba397b4fe99b77d C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\CCSUBENG.DLL

MD5: 7af5798d958f7c460db0a06c7cc4373d C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvc.dll

MD5: 9d0f43b1d0434b44183d4795e89f6c14 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe

MD5: b3ab6de181dd772dcda738919ce7a244 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccVrTrst.dll

MD5: a48fc9ba3b84b79ebab1297ffe308373 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\CLTALDIS.DLL

MD5: 3c473ca451f879060293054dab80a76b C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\CLTLMS.DLL

MD5: aa2613a21a8ff0fb7f856bd7774c8585 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\cltPE.dll

MD5: 20b3c342343101167c9955123ca7823f C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\COACTMGR.DLL

MD5: c65293b51b0202b04621db8e54454d5c C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coDataPr.dll

MD5: 1a2c475bde442def24df0e877bf44c6a c:\program files (x86)\norton internet security\engine\19.5.0.145\coieplg.dll

MD5: 5b61ed457c04d2a81858eb438479fb22 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\COMM.DLL

MD5: 3d4c6ecf301e2097759ae1a21e8f849e C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coShdObj.dll

MD5: 58c38acc219e17389b137d7a5bf36c76 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\COSVCPLG.DLL

MD5: 35c511425f8b14fef155331d0a8f713b C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\DATASTOR.DLL

MD5: 6f8e100d7978ba9d53db01d7b7711b69 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\DIMASTER.DLL

MD5: f553d3f88d32022c6fb35479b1be552d C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\diStRptr.dll

MD5: 5e0c5b5be5304e133968d6d6f8840b28 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\DSCli.dll

MD5: 521d39167094d40fb7065b76a32cef5c C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\EFACli.dll

MD5: 1de3315940d277aeebe5e9607bfbd7d7 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\FWCORE.DLL

MD5: 28024a6f2d8a11f73632fcf8471440b4 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\FWGenPlg.dll

MD5: 8eae60994e660575d998ec4a6f89a8f6 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\FWSESAL.DLL

MD5: 36c381e92a4a90d978fa6f42a7a5da9f C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\HNCORE.DLL

MD5: 3cc5e2b69c67b56cd828411737163328 c:\program files (x86)\norton internet security\engine\19.5.0.145\ips\ipsbho.dll

MD5: 9eaa83d9ca0235e55e4780623d2066d3 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\IPSPLUG.DLL

MD5: 23fac53ce10497c70604019bf7aef347 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\IRON.DLL

MD5: fa943824256da6a2e00e7d3e211205b4 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\ISDATAPR.DLL

MD5: a2e1ec6fbc2afc950e50a0fc0717269f C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\ISDATASV.DLL

MD5: be8a377f362debcb92fc0e9c3187c0a7 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\NAHELPER.DLL

MD5: 604ede0da0d45de5a1bf20275c70be5c C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\NCW.DLL

MD5: 2bc45786c202e751a708daa9b8577a60 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\NPCStats.dll

MD5: 480349b65cca6438692b0d37f1af54b5 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\NPCTRAY.DLL

MD5: db5cadff710623ac0142a39f203ad394 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ProxyClt.dll

MD5: dab49e139099335b3ae936ff3d0c168f C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\QBackup.dll

MD5: c3de5413b9ad428eea62dc9e77e481e7 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\QSPLUGIN.DLL

MD5: 7f72ec268ce9e066e29e50f11d20cb92 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\SDKCMN.DLL

MD5: 7eabaa542a7da553552128f595dda08e C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\SNDSVC.DLL

MD5: eca13822896935dc641a35ead4b88ecc C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\SPOCCLNT.DLL

MD5: 91770e8f7fa61b155292db5123430aff C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\SQLite.dll

MD5: b2883ddd812199ea718ad4e315e98e62 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\SQSVC.DLL

MD5: 5caec47a463bb3f88ddaca6813c2ae7d C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\srtsp32.dll

MD5: 6487a19e0ea3228515394a4b1a780b17 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\SYMHTML.DLL

MD5: ff6b44e0bd9c3941a9d7764839100ac6 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\SymNeti.dll

MD5: 7601a29152ed8edf2478debf5cdd89b6 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\SYMRDRSV.DLL

MD5: 2cfe545abafce9ab0c375dc05ce831c7 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\SymRedir.dll

MD5: b78913e8e6a3debf7aab188975594e84 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\UIALERT.DLL

MD5: dc0d4ea3e23965a47e730e6b57f68d5a C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\USERCTXT.DLL

MD5: 6f2775cc551cc3eee10c84ddeee531bc C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\USERLOG.DLL

MD5: b2eddcd119f894769f70417e515890f7 C:\Program Files (x86)\Norton Internet Security\MUI\19.5.0.145\09\01\cltRes.loc

MD5: fed935f9471c4f28cdfbca604d08bd65 C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

MD5: af43c4f7f3c8bc95dad95024f96cdc4a C:\Program Files (x86)\QuickTime\QTTask.exe

MD5: 9f385d03b1708f6e9c9fa432433cfbab C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe

MD5: ac421a44de902f2627f1e63793ed89cd C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

MD5: 73e7920f41e9d91cc131831026cbb731 c:\program files (x86)\youtube downloader toolbar\ie\5.0\youtubedownloadertoolbarie.dll

MD5: f9d908de6b166dac9b89bf62fa291ce8 C:\Program Files\Bonjour\mdnsNSP.dll

MD5: ebbcd5dfbb1de70e8f4af8fa59e401fd C:\Program Files\Bonjour\mDNSResponder.exe

MD5: 28ad5e311996a34025cfb07e131058dd C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

MD5: 7e47c328fc4768cb8beafbcfafa70362 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

MD5: f9ec9acd504d823d9b9ca98a4f8d3ca2 C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

MD5: ee4c2a137c7088911a8919effc9812e7 C:\Program Files\iPod\bin\iPodService.exe

MD5: 0b267e5ac46693584e2e0acfd8d9ce83 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

MD5: a9f3bfc9345f49614d5859ec95b9e994 C:\Program Files\Windows Media Player\wmpnetwk.exe

MD5: 6d657abadf217dbb17cf0a0af44a7e29 C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

MD5: 41da5845e1f8af445bd626cf085c4541 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys

MD5: 5b4c50526c1ddbe0f966a524548935fb C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHEngine.dll

MD5: 0b97f1a640ad3d159a7b5d2164c42e50 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVia64.sys

MD5: 58815deb605847d3e07c4f832e1d412b C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSxpx86.dll

MD5: 2dbe90210de76be6e1653bb20ec70ec2 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\ENG64.SYS

MD5: 346da70e203b8e2c850277713de8f71b C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\EX64.SYS

MD5: 8d7de77590f586fa630a2322e35b45ed C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko10.dll

MD5: c2ad81a8cb014376dcc05257bc31ca23 C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko5.dll

MD5: 402f5c01b3629e70015d4eac29bd4b80 C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko6.dll

MD5: d55024f2e996643e54d736c83b4a4e8e C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko7.dll

MD5: 6b9ecf45d72b1b47bea6fbfd62925634 C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko8.dll

MD5: 816c504ac507224f0ec4f72f2024b028 C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko9.dll

MD5: 4c790c3c2edf1aebf95b6baa248cf230 C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll

MD5: 638f45c6397c911828d2a478729b23aa C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MD5: 68b5370cc7b84ba569089715225e22e6 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll

MD5: 18164b0144b43860965f161c79cff4c4 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll

MD5: dfd0283dd8506e8506d4621717fbecf9 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll

MD5: 95e8d9c0e865ead5a440c91d933b7d60 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MD5: 56cebc1d7b1d98959b87149ea3d22071 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll

MD5: a2c3f8e5ac37dbee96c563606f710fe3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MD5: 5764f20720f350d46fd6cef6cb3a4941 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll

MD5: dcc1ac29aa8d2ce725cc86a626cec360 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MD5: 3d725c257ea3952158fffbb5874896da C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MD5: d3ba339de4c1c7082e815ad49a41cd38 C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll

MD5: dbab8613e82049d86bf9f66fecb843fa C:\Windows\Downloaded Program Files\mabiwebframe.dll

MD5: bb7fcdcd4de287340b5c1bb1949ad3c6 C:\Windows\Downloaded Program Files\qsax.dll

MD5: c4002b6b41975f057d98c439030cea07 C:\Windows\ehome\ehRecvr.exe

MD5: 332feab1435662fc6c672e25beb37be3 C:\Windows\Explorer.exe

MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

MD5: 59d16fd61802739988728790bf1232b3 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

MD5: 96076b8fcdff3c6db4ccfbf7fe3a9b28 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

MD5: 54aafdf0193f9e7cfa2a579b6f983f3e C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll

MD5: 189ef45eb56724a888159c084588155d C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll

MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll

MD5: 773212b2aaa24c1e31f10246b15b276c C:\Windows\servicing\TrustedInstaller.exe

MD5: 2ceff13ace25a40bd8d97654944297cd C:\Windows\svchost.exe

MD5: 37ce7a79d901235504f9add99a7ac177 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

MD5: cb4863f2bd46aa02d954b86b56a149da C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

MD5: 2cae4ed96aa903578452b85e5383940c C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

MD5: e96170a923a69711b4d08e885f05d889 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

MD5: 15df9eb8daba744e4d0e9b117f760f49 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

MD5: a2385b02cb492131af6f79959a42a93f C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

MD5: 88dc1714e38d4eb41a4378aab98e753b C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

MD5: b302a1630e5aea2d830b76bbcd761d72 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

MD5: 22f767bb3b704f79363999bd4a49e68e C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

MD5: 00b83152f99e846fefb139c574cd4a96 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

MD5: 50035c36acee069d0c209288208626d9 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

MD5: cdf677ad479fa99f2e4d9766b83ef53c C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

MD5: 12c34c7325b74e8347e8db75279a8f3f C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

MD5: 96324ed3218133a13fff82055afac733 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

MD5: a7bdf88a46bcc218b73e383e6547ba5f C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

MD5: 573c70d7076f2f101752a727db7c2280 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

MD5: 0cc90316b34118e3b8af760d92c262a4 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

MD5: 6f399c3e562c4e69df96039743a7aa26 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

MD5: f3b94e04053c2483a6fecf953d6661d6 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

MD5: c6942a18444bfffc3cceca69a7e1879c C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\system32\apphelp.dll

MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\system32\AUDIOSES.DLL

MD5: 7a6986dd659b96398a11af5173892715 C:\Windows\system32\Cabinet.dll

MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\system32\cmd.exe

MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\Windows\system32\credssp.dll

MD5: a585bebf7d054bd9618eda0922d5484a C:\Windows\system32\cryptsvc.dll

MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\Windows\system32\cscapi.dll

MD5: 35cede6439ff0d8903223a0817ffe46c C:\Windows\system32\d2d1.dll

MD5: 2de90400a63818fa38c4c5c9adb166bf C:\Windows\system32\d3d10_1.dll

MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\Windows\system32\d3d10_1core.dll

MD5: 78b7a3bda25c90daa50d36a56a8d1351 C:\Windows\system32\D3D10Warp.dll

MD5: 6ef5f3f18413c367195f06e503ab86a6 C:\Windows\system32\d3d9.dll

MD5: 91b4aad4412bb223b466f3dfb43e86da C:\Windows\system32\D3Dx10_40.dll

MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:\Windows\system32\DBGHELP.DLL

MD5: 162d247e995eaebf3ef4289069e1111c C:\Windows\system32\DEVRTL.dll

MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:\Windows\system32\dhcpcore.dll

MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\system32\dnsapi.DLL

MD5: 062373995eae5f0eac9eaa9192136bfb C:\Windows\system32\dnssd.dll

MD5: 0a5c7253183a6f956d10a3a4bbc96288 C:\Windows\system32\DWrite.dll

MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\Windows\system32\dxgi.dll

MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\Windows\system32\explorer.exe

MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\system32\explorerframe.dll

MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\Windows\System32\fwpuclnt.dll

MD5: 490fc0d07f7c0468e232ab8e8e956719 C:\Windows\system32\IEFRAME.dll

MD5: 07970aa4c392efb133d1a1bfbd66a58f C:\Windows\system32\IEUI.dll

MD5: ab142f0ddc6e236472da8ba5b23a9e66 C:\Windows\system32\igd10umd32.dll

MD5: 8020c0923cb26676e998d0bd246cfaef C:\Windows\system32\igdumd32.dll

MD5: c679f9e548ecb2e75a2879a3aacb6104 C:\Windows\system32\igdumdx32.dll

MD5: 68563ac389f92ee79f1c714288ba1dce C:\Windows\system32\ImgUtil.dll

MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\system32\IMM32.DLL

MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\system32\iphlpapi.dll

MD5: 243974ec02f7ae49e4179c54624143ab C:\Windows\System32\MMDevApi.dll

MD5: 7f8678c59f188528d60104e697c2361e C:\Windows\system32\mscms.dll

MD5: d83947a58613e9091b4c9cc0f1546a8d C:\Windows\SYSTEM32\MSCOREE.DLL

MD5: 45fb05f743e626d9e239e52602cea041 C:\Windows\system32\msctfui.dll

MD5: 497c9c3db953a60ec4f43a097e15f75e C:\Windows\system32\MSHTML.dll

MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\system32\msiexec.exe

MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll

MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\Windows\system32\mswsock.dll

MD5: 4205ca4cd43e725db9ff02b0a588a8c6 C:\Windows\System32\msxml3.dll

MD5: 269d867585cda04d3972a39f3694e7df C:\Windows\System32\msxml6.dll

MD5: 8b57a1ad493653bb57f281fe75dd175b C:\Windows\System32\NaturalLanguage6.dll

MD5: 8ce1a6d16b9077e91e192499eb611c5f C:\Windows\system32\NETAPI32.dll

MD5: 20b3934db73eaba2b49b7177873cb81f C:\Windows\system32\netutils.dll

MD5: 104a1070e90f1c530328e69b49718841 C:\Windows\system32\NLAapi.dll

MD5: 03f3b770dfbed6131653ceda8ca780f0 C:\Windows\system32\ntshrui.dll

MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\system32\OLEACC.dll

MD5: 487f44b08efeaf5ad087878357b9403d C:\Windows\system32\PDH.DLL

MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\system32\pla.dll

MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\Windows\system32\PROPSYS.dll

MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\Windows\system32\provsvc.dll

MD5: 102cf6879887bbe846a00c459e6d4abc C:\Windows\system32\RICHED20.dll

MD5: b5506b451bfe7148eca7056bda2970bd C:\Windows\system32\RICHED32.DLL

MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\system32\RpcRtRemote.dll

MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\Windows\system32\rtutils.dll

MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\system32\SAMCLI.DLL

MD5: 236f286e103fd44bd85fdd93097fd5dd C:\Windows\system32\SearchIndexer.exe

MD5: 69678722290c78d5d7198c60b5a4e3e8 C:\Windows\system32\Secur32.dll

MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\system32\sessenv.dll

MD5: 414da952a35bf5d50192e28263b40577 C:\Windows\System32\shsvcs.dll

MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\Windows\system32\srvcli.dll

MD5: 6a1e8deb746912df47cf651e138401d7 C:\Windows\System32\StructuredQuery.dll

MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\system32\SXS.DLL

MD5: 613bf4820361543956909043a265c6ac C:\Windows\System32\tapisrv.dll

MD5: 465dbf63a5049e4db4bc5c12ffe781cb C:\Windows\system32\tquery.dll

MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\system32\USERENV.dll

MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 C:\Windows\system32\userinit.exe

MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\system32\wbem\fastprox.dll

MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll

MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll

MD5: d205c24a9d069049fe2df2a1b38726a7 C:\Windows\system32\wdmaud.drv

MD5: a9d880f97530d5b8fee278923349929d C:\Windows\System32\webclnt.dll

MD5: fb19fc5951a88f3c523e35c2c98d23c0 C:\Windows\system32\webio.dll

MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\Windows\system32\windowscodecs.dll

MD5: ca9f7888b524d8100b977c81f44c3234 C:\Windows\system32\WINHTTP.dll

MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\system32\WINMM.dll

MD5: 9419abf3163b6f0e3ad3dd2b381c879f C:\Windows\system32\WinSCard.dll

MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\system32\WINSPOOL.DRV

MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\system32\WINSTA.dll

MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\system32\wkscli.dll

MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\system32\ws2_32.dll

MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\system32\WsmSvc.dll

MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\system32\WTSAPI32.dll

MD5: edf2a5e96bec469da3f64e9bdd386111 C:\Windows\system32\XmlLite.dll

MD5: d2958325c1ae1ae37a83334c6229e3bc C:\Windows\SysWOW64\actxprxy.dll

MD5: 95e2376b3323f062eb562b8586d0f14a C:\Windows\syswow64\ADVAPI32.dll

MD5: 0c0350b58b6a9d3e20e8564999adfe12 C:\Windows\SysWOW64\APOMngr.DLL

MD5: f436e847fa799ecd75ad8c313673f450 C:\Windows\syswow64\CFGMGR32.dll

MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\syswow64\COMDLG32.dll

MD5: 454e292861a4ef1d72f43f42bbaf6917 C:\Windows\syswow64\CRYPT32.dll

MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C:\Windows\syswow64\DEVOBJ.dll

MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll

MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll

MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C:\Windows\syswow64\GDI32.dll

MD5: 490fc0d07f7c0468e232ab8e8e956719 C:\Windows\SysWOW64\ieframe.dll

MD5: cdf5b6aec538e02d5579e2e791042a1a C:\Windows\syswow64\iertutil.dll

MD5: b2fd31e20b423335fe3273b4bf95813c C:\Windows\syswow64\imagehlp.dll

MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\SysWOW64\IPHLPAPI.DLL

MD5: 2f0971c08f73ee881bb54cc7c11dff7b C:\Windows\SysWOW64\jscript9.dll

MD5: 99c3f8e9cc59d95666eb8d8a8b4c2beb C:\Windows\syswow64\kernel32.dll

MD5: 5c2d21c9b6b6175b89bc5d7e3cb979e1 C:\Windows\syswow64\KERNELBASE.dll

MD5: bd007d624e4cd905ab2e8df2c6de891c C:\Windows\SysWOW64\Macromed\Flash\Flash11c.ocx

MD5: 5789773089bc334c56cc31833f20daf6 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\syswow64\MSASN1.dll

MD5: 9dc80a8aaaaac397bdab3c67165a824e C:\Windows\syswow64\msvcrt.dll

MD5: e73b0f1819602cb6ef176fb78d76a47b C:\Windows\SysWOW64\ntdll.dll

MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\syswow64\ole32.dll

MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\SysWOW64\OLEACC.dll

MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\Windows\syswow64\OLEAUT32.dll

MD5: c5ad8083cf94201f1f8084ecc696a8b7 C:\Windows\syswow64\RPCRT4.dll

MD5: 1affb765af1fdcc0c185c38e9ddddaee C:\Windows\SysWOW64\schannel.dll

MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\syswow64\SETUPAPI.dll

MD5: 358fc25391c6733eaf49db480afdfd8c C:\Windows\syswow64\SHELL32.dll

MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\syswow64\SHLWAPI.dll

MD5: 44b2693080979a0e05085b3faaa43a09 C:\Windows\syswow64\SspiCli.dll

MD5: 544eff88ac6c85df5a4d6f18dfe08cfc C:\Windows\SysWOW64\taskschd.dll

MD5: 79f14b5df9e17e12193337ed4ee1c491 C:\Windows\syswow64\urlmon.dll

MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C:\Windows\syswow64\USER32.dll

MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:\Windows\syswow64\USP10.dll

MD5: 5e7a2cf7719161c5e6c0e47d67ad45ae C:\Windows\SysWOW64\vbscript.dll

MD5: 1d94fa7c81d2ffe494af094619ba706f C:\Windows\syswow64\WININET.dll

MD5: 2d0d2da87bea7144f2a17f19d0d17e4c C:\Windows\syswow64\WINTRUST.dll

MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\syswow64\WLDAP32.dll

MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\syswow64\WS2_32.dll

MD5: c419df63e0121d72411285780c2fc6cc C:\Windows\UpdReg.EXE

MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll

MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll

MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL

MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL

MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll

MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll

MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\Comctl32.dll

MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

MD5: 0029eba325f2fc9b6ba46bee33f32a09 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

No file uploaded.

Scan finished - communication took 4 sec

Total traffic - 0.02 MB sent, 1.11 KB recvd

Scanned 493 files and modules - 37 seconds

==============================================================================

Also, I noticed the bitdefender scan(the log right above this) created a log with "Quickscan 32-bit" at the top. Is that a problem? I mean my system is a 64-bit OS.

Thank you for replying!

Link to post
Share on other sites

The BitDefender used 32-bit scan & that is ok.

If the Norton Internet Security Trial expired and you did not purchase a license, you'll need to plan for some alternate. For now, keep it and tell me if by chance you installed something else.

I'll help you sort it out later.

For now, I need for you to absolutely de-install Bit torrent & any other 'torrent utility. The logs show the pc has loads of open ports.

Torrents are infamous for being facilitators in spreading malware.

Confirm that you have removed all torrents / file-sharing programs !

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for jonkiote only. If you are a casual viewer, do NOT try this on your system!

If you are not jonkiote and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

Next, step 2

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :files
    C:\Windows\svchost.exe
    :Commands
    [purity]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/u...ine-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Step 4

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Re-enable the antivirus program.

Reply with copy of contents of OTLMoved Files log,

ESET scan log,

MBAM scan log

There will be more to do later.

Link to post
Share on other sites

Thank you for continuing to help me!

Strange. I uninstalled/deleted bittorrent months ago.. Anyway, I deleted all files(about 4) that popped up when I searched my computer for "torrent," and double-checked to see if bittorrent was still in my system somewhere.(It wasn't.)

As for the Norton problem, I have not downloaded any replacements for it. Unless Malwarebytes or SpybotS&D count?

And now the logs:

OTLMoved Files log:

========== PROCESSES ==========

All processes killed

========== FILES ==========

C:\Windows\svchost.exe moved successfully.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Carelessjon

->Flash cache emptied: 25025 bytes

User: Default

->Flash cache emptied: 56466 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Guest

->Flash cache emptied: 8197508 bytes

User: Public

Total Flash Files Cleaned = 8.00 mb

OTL by OldTimer - Version 3.2.33.2 log created on 02242012_183051

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

ESET scan log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=1001863ced58ea4fbc46e7708c1d6056

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-25 06:30:21

# local_time=2012-02-24 08:30:21 (-1000, Hawaiian Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 100 94 0 81690316 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=324498

# found=25

# cleaned=25

# scan_time=4576

C:\$Recycle.Bin\S-1-5-21-368538222-2643626402-1821840259-1000\$RPEU5A5.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C

C:\$Recycle.Bin\S-1-5-21-368538222-2643626402-1821840259-1000\$RX7TA7M.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\YouTube Downloader\ytd_installer.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Carelessjon\Downloads\YouTubeDownloaderSetup272.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Carelessjon\Downloads\YouTubeDownloaderSetup32.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Windows\Temp\Temporary Internet Files\Content.IE5\BUJXF5AO\a012aef2fa691f6a511f19f61cdaff7f[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

MBAM log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.25.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Carelessjon :: CARELESSJON-PC [administrator]

Protection: Disabled

2/24/2012 8:35:54 PM

mbam-log-2012-02-24 (20-35-54).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 496732

Time elapsed: 54 minute(s), 40 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 5380 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Yup, still getting the svchost baloons.

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for Safe offline reference!

These steps are for Jonkiote only. If you are a casual viewer, do NOT try this on your system!

If you are not Jonkiote and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

Given you are running Windows 7, please remember that on most all tools you'll need to start them by Right-clicking, selecting Run as Administrator, AND allowing them to run at UAC prompt!

Let's have you run some additional diagnostic tools. Do as much as you can:

Step 1

Download aswMBR.exe ( 511KB ) to your desktop.

RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 2

Please read carefully and follow these steps.

  • Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have (if you have).
  • Download TDSSKiller and save it to your Desktop.
  • RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan

When the scan is done, it will display a summary screen.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3

Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here and click the "Download EXE" button & Save the file to ARK folder

RIGHT-click the exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)

Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

Step 4

Close all non-essential programs & windows that you have open.

Go here and download & SAVE Silent Runners.vbs (use IE to download it) to a new folder on your drive and run it. It generates a log too {name will start with "Startup Programs". It takes a minute or two and it will notify you with a popup when your log is ready (it will be in the new folder you created). Please post the information back in this thread. If your AV queries the script, allow it to run. It's not malicious. It simply generates a report on your system, and does not do any cleanup.

Step 5

Reply with copy of contents of aswmbr log,

the TDSSKILLER log,

the GMER log,

the Silent Runners log,

also provide an update on current status (eg, are things better, or are you still in Safe Mode with Networking)

Link to post
Share on other sites

Thanks for replying!

Here are a few things I noted during this process:

1.The GMER scan ended saying something like "unable to find any..." and when I clicked "copy" and pasted it on a notepad, it pasted nothing. I tried clicking "save" instead and that produced a blank log.

2.After the ASWMBR scan, the "fix" button was enabled, but I did not click it.

3.After the TDSSKILLER scan was complete, there were two infections found one was set to cure and the other was set to skip. Seeing nothing of this in your instructions, I simply clicked continue.

4.Google no longer redirects me! svchost balloons no longer appear, however while I was running the GMER scan, I got a svchost quarantine pop-up from MBAM...

aswmbr log:

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software

Run date: 2012-02-25 04:54:22

-----------------------------

04:54:22.091 OS Version: Windows x64 6.1.7601 Service Pack 1

04:54:22.091 Number of processors: 4 586 0x2502

04:54:22.091 ComputerName: CARELESSJON-PC UserName: Carelessjon

04:54:23.307 Initialize success

04:56:40.708 AVAST engine defs: 12022500

04:56:53.688 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

04:56:53.688 Disk 0 Vendor: WDC_WD6400AAKS-22A7B2 01.03B01 Size: 610480MB BusType: 11

04:56:53.688 Device \Driver\atapi -> MajorFunction fffffa80052b15c4

04:56:53.688 Disk 0 MBR read successfully

04:56:53.688 Disk 0 MBR scan

04:56:53.703 Disk 0 MBR:Pihar-C [Rtk]

04:56:53.703 Disk 0 TDL4@MBR code has been found

04:56:53.703 Disk 0 Windows 7 default MBR code found via API

04:56:53.703 Disk 0 MBR hidden

04:56:53.719 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048

04:56:53.719 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176

04:56:53.734 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 596042 MB offset 29566976

04:56:53.734 Disk 0 MBR [TDL4] **ROOTKIT**

04:56:54.202 Scan finished successfully

04:57:19.568 Disk 0 MBR has been saved successfully to "C:\Users\Carelessjon\Desktop\MBR.dat"

04:57:19.568 The log file has been saved successfully to "C:\Users\Carelessjon\Desktop\aswMBR.txt"

TDSSKILLER log:

04:59:13.0708 1360 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49

04:59:14.0238 1360 ============================================================

04:59:14.0238 1360 Current date / time: 2012/02/25 04:59:14.0238

04:59:14.0238 1360 SystemInfo:

04:59:14.0238 1360

04:59:14.0238 1360 OS Version: 6.1.7601 ServicePack: 1.0

04:59:14.0238 1360 Product type: Workstation

04:59:14.0238 1360 ComputerName: CARELESSJON-PC

04:59:14.0238 1360 UserName: Carelessjon

04:59:14.0238 1360 Windows directory: C:\Windows

04:59:14.0238 1360 System windows directory: C:\Windows

04:59:14.0238 1360 Running under WOW64

04:59:14.0238 1360 Processor architecture: Intel x64

04:59:14.0238 1360 Number of processors: 4

04:59:14.0238 1360 Page size: 0x1000

04:59:14.0238 1360 Boot type: Normal boot

04:59:14.0238 1360 ============================================================

04:59:15.0112 1360 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

04:59:15.0112 1360 \Device\Harddisk0\DR0:

04:59:15.0112 1360 MBR used

04:59:15.0112 1360 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000

04:59:15.0112 1360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x48C25000

04:59:15.0143 1360 Initialize success

04:59:15.0143 1360 ============================================================

04:59:38.0481 4660 ============================================================

04:59:38.0481 4660 Scan started

04:59:38.0481 4660 Mode: Manual; SigCheck; TDLFS;

04:59:38.0481 4660 ============================================================

04:59:39.0120 4660 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

04:59:39.0183 4660 1394ohci - ok

04:59:39.0214 4660 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

04:59:39.0230 4660 ACPI - ok

04:59:39.0230 4660 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

04:59:39.0308 4660 AcpiPmi - ok

04:59:39.0339 4660 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

04:59:39.0354 4660 adp94xx - ok

04:59:39.0386 4660 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

04:59:39.0401 4660 adpahci - ok

04:59:39.0401 4660 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

04:59:39.0417 4660 adpu320 - ok

04:59:39.0464 4660 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

04:59:39.0526 4660 AFD - ok

04:59:39.0557 4660 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

04:59:39.0573 4660 agp440 - ok

04:59:39.0588 4660 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

04:59:39.0588 4660 aliide - ok

04:59:39.0604 4660 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

04:59:39.0620 4660 amdide - ok

04:59:39.0620 4660 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

04:59:39.0682 4660 AmdK8 - ok

04:59:39.0682 4660 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

04:59:39.0729 4660 AmdPPM - ok

04:59:39.0729 4660 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

04:59:39.0744 4660 amdsata - ok

04:59:39.0760 4660 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

04:59:39.0760 4660 amdsbs - ok

04:59:39.0791 4660 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

04:59:39.0807 4660 amdxata - ok

04:59:39.0822 4660 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

04:59:39.0963 4660 AppID - ok

04:59:40.0025 4660 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

04:59:40.0025 4660 arc - ok

04:59:40.0041 4660 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

04:59:40.0056 4660 arcsas - ok

04:59:40.0088 4660 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

04:59:40.0212 4660 AsyncMac - ok

04:59:40.0244 4660 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

04:59:40.0259 4660 atapi - ok

04:59:40.0322 4660 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

04:59:40.0368 4660 b06bdrv - ok

04:59:40.0415 4660 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

04:59:40.0446 4660 b57nd60a - ok

04:59:40.0493 4660 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

04:59:40.0540 4660 Beep - ok

04:59:40.0680 4660 BHDrvx64 (41da5845e1f8af445bd626cf085c4541) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys

04:59:40.0743 4660 BHDrvx64 - ok

04:59:40.0774 4660 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

04:59:40.0821 4660 blbdrive - ok

04:59:40.0883 4660 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

04:59:40.0930 4660 bowser - ok

04:59:40.0961 4660 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

04:59:40.0992 4660 BrFiltLo - ok

04:59:41.0039 4660 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

04:59:41.0055 4660 BrFiltUp - ok

04:59:41.0070 4660 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

04:59:41.0117 4660 Brserid - ok

04:59:41.0148 4660 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

04:59:41.0164 4660 BrSerWdm - ok

04:59:41.0180 4660 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

04:59:41.0211 4660 BrUsbMdm - ok

04:59:41.0211 4660 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

04:59:41.0242 4660 BrUsbSer - ok

04:59:41.0242 4660 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

04:59:41.0273 4660 BTHMODEM - ok

04:59:41.0336 4660 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys

04:59:41.0351 4660 ccSet_NIS - ok

04:59:41.0382 4660 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

04:59:41.0429 4660 cdfs - ok

04:59:41.0476 4660 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

04:59:41.0523 4660 cdrom - ok

04:59:41.0570 4660 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

04:59:41.0601 4660 circlass - ok

04:59:41.0648 4660 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

04:59:41.0679 4660 CLFS - ok

04:59:41.0897 4660 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

04:59:41.0960 4660 CmBatt - ok

04:59:41.0975 4660 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

04:59:41.0975 4660 cmdide - ok

04:59:42.0022 4660 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

04:59:42.0038 4660 CNG - ok

04:59:42.0053 4660 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

04:59:42.0069 4660 Compbatt - ok

04:59:42.0100 4660 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

04:59:42.0131 4660 CompositeBus - ok

04:59:42.0147 4660 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

04:59:42.0147 4660 crcdisk - ok

04:59:42.0209 4660 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

04:59:42.0287 4660 DfsC - ok

04:59:42.0318 4660 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

04:59:42.0381 4660 discache - ok

04:59:42.0428 4660 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

04:59:42.0428 4660 Disk - ok

04:59:42.0474 4660 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

04:59:42.0490 4660 drmkaud - ok

04:59:42.0537 4660 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

04:59:42.0584 4660 DXGKrnl - ok

04:59:42.0615 4660 e1kexpress (f369e83f6cdab987ca2dd764278659a6) C:\Windows\system32\DRIVERS\e1k62x64.sys

04:59:42.0615 4660 e1kexpress - ok

04:59:42.0646 4660 EagleX64 - ok

04:59:42.0740 4660 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

04:59:42.0833 4660 ebdrv - ok

04:59:42.0911 4660 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

04:59:42.0927 4660 eeCtrl - ok

04:59:42.0974 4660 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

04:59:42.0989 4660 elxstor - ok

04:59:43.0052 4660 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

04:59:43.0052 4660 EraserUtilRebootDrv - ok

04:59:43.0067 4660 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

04:59:43.0114 4660 ErrDev - ok

04:59:43.0161 4660 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

04:59:43.0208 4660 exfat - ok

04:59:43.0239 4660 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

04:59:43.0286 4660 fastfat - ok

04:59:43.0317 4660 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

04:59:43.0348 4660 fdc - ok

04:59:43.0395 4660 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

04:59:43.0395 4660 FileInfo - ok

04:59:43.0410 4660 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

04:59:43.0473 4660 Filetrace - ok

04:59:43.0488 4660 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

04:59:43.0504 4660 flpydisk - ok

04:59:43.0535 4660 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

04:59:43.0551 4660 FltMgr - ok

04:59:43.0582 4660 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

04:59:43.0582 4660 FsDepends - ok

04:59:43.0598 4660 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

04:59:43.0598 4660 Fs_Rec - ok

04:59:43.0644 4660 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

04:59:43.0644 4660 fvevol - ok

04:59:43.0676 4660 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

04:59:43.0691 4660 gagp30kx - ok

04:59:43.0707 4660 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

04:59:43.0722 4660 GEARAspiWDM - ok

04:59:43.0769 4660 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

04:59:43.0816 4660 hcw85cir - ok

04:59:43.0863 4660 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

04:59:43.0878 4660 HdAudAddService - ok

04:59:43.0925 4660 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

04:59:43.0972 4660 HDAudBus - ok

04:59:44.0003 4660 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

04:59:44.0003 4660 HECIx64 - ok

04:59:44.0019 4660 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

04:59:44.0019 4660 HidBatt - ok

04:59:44.0050 4660 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

04:59:44.0175 4660 HidBth - ok

04:59:44.0206 4660 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

04:59:44.0222 4660 HidIr - ok

04:59:44.0253 4660 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

04:59:44.0284 4660 HidUsb - ok

04:59:44.0300 4660 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

04:59:44.0315 4660 HpSAMD - ok

04:59:44.0362 4660 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

04:59:44.0424 4660 HTTP - ok

04:59:44.0456 4660 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

04:59:44.0456 4660 hwpolicy - ok

04:59:44.0502 4660 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

04:59:44.0518 4660 i8042prt - ok

04:59:44.0534 4660 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

04:59:44.0549 4660 iaStorV - ok

04:59:44.0643 4660 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVia64.sys

04:59:44.0658 4660 IDSVia64 - ok

04:59:44.0830 4660 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys

04:59:45.0111 4660 igfx - ok

04:59:45.0158 4660 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

04:59:45.0158 4660 iirsp - ok

04:59:45.0267 4660 int15.sys (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\System32\OEM\Factory\int15.sys

04:59:45.0282 4660 int15.sys - ok

04:59:45.0345 4660 IntcAzAudAddService (935faa1a0af889f1ef46be55666100d0) C:\Windows\system32\drivers\RTKVHD64.sys

04:59:45.0407 4660 IntcAzAudAddService - ok

04:59:45.0438 4660 IntcDAud (d248aae81c156c0d47a77cd61bc24cd4) C:\Windows\system32\DRIVERS\IntcDAud.sys

04:59:45.0485 4660 IntcDAud - ok

04:59:45.0501 4660 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

04:59:45.0501 4660 intelide - ok

04:59:45.0516 4660 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

04:59:45.0548 4660 intelppm - ok

04:59:45.0579 4660 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

04:59:45.0641 4660 IpFilterDriver - ok

04:59:45.0657 4660 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

04:59:45.0672 4660 IPMIDRV - ok

04:59:45.0704 4660 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

04:59:45.0766 4660 IPNAT - ok

04:59:45.0813 4660 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

04:59:45.0844 4660 IRENUM - ok

04:59:45.0860 4660 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

04:59:45.0875 4660 isapnp - ok

04:59:45.0891 4660 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

04:59:45.0906 4660 iScsiPrt - ok

04:59:45.0938 4660 itecir (729cc577a823542aad779a0f1327bdb6) C:\Windows\system32\DRIVERS\itecir.sys

04:59:45.0938 4660 itecir - ok

04:59:45.0969 4660 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

04:59:45.0969 4660 kbdclass - ok

04:59:45.0984 4660 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

04:59:46.0000 4660 kbdhid - ok

04:59:46.0016 4660 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

04:59:46.0031 4660 KSecDD - ok

04:59:46.0062 4660 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

04:59:46.0062 4660 KSecPkg - ok

04:59:46.0078 4660 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

04:59:46.0140 4660 ksthunk - ok

04:59:46.0172 4660 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

04:59:46.0234 4660 lltdio - ok

04:59:46.0296 4660 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

04:59:46.0312 4660 LSI_FC - ok

04:59:46.0328 4660 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

04:59:46.0328 4660 LSI_SAS - ok

04:59:46.0343 4660 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

04:59:46.0343 4660 LSI_SAS2 - ok

04:59:46.0359 4660 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

04:59:46.0374 4660 LSI_SCSI - ok

04:59:46.0390 4660 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

04:59:46.0452 4660 luafv - ok

04:59:46.0515 4660 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

04:59:46.0530 4660 MBAMProtector - ok

04:59:46.0562 4660 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys

04:59:46.0562 4660 MBfilt - ok

04:59:46.0577 4660 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

04:59:46.0593 4660 megasas - ok

04:59:46.0624 4660 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

04:59:46.0640 4660 MegaSR - ok

04:59:46.0671 4660 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

04:59:46.0718 4660 Modem - ok

04:59:46.0749 4660 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

04:59:46.0796 4660 monitor - ok

04:59:46.0811 4660 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

04:59:46.0827 4660 mouclass - ok

04:59:46.0827 4660 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

04:59:46.0874 4660 mouhid - ok

04:59:46.0905 4660 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

04:59:46.0905 4660 mountmgr - ok

04:59:46.0952 4660 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

04:59:46.0967 4660 mpio - ok

04:59:46.0998 4660 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

04:59:47.0045 4660 mpsdrv - ok

04:59:47.0092 4660 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

04:59:47.0139 4660 MRxDAV - ok

04:59:47.0186 4660 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

04:59:47.0248 4660 mrxsmb - ok

04:59:47.0279 4660 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

04:59:47.0310 4660 mrxsmb10 - ok

04:59:47.0326 4660 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

04:59:47.0342 4660 mrxsmb20 - ok

04:59:47.0357 4660 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

04:59:47.0373 4660 msahci - ok

04:59:47.0373 4660 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

04:59:47.0388 4660 msdsm - ok

04:59:47.0420 4660 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

04:59:47.0451 4660 Msfs - ok

04:59:47.0466 4660 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

04:59:47.0498 4660 mshidkmdf - ok

04:59:47.0513 4660 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

04:59:47.0529 4660 msisadrv - ok

04:59:47.0544 4660 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

04:59:47.0607 4660 MSKSSRV - ok

04:59:47.0638 4660 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

04:59:47.0685 4660 MSPCLOCK - ok

04:59:47.0716 4660 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

04:59:47.0778 4660 MSPQM - ok

04:59:47.0810 4660 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

04:59:47.0825 4660 MsRPC - ok

04:59:47.0841 4660 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

04:59:47.0856 4660 mssmbios - ok

04:59:47.0856 4660 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

04:59:47.0919 4660 MSTEE - ok

04:59:47.0934 4660 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

04:59:47.0950 4660 MTConfig - ok

04:59:47.0981 4660 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

04:59:47.0997 4660 Mup - ok

04:59:48.0012 4660 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

04:59:48.0059 4660 NativeWifiP - ok

04:59:48.0153 4660 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\ENG64.SYS

04:59:48.0153 4660 NAVENG - ok

04:59:48.0231 4660 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\EX64.SYS

04:59:48.0293 4660 NAVEX15 - ok

04:59:48.0340 4660 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

04:59:48.0371 4660 NDIS - ok

04:59:48.0387 4660 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

04:59:48.0449 4660 NdisCap - ok

04:59:48.0480 4660 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

04:59:48.0527 4660 NdisTapi - ok

04:59:48.0574 4660 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

04:59:48.0636 4660 Ndisuio - ok

04:59:48.0668 4660 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

04:59:48.0730 4660 NdisWan - ok

04:59:48.0777 4660 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

04:59:48.0824 4660 NDProxy - ok

04:59:48.0855 4660 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

04:59:48.0886 4660 NetBIOS - ok

04:59:48.0902 4660 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

04:59:48.0948 4660 NetBT - ok

04:59:49.0026 4660 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys

04:59:49.0058 4660 netr28x - ok

04:59:49.0104 4660 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

04:59:49.0104 4660 nfrd960 - ok

04:59:49.0151 4660 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

04:59:49.0198 4660 Npfs - ok

04:59:49.0229 4660 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

04:59:49.0276 4660 nsiproxy - ok

04:59:49.0338 4660 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

04:59:49.0385 4660 Ntfs - ok

04:59:49.0401 4660 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

04:59:49.0463 4660 Null - ok

04:59:49.0510 4660 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

04:59:49.0510 4660 nvraid - ok

04:59:49.0526 4660 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

04:59:49.0541 4660 nvstor - ok

04:59:49.0572 4660 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

04:59:49.0588 4660 nv_agp - ok

04:59:49.0604 4660 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

04:59:49.0635 4660 ohci1394 - ok

04:59:49.0650 4660 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

04:59:49.0666 4660 Parport - ok

04:59:49.0697 4660 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

04:59:49.0697 4660 partmgr - ok

04:59:49.0713 4660 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

04:59:49.0728 4660 pci - ok

04:59:49.0744 4660 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

04:59:49.0744 4660 pciide - ok

04:59:49.0791 4660 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

04:59:49.0791 4660 pcmcia - ok

04:59:49.0838 4660 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

04:59:49.0838 4660 pcw - ok

04:59:49.0869 4660 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

04:59:49.0947 4660 PEAUTH - ok

04:59:50.0009 4660 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

04:59:50.0087 4660 PptpMiniport - ok

04:59:50.0087 4660 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

04:59:50.0103 4660 Processor - ok

04:59:50.0165 4660 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

04:59:50.0212 4660 Psched - ok

04:59:50.0259 4660 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

04:59:50.0306 4660 ql2300 - ok

04:59:50.0321 4660 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

04:59:50.0337 4660 ql40xx - ok

04:59:50.0352 4660 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

04:59:50.0399 4660 QWAVEdrv - ok

04:59:50.0415 4660 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

04:59:50.0462 4660 RasAcd - ok

04:59:50.0493 4660 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

04:59:50.0524 4660 RasAgileVpn - ok

04:59:50.0540 4660 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

04:59:50.0602 4660 Rasl2tp - ok

04:59:50.0633 4660 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

04:59:50.0696 4660 RasPppoe - ok

04:59:50.0727 4660 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

04:59:50.0758 4660 RasSstp - ok

04:59:50.0789 4660 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

04:59:50.0852 4660 rdbss - ok

04:59:50.0867 4660 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

04:59:50.0883 4660 rdpbus - ok

04:59:50.0914 4660 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

04:59:50.0961 4660 RDPCDD - ok

04:59:50.0976 4660 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

04:59:51.0039 4660 RDPENCDD - ok

04:59:51.0070 4660 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

04:59:51.0101 4660 RDPREFMP - ok

04:59:51.0132 4660 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

04:59:51.0164 4660 RDPWD - ok

04:59:51.0195 4660 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

04:59:51.0210 4660 rdyboost - ok

04:59:51.0242 4660 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

04:59:51.0288 4660 rspndr - ok

04:59:51.0351 4660 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\System32\Drivers\RtsUStor.sys

04:59:51.0366 4660 RSUSBSTOR - ok

04:59:51.0382 4660 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

04:59:51.0382 4660 sbp2port - ok

04:59:51.0444 4660 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

04:59:51.0476 4660 scfilter - ok

04:59:51.0507 4660 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

04:59:51.0554 4660 secdrv - ok

04:59:51.0569 4660 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

04:59:51.0585 4660 Serenum - ok

04:59:51.0616 4660 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

04:59:51.0632 4660 Serial - ok

04:59:51.0647 4660 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

04:59:51.0678 4660 sermouse - ok

04:59:51.0694 4660 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

04:59:51.0710 4660 sffdisk - ok

04:59:51.0725 4660 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

04:59:51.0741 4660 sffp_mmc - ok

04:59:51.0756 4660 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

04:59:51.0772 4660 sffp_sd - ok

04:59:51.0772 4660 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

04:59:51.0788 4660 sfloppy - ok

04:59:51.0819 4660 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

04:59:51.0819 4660 SiSRaid2 - ok

04:59:51.0834 4660 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

04:59:51.0850 4660 SiSRaid4 - ok

04:59:51.0866 4660 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

04:59:51.0897 4660 Smb - ok

04:59:51.0928 4660 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

04:59:51.0944 4660 spldr - ok

04:59:52.0006 4660 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS

04:59:52.0037 4660 SRTSP - ok

04:59:52.0053 4660 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS

04:59:52.0053 4660 SRTSPX - ok

04:59:52.0084 4660 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

04:59:52.0100 4660 srv - ok

04:59:52.0131 4660 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

04:59:52.0209 4660 srv2 - ok

04:59:52.0240 4660 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

04:59:52.0271 4660 srvnet - ok

04:59:52.0334 4660 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

04:59:52.0349 4660 stexstor - ok

04:59:52.0396 4660 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

04:59:52.0412 4660 swenum - ok

04:59:52.0474 4660 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS

04:59:52.0490 4660 SymDS - ok

04:59:52.0536 4660 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS

04:59:52.0568 4660 SymEFA - ok

04:59:52.0599 4660 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

04:59:52.0614 4660 SymEvent - ok

04:59:52.0646 4660 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS

04:59:52.0646 4660 SymIRON - ok

04:59:52.0677 4660 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS

04:59:52.0692 4660 SymNetS - ok

04:59:52.0739 4660 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

04:59:52.0802 4660 Tcpip - ok

04:59:52.0833 4660 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

04:59:52.0864 4660 TCPIP6 - ok

04:59:52.0895 4660 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

04:59:52.0942 4660 tcpipreg - ok

04:59:52.0989 4660 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

04:59:53.0036 4660 TDPIPE - ok

04:59:53.0067 4660 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

04:59:53.0145 4660 TDTCP - ok

04:59:53.0192 4660 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

04:59:53.0223 4660 tdx - ok

04:59:53.0270 4660 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

04:59:53.0270 4660 TermDD - ok

04:59:53.0301 4660 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

04:59:53.0348 4660 tssecsrv - ok

04:59:53.0426 4660 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

04:59:53.0441 4660 TsUsbFlt - ok

04:59:53.0472 4660 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

04:59:53.0519 4660 tunnel - ok

04:59:53.0550 4660 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

04:59:53.0550 4660 uagp35 - ok

04:59:53.0597 4660 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

04:59:53.0628 4660 udfs - ok

04:59:53.0644 4660 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

04:59:53.0660 4660 uliagpkx - ok

04:59:53.0675 4660 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

04:59:53.0722 4660 umbus - ok

04:59:53.0738 4660 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

04:59:53.0784 4660 UmPass - ok

04:59:53.0816 4660 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

04:59:53.0862 4660 USBAAPL64 - ok

04:59:53.0894 4660 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

04:59:53.0909 4660 usbccgp - ok

04:59:53.0940 4660 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

04:59:53.0956 4660 usbcir - ok

04:59:53.0987 4660 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

04:59:54.0003 4660 usbehci - ok

04:59:54.0034 4660 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

04:59:54.0065 4660 usbhub - ok

04:59:54.0081 4660 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

04:59:54.0096 4660 usbohci - ok

04:59:54.0112 4660 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

04:59:54.0128 4660 usbprint - ok

04:59:54.0159 4660 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

04:59:54.0206 4660 USBSTOR - ok

04:59:54.0206 4660 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

04:59:54.0237 4660 usbuhci - ok

04:59:54.0284 4660 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

04:59:54.0299 4660 usbvideo - ok

04:59:54.0330 4660 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

04:59:54.0346 4660 vdrvroot - ok

04:59:54.0362 4660 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

04:59:54.0377 4660 vga - ok

04:59:54.0408 4660 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

04:59:54.0471 4660 VgaSave - ok

04:59:54.0486 4660 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

04:59:54.0502 4660 vhdmp - ok

04:59:54.0502 4660 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

04:59:54.0518 4660 viaide - ok

04:59:54.0518 4660 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

04:59:54.0533 4660 volmgr - ok

04:59:54.0564 4660 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

04:59:54.0580 4660 volmgrx - ok

04:59:54.0611 4660 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

04:59:54.0611 4660 volsnap - ok

04:59:54.0658 4660 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

04:59:54.0658 4660 vsmraid - ok

04:59:54.0720 4660 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

04:59:54.0752 4660 vwifibus - ok

04:59:54.0798 4660 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

04:59:54.0830 4660 vwififlt - ok

04:59:54.0876 4660 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

04:59:54.0892 4660 vwifimp - ok

04:59:54.0908 4660 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

04:59:54.0939 4660 WacomPen - ok

04:59:54.0986 4660 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

04:59:55.0032 4660 WANARP - ok

04:59:55.0064 4660 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

04:59:55.0095 4660 Wanarpv6 - ok

04:59:55.0110 4660 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

04:59:55.0126 4660 Wd - ok

04:59:55.0157 4660 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

04:59:55.0173 4660 Wdf01000 - ok

04:59:55.0204 4660 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

04:59:55.0235 4660 WfpLwf - ok

04:59:55.0266 4660 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

04:59:55.0266 4660 WIMMount - ok

04:59:55.0298 4660 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

04:59:55.0329 4660 WinUsb - ok

04:59:55.0376 4660 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

04:59:55.0391 4660 WmiAcpi - ok

04:59:55.0422 4660 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

04:59:55.0454 4660 ws2ifsl - ok

04:59:55.0485 4660 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

04:59:55.0532 4660 WudfPf - ok

04:59:55.0578 4660 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

04:59:55.0625 4660 WUDFRd - ok

04:59:55.0656 4660 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys

04:59:55.0688 4660 xusb21 - ok

04:59:55.0766 4660 {60DB6561-0A84-4c94-AF33-288405CFD56D} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerCinema Movie\000.fcl

04:59:55.0781 4660 {60DB6561-0A84-4c94-AF33-288405CFD56D} - ok

04:59:55.0797 4660 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0

04:59:55.0812 4660 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

04:59:55.0812 4660 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

04:59:55.0844 4660 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

04:59:55.0844 4660 \Device\Harddisk0\DR0 - detected TDSS File System (1)

04:59:55.0859 4660 Boot (0x1200) (69f1d6595ccff5ed5e003954c3ddf376) \Device\Harddisk0\DR0\Partition0

04:59:55.0875 4660 \Device\Harddisk0\DR0\Partition0 - ok

04:59:55.0875 4660 Boot (0x1200) (f91a56594bb57a1e167718f5df3c7eac) \Device\Harddisk0\DR0\Partition1

04:59:55.0875 4660 \Device\Harddisk0\DR0\Partition1 - ok

04:59:55.0875 4660 ============================================================

04:59:55.0875 4660 Scan finished

04:59:55.0875 4660 ============================================================

04:59:55.0875 4460 Detected object count: 2

04:59:55.0875 4460 Actual detected object count: 2

05:01:20.0818 4460 \Device\Harddisk0\DR0\# - copied to quarantine

05:01:20.0818 4460 \Device\Harddisk0\DR0 - copied to quarantine

05:01:20.0833 4460 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

05:01:20.0833 4460 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

05:01:20.0833 4460 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

05:01:20.0849 4460 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

05:01:20.0849 4460 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

05:01:20.0849 4460 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

05:01:20.0865 4460 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

05:01:20.0880 4460 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

05:01:20.0880 4460 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

05:01:20.0880 4460 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

05:01:20.0911 4460 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

05:01:20.0911 4460 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

05:01:20.0911 4460 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

05:01:20.0911 4460 \Device\Harddisk0\DR0 - ok

05:01:21.0114 4460 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

05:01:21.0114 4460 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

05:01:21.0114 4460 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

05:01:37.0136 1364 Deinitialize success

GMER log:

SilentRunners log:

"Silent Runners.vbs", revision 63, http://www.silentrunners.org/

Operating System: Windows 7 SP1

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"swg" = ""C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"TouchORB" = "C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe" ["Acer Corp."]

"RtHDVCpl" = "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" ["Realtek Semiconductor"]

"TouchPortal" = "C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe" [null data]

"RunDLLEntry_THXCfg" = "C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64" [MS]

"AdobeAAMUpdater-1.0" = ""C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"" ["Adobe Systems Incorporated"]

"IgfxTray" = "C:\Windows\system32\igfxtray.exe" ["Intel Corporation"]

"HotKeysCmds" = "C:\Windows\system32\hkcmd.exe" ["Intel Corporation"]

"Persistence" = "C:\Windows\system32\igfxpers.exe" ["Intel Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live ID Sign-in Helper"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

\InProcServer32\(Default) = "C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\

<<!>> ("livessp" [MS]) "Security Packages" = "kerberos"|"msv1_0"|"schannel"|"wdigest"|"tspkg"|"pku2u"|"livessp"

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = "WLIDCredentialProvider"

-> {HKLM...CLSID} = "WLIDCredentialProvider"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

-> {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32\(Default) = ""C:\Program Files (x86)\Norton Internet Security\Engine64\19.5.0.145\NavShExt.dll"" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"

-> {HKLM...CLSID} = "GraphicsShellExt Class"

\InProcServer32\(Default) = "C:\Windows\system32\igfxpph.dll" ["Intel Corporation"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

-> {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32\(Default) = ""C:\Program Files (x86)\Norton Internet Security\Engine64\19.5.0.145\NavShExt.dll"" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" ["Alexander Roshal"]

Default executables:

--------------------

HKLM\SOFTWARE\Classes\.hta\(Default) = "htafile"

<<!>> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "C:\Windows\SysWOW64\mshta.exe "%1" %*" [MS]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoActiveDesktop" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

"ForceActiveDesktopOn" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp"

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

DVDDecrypterPlayDVDMovieOnArrival\

"Provider" = "DVD Decrypter"

"InvokeProgID" = "DVDDecrypter"

"InvokeVerb" = "PlayDVDMovieOnArrival_Decrypt"

HKLM\SOFTWARE\Classes\DVDDecrypter\shell\PlayDVDMovieOnArrival_Decrypt\Command\(Default) = ""C:\Program Files (x86)\DVD Decrypter\DVDDecrypter.exe" /MODE READ /SOURCE "%1"" ["LIGHTNING UK!"]

iTunesBurnCDOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.BurnCD"

"InvokeVerb" = "burn"

HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

iTunesImportSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ImportSongsOnCD"

"InvokeVerb" = "import"

HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

iTunesPlaySongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.PlaySongsOnCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

iTunesShowSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ShowSongsOnCD"

"InvokeVerb" = "showsongs"

HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

MSLivePhotoAcquireDropHandler\

"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"

"InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll" [MS]

MSLiveShowPicturesOnArrival\

"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"

"InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll" [MS]

MSPlayCDAudioOnArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.AudioCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"" [MS]

MSPlayDVDMovieOnArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.DVD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"" [MS]

MSPlaySuperVideoCDMovieOnArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.VCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS]

MSPlayVideoCDMovieOnArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.VCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS]

MSTPCollageHandler\

"Provider" = "@C:\Program Files (x86)\Microsoft Touch Pack for Windows 7\TouchpackShellResources.dll,-117"

"InvokeProgID" = "Microsoft.Surface.TouchApps.Collage.1.0"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.Surface.TouchApps.Collage.1.0\shell\open\command\(Default) = ""C:\Program Files (x86)\Microsoft Touch Pack for Windows 7\Collage.exe" "%1"" [null data]

MSWMPBurnCDOnArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.BurnCD"

"InvokeVerb" = "Burn"

HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L"" [MS]

NeroAutoPlay9CDAudio\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay9CopyCD\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe -w /Dialog:DiscCopy" ["Nero AG"]

NeroAutoPlay9DataDisc\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe -w /New:ISODisc" ["Nero AG"]

NeroAutoPlay9LaunchNeroStartSmart\

"Provider" = "Nero StartSmart"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

PCinemaPlayCDAudioOnArrival\

"Provider" = "PowerCinema"

"InvokeProgID" = "AudioCD"

"InvokeVerb" = "PlayWithPowerCinema"

HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerCinema\Command\(Default) = ""C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY CD "%L"" ["CyberLink Corp."]

PCMMoviePlayBluRayOnArrival\

"Provider" = "PowerCinema"

"InvokeProgID" = "BD"

"InvokeVerb" = "PlayWithPCMMovie"

HKLM\SOFTWARE\Classes\BD\shell\PlayWithPCMMovie\Command\(Default) = ""C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

PCMMoviePlayDVDMovieOnArrival\

"Provider" = "PowerCinema"

"InvokeProgID" = "DVD"

"InvokeVerb" = "PlayWithPCMMovie"

HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPCMMovie\Command\(Default) = ""C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

PCMMoviePlaySVCDOnArrival\

"Provider" = "PowerCinema"

"InvokeProgID" = "SVCD"

"InvokeVerb" = "PlayWithPCMMovie"

HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPCMMovie\Command\(Default) = ""C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe" "%L"" ["CyberLink Corp."]

PCMMoviePlayVCDMovieOnArrival\

"Provider" = "PowerCinema"

"InvokeProgID" = "VCD"

"InvokeVerb" = "PlayWithPCMMovie"

HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPCMMovie\Command\(Default) = ""C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

VLCPlayCDAudioOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.CDAudio"

"InvokeVerb" = "Open"

HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda://%1" ["the VideoLAN Team"]

VLCPlayDVDAudioOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.OPENFolder"

"InvokeVerb" = "Open"

HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1" ["the VideoLAN Team"]

VLCPlayDVDMovieOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.DVDMovie"

"InvokeVerb" = "Open"

HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd://%1" ["the VideoLAN Team"]

VLCPlayMusicFilesOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.OPENFolder"

"InvokeVerb" = "Open"

HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1" ["the VideoLAN Team"]

VLCPlaySVCDMovieOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.SVCDMovie"

"InvokeVerb" = "Open"

HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1" ["the VideoLAN Team"]

VLCPlayVCDMovieOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.VCDMovie"

"InvokeVerb" = "Open"

HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1" ["the VideoLAN Team"]

VLCPlayVideoFilesOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.OPENFolder"

"InvokeVerb" = "Open"

HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1" ["the VideoLAN Team"]

Non-disabled Scheduled Tasks:

-----------------------------

C:\Users\Carelessjon\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

C:\Windows\System32\Tasks

"GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]

"GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]

"Norton WSC Integration" -> (HIDDEN!) launches: ""C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\WSCStub.exe" /taskschd" ["Symantec Corporation"]

"SidebarExecute" -> launches: "C:\Program Files\Windows Sidebar\sidebar.exe /addGadget" [MS]

"{20AE7520-2D03-45B6-BE7D-9CA1891CD077}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\BITTOR~2\UNWISE.EXE -c /U C:\PROGRA~2\BITTOR~2\INSTALL.LOG" [MS]

"{47DE368C-76A2-4183-9E97-921C121DDFC1}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe" -c /AppMode=SETUP /Uninstall" [MS]

"{94FFBEEF-134C-457E-B93F-E5AB77B6B09E}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\Carelessjon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYMU1UKO\258.96_desktop_win7_winvista_64bit_english_whql[1].exe" -d C:\Users\Carelessjon\Desktop" [MS]

C:\Windows\System32\Tasks\Apple

"AppleSoftwareUpdate" -> launches: "C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client

"AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}"

-> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler"

\InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience

"AitAgent" -> launches: "aitagent" [MS]

"ProgramDataUpdater" -> launches: "%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk

"Proxy" -> launches: "%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth

"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient

"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"

-> {HKLM...CLSID} = "Certificate Services Client Task Handler"

\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"

-> {HKLM...CLSID} = "Certificate Services Client Task Handler"

\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program

"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]

"KernelCeipTask" -> (HIDDEN!) launches: "{e7ed314f-2816-4c26-aeb5-54a34d02404c}"

-> {HKLM...CLSID} = "KernelCeipCustomHandler"

\InProcServer32\(Default) = "C:\Windows\System32\kernelceip.dll" [MS]

"Uploader" -> launches: "%windir%\system32\WSqmCons.exe -u" [MS]

"UsbCeip" -> (HIDDEN!) launches: "{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}"

-> {HKLM...CLSID} = "UsbCeip"

\InProcServer32\(Default) = "C:\Windows\System32\usbceip.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag

"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis

"Scheduled" -> (HIDDEN!) launches: "{c1f85ef8-bcc2-4606-bb39-70c523715eb3}"

-> {HKLM...CLSID} = "ScheduledDiagnosticCustomHandler"

\InProcServer32\(Default) = "C:\Windows\System32\sdiagschd.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location

"Notifications" -> launches: "%windir%\System32\LocationNotifications.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance

"WinSAT" -> launches: "{A9A33436-678B-4C9C-A211-7CC38785E79D}"

-> {HKLM...CLSID} = "WinSAT Task Manger Task"

\InProcServer32\(Default) = "C:\Windows\system32\WinSATAPI.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center

"ActivateWindowsSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch" [MS]

"ConfigureInternetTimeService" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService" [MS]

"DispatchRecoveryTasks" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)" [MS]

"ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]

"InstallPlayReady" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)" [MS]

"mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0)" [MS]

"MediaCenterRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask" [MS]

"ObjectStoreRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask" [MS]

"OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]

"OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)" [MS]

"PBDADiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery" [MS]

"PBDADiscoveryW1" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery" [MS]

"PBDADiscoveryW2" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery" [MS]

"PvrRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask" [MS]

"PvrScheduleTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrSchedule" [MS]

"RegisterSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)" [MS]

"ReindexSearchRoot" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot" [MS]

"SqlLiteRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask" [MS]

"StartRecording" -> launches: "%SystemRoot%\ehome\ehrec /StartRecording" [MS]

"UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic

"CorruptionDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"

-> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"

\InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]

"DecompressionFailureDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"

-> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"

\InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC

"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"

-> {HKLM...CLSID} = "HotStart User Agent"

\InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI

"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia

"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"

-> {HKLM...CLSID} = "Microsoft PlaySoundService Class"

\InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace

"GatherNetworkInfo" -> launches: "%windir%\system32\gatherNetworkInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack

"BackgroundConfigSurveyor" -> (HIDDEN!) launches: "{EA9155A3-8A39-40b4-8963-D3C761B18371}"

-> {HKLM...CLSID} = "PerfTrack TaskHandler class"

\InProcServer32\(Default) = "C:\Windows\System32\perftrack.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics

"AnalyzeSystem" -> launches: "%SystemRoot%\System32\powercfg.exe -energy -auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC

"RacTask" -> (HIDDEN!) launches: "{42060D27-CA53-41f5-96E4-B1E8169308A6}"

-> {HKLM...CLSID} = "ReliabilityAnalysisCustomHandler"

\InProcServer32\(Default) = "C:\Windows\system32\RacEngn.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras

"MobilityManager" -> launches: "{c463a0fc-794f-4fdf-9201-01938ceacafa}"

-> {HKLM...CLSID} = "RasMobilityManager"

\InProcServer32\(Default) = "C:\Windows\system32\rasmbmgr.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry

"RegIdleBackup" -> (HIDDEN!) launches: "{ca767aa8-9157-4604-b64b-40747123d5f2}"

-> {HKLM...CLSID} = "RegistryIdleBackupHandler"

\InProcServer32\(Default) = "C:\Windows\System32\regidle.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance

"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow

"GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"

-> {HKLM...CLSID} = "GadgetsManager Class"

\InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore

"SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TabletPC

"InputPersonalization" -> launches: "%CommonProgramFiles%\Microsoft Shared\Ink\InputPersonalization.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager

"Interactive" -> (HIDDEN!) launches: "{855fec53-d2e4-4999-9e87-3414e9cf0ff4}"

-> {HKLM...CLSID} = "RunTask"

\InProcServer32\(Default) = "C:\Windows\system32\wdc.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip

"IpAddressConflict1" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]

"IpAddressConflict2" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework

"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"

-> {HKLM...CLSID} = "MsCtfMonitor task handler"

\InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization

"SynchronizeTime" -> launches: "%windir%\system32\sc.exe start w32time task_started" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP

"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI

"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"

-> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"

\InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies

"ValidationTask" -> (HIDDEN!) launches: "%SystemRoot%\system32\Wat\WatAdminSvc.exe /run" [MS]

"ValidationTaskDeadline" -> (HIDDEN!) launches: "%SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting

"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform

"BfeOnServiceStartTypeChange" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing

"UpdateLibrary" -> launches: ""%ProgramFiles%\Windows Media Player\wmpnscfg.exe"" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup

"ConfigNotification" -> launches: "%systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Defender

"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE

"Extractor Definitions Update Task" -> launches: "{3519154C-227E-47F3-9CC9-12C3F05817F1}"" [inProcServer32 entry not found]

C:\Windows\System32\Tasks\Norton Internet Security

"Norton Error Analyzer" -> launches: "C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\SymErr.exe /analyze" ["Symantec Corporation"]

"Norton Error Processor" -> launches: "C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\SymErr.exe /submit" ["Symantec Corporation"]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]

000000000005\LibraryPath = "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS]

000000000006\LibraryPath = "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS]

000000000007\LibraryPath = "C:\Program Files (x86)\Bonjour\mdnsNSP.dll" ["Apple Inc."]

000000000008\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000009\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 10

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "Google Toolbar"

\InProcServer32\(Default) = "C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar"

\InProcServer32\(Default) = "C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll" ["Google Inc."]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Apple Mobile Device, Apple Mobile Device, ""C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"" ["Apple Inc."]

Bonjour Service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]

GRegService, Greg_Service, "C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe" ["Acer Incorporated"]

Intel® Management & Security Application User Notification Service, UNS, ""C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"" ["Intel Corporation"]

Intel® Management and Security Application Local Management Service, LMS, "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" ["Intel Corporation"]

iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]

MBAMService, MBAMService, ""C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"" ["Malwarebytes Corporation"]

Norton Internet Security, NIS, ""C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll" /prefetch:1" ["Symantec Corporation"]

Updater Service, Updater Service, "C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe" ["Acer Group"]

vToolbarUpdater, vToolbarUpdater, "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe" [null data]

Windows Live ID Sign-in Assistant, wlidsvc, ""C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"" [MS]

---------- (launch time: 2012-02-25 05:39:24)

<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 33 seconds, including 18 seconds for message boxes)

Link to post
Share on other sites

  • Delete any previous copy of Roguekiller.exe which (if any)
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Temporarily disable any anti-virus program.
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.

Re-enable your anti-virus.

Link to post
Share on other sites

Thanks for responding!

Here it is:

RogueKiller V7.1.0 [02/15/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Carelessjon [Admin rights]

Mode: Scan -- Date: 02/25/2012 06:23:47

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-22A7B2 ATA Device +++++

--- User ---

[MBR] ebe60ec8dd1041ac5bb31652596469e4

[bSP] b650f728c07196848c923e7dac09c9d5 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 596042 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Be aware that your pc has a rootkit infection.

You will want to print out or copy these instructions to Notepad for Safe offline reference!

These steps are for jonkiote only. If you are a casual viewer, do NOT try this on your system!

If you are not jonkiote and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

Please close/exit all programs you started.

If you have any external HDD drives, please disconnect.

Step 1

Step 2

  • Run RogueKiller one time normally. Save the new log.

Step 3
Please read carefully and follow these steps.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Reply with copy of last RogueKiller log & the new TDSSKILLER log

Link to post
Share on other sites

Hmm. MBAM no longer detects anything svchost seems to be gone! Thank you so much!

When running roguekiller, I assumed I was supposed to click scan after the pre-scan since under the registry tab, there was nothing listed. And so I did. The scan found 2 files which I deleted.

The TDSS killer scan showed no infections, so I didn't reboot or cure anything.(yay?)

RogueKiller log:

RogueKiller V7.1.0 [02/15/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Carelessjon [Admin rights]

Mode: Scan -- Date: 02/25/2012 12:31:10

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-22A7B2 ATA Device +++++

--- User ---

[MBR] ebe60ec8dd1041ac5bb31652596469e4

[bSP] b650f728c07196848c923e7dac09c9d5 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 596042 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[4].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

TDSSKiller log:

12:32:19.0077 2348 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49

12:32:19.0686 2348 ============================================================

12:32:19.0686 2348 Current date / time: 2012/02/25 12:32:19.0686

12:32:19.0686 2348 SystemInfo:

12:32:19.0686 2348

12:32:19.0686 2348 OS Version: 6.1.7601 ServicePack: 1.0

12:32:19.0686 2348 Product type: Workstation

12:32:19.0686 2348 ComputerName: CARELESSJON-PC

12:32:19.0686 2348 UserName: Carelessjon

12:32:19.0686 2348 Windows directory: C:\Windows

12:32:19.0686 2348 System windows directory: C:\Windows

12:32:19.0686 2348 Running under WOW64

12:32:19.0686 2348 Processor architecture: Intel x64

12:32:19.0686 2348 Number of processors: 4

12:32:19.0686 2348 Page size: 0x1000

12:32:19.0686 2348 Boot type: Normal boot

12:32:19.0686 2348 ============================================================

12:32:21.0449 2348 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

12:32:21.0464 2348 \Device\Harddisk0\DR0:

12:32:21.0464 2348 MBR used

12:32:21.0464 2348 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000

12:32:21.0464 2348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x48C25000

12:32:21.0480 2348 Initialize success

12:32:21.0480 2348 ============================================================

12:32:30.0247 4192 ============================================================

12:32:30.0247 4192 Scan started

12:32:30.0247 4192 Mode: Manual;

12:32:30.0247 4192 ============================================================

12:32:31.0667 4192 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

12:32:31.0698 4192 1394ohci - ok

12:32:31.0745 4192 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

12:32:31.0745 4192 ACPI - ok

12:32:31.0776 4192 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

12:32:31.0776 4192 AcpiPmi - ok

12:32:31.0838 4192 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

12:32:31.0838 4192 adp94xx - ok

12:32:31.0901 4192 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

12:32:31.0916 4192 adpahci - ok

12:32:31.0932 4192 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

12:32:31.0932 4192 adpu320 - ok

12:32:31.0994 4192 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

12:32:31.0994 4192 AFD - ok

12:32:32.0010 4192 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

12:32:32.0010 4192 agp440 - ok

12:32:32.0025 4192 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

12:32:32.0025 4192 aliide - ok

12:32:32.0041 4192 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

12:32:32.0041 4192 amdide - ok

12:32:32.0057 4192 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

12:32:32.0057 4192 AmdK8 - ok

12:32:32.0057 4192 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

12:32:32.0057 4192 AmdPPM - ok

12:32:32.0072 4192 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

12:32:32.0072 4192 amdsata - ok

12:32:32.0088 4192 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

12:32:32.0088 4192 amdsbs - ok

12:32:32.0103 4192 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

12:32:32.0103 4192 amdxata - ok

12:32:32.0135 4192 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

12:32:32.0135 4192 AppID - ok

12:32:32.0197 4192 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

12:32:32.0197 4192 arc - ok

12:32:32.0213 4192 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

12:32:32.0213 4192 arcsas - ok

12:32:32.0244 4192 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

12:32:32.0259 4192 AsyncMac - ok

12:32:32.0275 4192 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

12:32:32.0275 4192 atapi - ok

12:32:32.0322 4192 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

12:32:32.0337 4192 b06bdrv - ok

12:32:32.0400 4192 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

12:32:32.0400 4192 b57nd60a - ok

12:32:32.0431 4192 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

12:32:32.0431 4192 Beep - ok

12:32:32.0556 4192 BHDrvx64 (41da5845e1f8af445bd626cf085c4541) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys

12:32:32.0556 4192 BHDrvx64 - ok

12:32:32.0603 4192 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

12:32:32.0603 4192 blbdrive - ok

12:32:32.0649 4192 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

12:32:32.0649 4192 bowser - ok

12:32:32.0681 4192 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

12:32:32.0681 4192 BrFiltLo - ok

12:32:32.0712 4192 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

12:32:32.0712 4192 BrFiltUp - ok

12:32:32.0727 4192 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

12:32:32.0727 4192 Brserid - ok

12:32:32.0743 4192 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

12:32:32.0743 4192 BrSerWdm - ok

12:32:32.0759 4192 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

12:32:32.0759 4192 BrUsbMdm - ok

12:32:32.0774 4192 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

12:32:32.0774 4192 BrUsbSer - ok

12:32:32.0774 4192 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

12:32:32.0790 4192 BTHMODEM - ok

12:32:32.0837 4192 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys

12:32:32.0837 4192 ccSet_NIS - ok

12:32:32.0868 4192 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

12:32:32.0868 4192 cdfs - ok

12:32:32.0899 4192 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

12:32:32.0899 4192 cdrom - ok

12:32:32.0946 4192 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

12:32:32.0946 4192 circlass - ok

12:32:32.0977 4192 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

12:32:32.0977 4192 CLFS - ok

12:32:33.0039 4192 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

12:32:33.0039 4192 CmBatt - ok

12:32:33.0055 4192 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

12:32:33.0055 4192 cmdide - ok

12:32:33.0086 4192 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

12:32:33.0086 4192 CNG - ok

12:32:33.0102 4192 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

12:32:33.0102 4192 Compbatt - ok

12:32:33.0133 4192 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

12:32:33.0133 4192 CompositeBus - ok

12:32:33.0149 4192 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

12:32:33.0149 4192 crcdisk - ok

12:32:33.0195 4192 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

12:32:33.0195 4192 DfsC - ok

12:32:33.0227 4192 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

12:32:33.0227 4192 discache - ok

12:32:33.0242 4192 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

12:32:33.0242 4192 Disk - ok

12:32:33.0273 4192 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

12:32:33.0273 4192 drmkaud - ok

12:32:33.0336 4192 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

12:32:33.0336 4192 DXGKrnl - ok

12:32:33.0367 4192 e1kexpress (f369e83f6cdab987ca2dd764278659a6) C:\Windows\system32\DRIVERS\e1k62x64.sys

12:32:33.0367 4192 e1kexpress - ok

12:32:33.0398 4192 EagleX64 - ok

12:32:33.0492 4192 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

12:32:33.0570 4192 ebdrv - ok

12:32:33.0648 4192 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

12:32:33.0648 4192 eeCtrl - ok

12:32:33.0695 4192 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

12:32:33.0710 4192 elxstor - ok

12:32:33.0757 4192 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

12:32:33.0757 4192 EraserUtilRebootDrv - ok

12:32:33.0773 4192 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

12:32:33.0773 4192 ErrDev - ok

12:32:33.0819 4192 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

12:32:33.0819 4192 exfat - ok

12:32:33.0835 4192 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

12:32:33.0851 4192 fastfat - ok

12:32:33.0882 4192 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

12:32:33.0882 4192 fdc - ok

12:32:33.0913 4192 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

12:32:33.0913 4192 FileInfo - ok

12:32:33.0944 4192 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

12:32:33.0944 4192 Filetrace - ok

12:32:33.0960 4192 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

12:32:33.0960 4192 flpydisk - ok

12:32:33.0991 4192 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

12:32:33.0991 4192 FltMgr - ok

12:32:34.0022 4192 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

12:32:34.0022 4192 FsDepends - ok

12:32:34.0038 4192 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

12:32:34.0038 4192 Fs_Rec - ok

12:32:34.0069 4192 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

12:32:34.0069 4192 fvevol - ok

12:32:34.0085 4192 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

12:32:34.0085 4192 gagp30kx - ok

12:32:34.0116 4192 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

12:32:34.0116 4192 GEARAspiWDM - ok

12:32:34.0178 4192 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

12:32:34.0178 4192 hcw85cir - ok

12:32:34.0225 4192 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

12:32:34.0241 4192 HdAudAddService - ok

12:32:34.0272 4192 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

12:32:34.0272 4192 HDAudBus - ok

12:32:34.0287 4192 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

12:32:34.0287 4192 HECIx64 - ok

12:32:34.0303 4192 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

12:32:34.0303 4192 HidBatt - ok

12:32:34.0350 4192 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

12:32:34.0350 4192 HidBth - ok

12:32:34.0381 4192 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

12:32:34.0381 4192 HidIr - ok

12:32:34.0397 4192 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

12:32:34.0397 4192 HidUsb - ok

12:32:34.0412 4192 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

12:32:34.0412 4192 HpSAMD - ok

12:32:34.0459 4192 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

12:32:34.0459 4192 HTTP - ok

12:32:34.0490 4192 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

12:32:34.0490 4192 hwpolicy - ok

12:32:34.0506 4192 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

12:32:34.0506 4192 i8042prt - ok

12:32:34.0553 4192 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

12:32:34.0553 4192 iaStorV - ok

12:32:34.0677 4192 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVia64.sys

12:32:34.0677 4192 IDSVia64 - ok

12:32:34.0865 4192 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys

12:32:35.0005 4192 igfx - ok

12:32:35.0052 4192 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

12:32:35.0052 4192 iirsp - ok

12:32:35.0161 4192 int15.sys (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\System32\OEM\Factory\int15.sys

12:32:35.0161 4192 int15.sys - ok

12:32:35.0223 4192 IntcAzAudAddService (935faa1a0af889f1ef46be55666100d0) C:\Windows\system32\drivers\RTKVHD64.sys

12:32:35.0239 4192 IntcAzAudAddService - ok

12:32:35.0255 4192 IntcDAud (d248aae81c156c0d47a77cd61bc24cd4) C:\Windows\system32\DRIVERS\IntcDAud.sys

12:32:35.0270 4192 IntcDAud - ok

12:32:35.0270 4192 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

12:32:35.0270 4192 intelide - ok

12:32:35.0301 4192 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

12:32:35.0301 4192 intelppm - ok

12:32:35.0333 4192 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:32:35.0333 4192 IpFilterDriver - ok

12:32:35.0364 4192 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

12:32:35.0379 4192 IPMIDRV - ok

12:32:35.0411 4192 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

12:32:35.0426 4192 IPNAT - ok

12:32:35.0457 4192 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

12:32:35.0473 4192 IRENUM - ok

12:32:35.0473 4192 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

12:32:35.0473 4192 isapnp - ok

12:32:35.0520 4192 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

12:32:35.0520 4192 iScsiPrt - ok

12:32:35.0551 4192 itecir (729cc577a823542aad779a0f1327bdb6) C:\Windows\system32\DRIVERS\itecir.sys

12:32:35.0551 4192 itecir - ok

12:32:35.0567 4192 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

12:32:35.0567 4192 kbdclass - ok

12:32:35.0582 4192 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

12:32:35.0582 4192 kbdhid - ok

12:32:35.0613 4192 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

12:32:35.0613 4192 KSecDD - ok

12:32:35.0629 4192 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

12:32:35.0629 4192 KSecPkg - ok

12:32:35.0645 4192 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

12:32:35.0645 4192 ksthunk - ok

12:32:35.0691 4192 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

12:32:35.0691 4192 lltdio - ok

12:32:35.0723 4192 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

12:32:35.0738 4192 LSI_FC - ok

12:32:35.0738 4192 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

12:32:35.0738 4192 LSI_SAS - ok

12:32:35.0754 4192 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

12:32:35.0754 4192 LSI_SAS2 - ok

12:32:35.0785 4192 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

12:32:35.0785 4192 LSI_SCSI - ok

12:32:35.0832 4192 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

12:32:35.0832 4192 luafv - ok

12:32:35.0879 4192 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

12:32:35.0879 4192 MBAMProtector - ok

12:32:35.0910 4192 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys

12:32:35.0910 4192 MBfilt - ok

12:32:35.0925 4192 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

12:32:35.0925 4192 megasas - ok

12:32:35.0941 4192 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

12:32:35.0941 4192 MegaSR - ok

12:32:35.0957 4192 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

12:32:35.0972 4192 Modem - ok

12:32:35.0988 4192 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

12:32:35.0988 4192 monitor - ok

12:32:35.0988 4192 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

12:32:35.0988 4192 mouclass - ok

12:32:36.0003 4192 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

12:32:36.0003 4192 mouhid - ok

12:32:36.0050 4192 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

12:32:36.0050 4192 mountmgr - ok

12:32:36.0066 4192 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

12:32:36.0081 4192 mpio - ok

12:32:36.0113 4192 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

12:32:36.0113 4192 mpsdrv - ok

12:32:36.0144 4192 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

12:32:36.0144 4192 MRxDAV - ok

12:32:36.0191 4192 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

12:32:36.0191 4192 mrxsmb - ok

12:32:36.0222 4192 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:32:36.0222 4192 mrxsmb10 - ok

12:32:36.0253 4192 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:32:36.0253 4192 mrxsmb20 - ok

12:32:36.0269 4192 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

12:32:36.0269 4192 msahci - ok

12:32:36.0284 4192 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

12:32:36.0284 4192 msdsm - ok

12:32:36.0315 4192 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

12:32:36.0315 4192 Msfs - ok

12:32:36.0347 4192 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

12:32:36.0347 4192 mshidkmdf - ok

12:32:36.0362 4192 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

12:32:36.0362 4192 msisadrv - ok

12:32:36.0393 4192 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

12:32:36.0393 4192 MSKSSRV - ok

12:32:36.0409 4192 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

12:32:36.0409 4192 MSPCLOCK - ok

12:32:36.0425 4192 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

12:32:36.0425 4192 MSPQM - ok

12:32:36.0471 4192 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

12:32:36.0471 4192 MsRPC - ok

12:32:36.0487 4192 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

12:32:36.0487 4192 mssmbios - ok

12:32:36.0503 4192 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

12:32:36.0503 4192 MSTEE - ok

12:32:36.0518 4192 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

12:32:36.0518 4192 MTConfig - ok

12:32:36.0534 4192 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

12:32:36.0534 4192 Mup - ok

12:32:36.0565 4192 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

12:32:36.0565 4192 NativeWifiP - ok

12:32:36.0643 4192 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\ENG64.SYS

12:32:36.0659 4192 NAVENG - ok

12:32:36.0721 4192 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\EX64.SYS

12:32:36.0752 4192 NAVEX15 - ok

12:32:36.0799 4192 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

12:32:36.0815 4192 NDIS - ok

12:32:36.0846 4192 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

12:32:36.0846 4192 NdisCap - ok

12:32:36.0893 4192 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

12:32:36.0893 4192 NdisTapi - ok

12:32:36.0924 4192 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

12:32:36.0924 4192 Ndisuio - ok

12:32:36.0955 4192 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

12:32:36.0955 4192 NdisWan - ok

12:32:36.0986 4192 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

12:32:36.0986 4192 NDProxy - ok

12:32:37.0002 4192 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

12:32:37.0002 4192 NetBIOS - ok

12:32:37.0033 4192 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

12:32:37.0049 4192 NetBT - ok

12:32:37.0111 4192 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys

12:32:37.0111 4192 netr28x - ok

12:32:37.0158 4192 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

12:32:37.0158 4192 nfrd960 - ok

12:32:37.0189 4192 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

12:32:37.0205 4192 Npfs - ok

12:32:37.0220 4192 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

12:32:37.0220 4192 nsiproxy - ok

12:32:37.0267 4192 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

12:32:37.0298 4192 Ntfs - ok

12:32:37.0314 4192 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

12:32:37.0314 4192 Null - ok

12:32:37.0345 4192 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

12:32:37.0345 4192 nvraid - ok

12:32:37.0361 4192 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

12:32:37.0361 4192 nvstor - ok

12:32:37.0423 4192 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

12:32:37.0423 4192 nv_agp - ok

12:32:37.0439 4192 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

12:32:37.0439 4192 ohci1394 - ok

12:32:37.0454 4192 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

12:32:37.0454 4192 Parport - ok

12:32:37.0501 4192 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

12:32:37.0501 4192 partmgr - ok

12:32:37.0517 4192 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

12:32:37.0517 4192 pci - ok

12:32:37.0532 4192 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

12:32:37.0532 4192 pciide - ok

12:32:37.0563 4192 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

12:32:37.0563 4192 pcmcia - ok

12:32:37.0595 4192 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

12:32:37.0595 4192 pcw - ok

12:32:37.0626 4192 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

12:32:37.0641 4192 PEAUTH - ok

12:32:37.0704 4192 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

12:32:37.0704 4192 PptpMiniport - ok

12:32:37.0704 4192 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

12:32:37.0704 4192 Processor - ok

12:32:37.0751 4192 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

12:32:37.0751 4192 Psched - ok

12:32:37.0813 4192 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

12:32:37.0844 4192 ql2300 - ok

12:32:37.0844 4192 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

12:32:37.0844 4192 ql40xx - ok

12:32:37.0875 4192 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

12:32:37.0875 4192 QWAVEdrv - ok

12:32:37.0891 4192 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

12:32:37.0891 4192 RasAcd - ok

12:32:37.0907 4192 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

12:32:37.0907 4192 RasAgileVpn - ok

12:32:37.0938 4192 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

12:32:37.0938 4192 Rasl2tp - ok

12:32:37.0953 4192 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

12:32:37.0953 4192 RasPppoe - ok

12:32:37.0969 4192 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

12:32:37.0969 4192 RasSstp - ok

12:32:38.0000 4192 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

12:32:38.0000 4192 rdbss - ok

12:32:38.0016 4192 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

12:32:38.0016 4192 rdpbus - ok

12:32:38.0031 4192 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

12:32:38.0031 4192 RDPCDD - ok

12:32:38.0063 4192 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

12:32:38.0063 4192 RDPENCDD - ok

12:32:38.0078 4192 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

12:32:38.0078 4192 RDPREFMP - ok

12:32:38.0109 4192 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

12:32:38.0109 4192 RDPWD - ok

12:32:38.0156 4192 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

12:32:38.0156 4192 rdyboost - ok

12:32:38.0187 4192 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

12:32:38.0187 4192 rspndr - ok

12:32:38.0234 4192 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\System32\Drivers\RtsUStor.sys

12:32:38.0234 4192 RSUSBSTOR - ok

12:32:38.0250 4192 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

12:32:38.0250 4192 sbp2port - ok

12:32:38.0297 4192 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

12:32:38.0297 4192 scfilter - ok

12:32:38.0328 4192 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

12:32:38.0328 4192 secdrv - ok

12:32:38.0359 4192 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

12:32:38.0359 4192 Serenum - ok

12:32:38.0375 4192 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

12:32:38.0375 4192 Serial - ok

12:32:38.0390 4192 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

12:32:38.0390 4192 sermouse - ok

12:32:38.0406 4192 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

12:32:38.0406 4192 sffdisk - ok

12:32:38.0421 4192 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

12:32:38.0421 4192 sffp_mmc - ok

12:32:38.0421 4192 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

12:32:38.0421 4192 sffp_sd - ok

12:32:38.0437 4192 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

12:32:38.0437 4192 sfloppy - ok

12:32:38.0453 4192 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

12:32:38.0453 4192 SiSRaid2 - ok

12:32:38.0468 4192 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

12:32:38.0468 4192 SiSRaid4 - ok

12:32:38.0484 4192 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

12:32:38.0484 4192 Smb - ok

12:32:38.0515 4192 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

12:32:38.0515 4192 spldr - ok

12:32:38.0577 4192 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS

12:32:38.0593 4192 SRTSP - ok

12:32:38.0609 4192 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS

12:32:38.0609 4192 SRTSPX - ok

12:32:38.0655 4192 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

12:32:38.0655 4192 srv - ok

12:32:38.0671 4192 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

12:32:38.0687 4192 srv2 - ok

12:32:38.0687 4192 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

12:32:38.0687 4192 srvnet - ok

12:32:38.0718 4192 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

12:32:38.0718 4192 stexstor - ok

12:32:38.0733 4192 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

12:32:38.0733 4192 swenum - ok

12:32:38.0780 4192 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS

12:32:38.0780 4192 SymDS - ok

12:32:38.0811 4192 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS

12:32:38.0827 4192 SymEFA - ok

12:32:38.0858 4192 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

12:32:38.0858 4192 SymEvent - ok

12:32:38.0889 4192 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS

12:32:38.0889 4192 SymIRON - ok

12:32:38.0921 4192 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS

12:32:38.0921 4192 SymNetS - ok

12:32:38.0999 4192 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

12:32:39.0030 4192 Tcpip - ok

12:32:39.0061 4192 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

12:32:39.0077 4192 TCPIP6 - ok

12:32:39.0108 4192 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

12:32:39.0108 4192 tcpipreg - ok

12:32:39.0123 4192 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

12:32:39.0123 4192 TDPIPE - ok

12:32:39.0155 4192 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

12:32:39.0155 4192 TDTCP - ok

12:32:39.0201 4192 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

12:32:39.0201 4192 tdx - ok

12:32:39.0217 4192 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

12:32:39.0217 4192 TermDD - ok

12:32:39.0264 4192 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

12:32:39.0264 4192 tssecsrv - ok

12:32:39.0311 4192 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

12:32:39.0311 4192 TsUsbFlt - ok

12:32:39.0342 4192 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

12:32:39.0342 4192 tunnel - ok

12:32:39.0373 4192 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

12:32:39.0373 4192 uagp35 - ok

12:32:39.0420 4192 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

12:32:39.0420 4192 udfs - ok

12:32:39.0435 4192 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

12:32:39.0435 4192 uliagpkx - ok

12:32:39.0467 4192 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

12:32:39.0467 4192 umbus - ok

12:32:39.0482 4192 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

12:32:39.0482 4192 UmPass - ok

12:32:39.0513 4192 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

12:32:39.0529 4192 USBAAPL64 - ok

12:32:39.0545 4192 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

12:32:39.0545 4192 usbccgp - ok

12:32:39.0576 4192 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

12:32:39.0576 4192 usbcir - ok

12:32:39.0607 4192 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

12:32:39.0607 4192 usbehci - ok

12:32:39.0623 4192 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

12:32:39.0623 4192 usbhub - ok

12:32:39.0638 4192 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

12:32:39.0638 4192 usbohci - ok

12:32:39.0669 4192 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

12:32:39.0669 4192 usbprint - ok

12:32:39.0716 4192 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:32:39.0716 4192 USBSTOR - ok

12:32:39.0716 4192 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

12:32:39.0732 4192 usbuhci - ok

12:32:39.0763 4192 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

12:32:39.0763 4192 usbvideo - ok

12:32:39.0779 4192 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

12:32:39.0779 4192 vdrvroot - ok

12:32:39.0794 4192 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

12:32:39.0794 4192 vga - ok

12:32:39.0825 4192 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

12:32:39.0841 4192 VgaSave - ok

12:32:39.0872 4192 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

12:32:39.0872 4192 vhdmp - ok

12:32:39.0888 4192 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

12:32:39.0888 4192 viaide - ok

12:32:39.0888 4192 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

12:32:39.0888 4192 volmgr - ok

12:32:39.0935 4192 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

12:32:39.0935 4192 volmgrx - ok

12:32:39.0966 4192 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

12:32:39.0966 4192 volsnap - ok

12:32:39.0997 4192 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

12:32:39.0997 4192 vsmraid - ok

12:32:40.0059 4192 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

12:32:40.0059 4192 vwifibus - ok

12:32:40.0091 4192 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

12:32:40.0091 4192 vwififlt - ok

12:32:40.0122 4192 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

12:32:40.0122 4192 vwifimp - ok

12:32:40.0137 4192 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

12:32:40.0137 4192 WacomPen - ok

12:32:40.0169 4192 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

12:32:40.0169 4192 WANARP - ok

12:32:40.0169 4192 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

12:32:40.0169 4192 Wanarpv6 - ok

12:32:40.0200 4192 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

12:32:40.0200 4192 Wd - ok

12:32:40.0231 4192 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

12:32:40.0231 4192 Wdf01000 - ok

12:32:40.0278 4192 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

12:32:40.0278 4192 WfpLwf - ok

12:32:40.0309 4192 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

12:32:40.0309 4192 WIMMount - ok

12:32:40.0356 4192 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

12:32:40.0356 4192 WinUsb - ok

12:32:40.0387 4192 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

12:32:40.0387 4192 WmiAcpi - ok

12:32:40.0403 4192 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

12:32:40.0403 4192 ws2ifsl - ok

12:32:40.0434 4192 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

12:32:40.0434 4192 WudfPf - ok

12:32:40.0465 4192 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

12:32:40.0465 4192 WUDFRd - ok

12:32:40.0496 4192 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys

12:32:40.0512 4192 xusb21 - ok

12:32:40.0605 4192 {60DB6561-0A84-4c94-AF33-288405CFD56D} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerCinema Movie\000.fcl

12:32:40.0605 4192 {60DB6561-0A84-4c94-AF33-288405CFD56D} - ok

12:32:40.0621 4192 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

12:32:40.0668 4192 \Device\Harddisk0\DR0 - ok

12:32:40.0668 4192 Boot (0x1200) (69f1d6595ccff5ed5e003954c3ddf376) \Device\Harddisk0\DR0\Partition0

12:32:40.0668 4192 \Device\Harddisk0\DR0\Partition0 - ok

12:32:40.0668 4192 Boot (0x1200) (f91a56594bb57a1e167718f5df3c7eac) \Device\Harddisk0\DR0\Partition1

12:32:40.0668 4192 \Device\Harddisk0\DR0\Partition1 - ok

12:32:40.0683 4192 ============================================================

12:32:40.0683 4192 Scan finished

12:32:40.0683 4192 ============================================================

12:32:40.0683 4180 Detected object count: 0

12:32:40.0683 4180 Actual detected object count: 0

12:33:13.0927 4936 Deinitialize success

Link to post
Share on other sites

Looking better.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Temporarily turn off (disable) your antivirus program.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

Even when ComboFix appears to be doing nothing, look at your Drive light.

If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Reply with a copy of the C:\Combofix.txt log

Re-enable your antivirus program.

Check to insure your Adobe Reader is up-to-date for any patches/fixes.

Start Adobe Reader. Go to the Help menu item, select the Check for Updates option, and follow the prompts.

Link to post
Share on other sites

Um. I ran combofix, but now I can't really do anything else. Whenever I click any icon, I get this pop-up "illegal operation being attempted on a registry key that has been marked for deletion." The only things I can run are icons that have the "run as admin" option if I right click it, but not everything has that option.. :( It was going so well..

I could not start adobe reader, and therefore could not update it.

Combofix log:

ComboFix 12-02-25.02 - Carelessjon 02/25/2012 16:25:19.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2363 [GMT -10:00]

Running from: c:\users\Carelessjon\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))

.

.

2012-02-26 02:34 . 2012-02-26 02:34 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-02-26 02:34 . 2012-02-26 02:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-25 15:33 . 2012-02-25 15:39 -------- d-----w- C:\SilentRunner

2012-02-25 15:04 . 2012-02-25 15:31 -------- d-----w- C:\ARK

2012-02-25 15:01 . 2012-02-25 15:01 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-25 04:43 . 2012-02-25 04:43 -------- d-----w- c:\program files (x86)\ESET

2012-02-25 04:30 . 2012-02-25 04:30 -------- d-----w- C:\_OTL

2012-02-24 06:50 . 2012-02-24 06:51 -------- d-----w- c:\users\Carelessjon\AppData\Roaming\QuickScan

2012-02-24 06:40 . 2012-02-24 06:40 -------- d-----w- C:\rsit

2012-02-24 06:40 . 2012-02-24 06:40 -------- d-----w- c:\program files\trend micro

2012-02-24 06:34 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEFE10DA-72EB-4B52-99B7-B47BDE9562A3}\mpengine.dll

2012-02-24 06:33 . 2012-02-24 06:34 -------- d-----w- c:\program files (x86)\ERUNT

2012-02-16 07:44 . 2012-02-16 07:44 -------- d-----w- c:\programdata\Intel

2012-02-15 09:52 . 2012-02-15 09:52 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-02-15 09:24 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 09:24 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-15 09:24 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-15 09:24 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-15 09:24 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-15 09:24 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-15 09:24 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-15 09:24 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-02-12 15:09 . 2012-02-25 05:19 -------- d-----w- c:\program files (x86)\Application Updater

2012-02-12 15:09 . 2012-02-12 15:09 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar

2012-02-12 15:09 . 2012-02-12 15:09 -------- d-----w- c:\program files (x86)\Common Files\Spigot

2012-02-02 12:20 . 2012-02-17 22:40 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

2012-01-31 13:56 . 2012-01-31 19:55 -------- d-----w- c:\windows\system32\drivers\NISx64\1305000.091

2012-01-29 03:33 . 2012-01-29 03:34 -------- d-----w- c:\program files\iTunes

2012-01-29 03:33 . 2012-01-29 03:33 -------- d-----w- c:\program files\iPod

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-17 05:22 . 2011-06-18 05:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-15 09:52 . 2010-12-31 10:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-01-31 13:56 . 2010-10-17 10:42 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-01-29 15:10 . 2012-01-21 03:09 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-11 08:43 . 2012-01-11 08:43 167704 ----a-w- c:\windows\system32\igfxtray.exe

2012-01-11 08:43 . 2012-01-11 08:43 510232 ----a-w- c:\windows\system32\igfxsrvc.exe

2012-01-11 08:43 . 2012-01-11 08:43 417560 ----a-w- c:\windows\system32\igfxpers.exe

2012-01-11 08:43 . 2012-01-11 08:43 239896 ----a-w- c:\windows\system32\igfxext.exe

2012-01-11 08:43 . 2012-01-11 08:43 4379416 ----a-w- c:\windows\system32\GfxUI.exe

2012-01-11 08:43 . 2012-01-11 08:43 392984 ----a-w- c:\windows\system32\hkcmd.exe

2012-01-11 08:43 . 2012-01-11 08:43 184600 ----a-w- c:\windows\system32\difx64.exe

2012-01-11 08:37 . 2012-01-11 08:37 90112 ----a-w- c:\windows\system32\igfxCoIn_v2622.dll

2012-01-11 08:28 . 2012-01-11 08:28 8313856 ----a-w- c:\windows\system32\igdumd64.dll

2012-01-11 08:28 . 2012-01-11 08:28 12311904 ----a-w- c:\windows\system32\drivers\igdkmd64.sys

2012-01-11 08:27 . 2012-01-11 08:27 867020 ----a-w- c:\windows\system32\igkrng575.bin

2012-01-11 08:27 . 2012-01-11 08:27 128204 ----a-w- c:\windows\system32\igcompkrng575.bin

2012-01-11 08:27 . 2012-01-11 08:27 105608 ----a-w- c:\windows\system32\igfcg575m.bin

2012-01-11 08:18 . 2010-08-26 05:31 6323712 ----a-w- c:\windows\SysWow64\igdumd32.dll

2012-01-11 08:12 . 2010-08-26 05:28 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll

2012-01-11 08:06 . 2010-08-26 05:26 9528832 ----a-w- c:\windows\system32\igd10umd64.dll

2012-01-11 07:55 . 2010-08-26 05:23 7988224 ----a-w- c:\windows\SysWow64\igd10umd32.dll

2012-01-11 07:42 . 2012-01-11 07:42 18653696 ----a-w- c:\windows\system32\ig4icd64.dll

2012-01-11 07:29 . 2012-01-11 07:29 13904384 ----a-w- c:\windows\SysWow64\ig4icd32.dll

2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrrom.lrc

2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrsky.lrc

2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc

2012-01-11 07:20 . 2012-01-11 07:20 286208 ----a-w- c:\windows\system32\igfxrslv.lrc

2012-01-11 07:20 . 2012-01-11 07:20 287232 ----a-w- c:\windows\system32\igfxresn.lrc

2012-01-11 07:20 . 2012-01-11 07:20 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc

2012-01-11 07:20 . 2012-01-11 07:20 286208 ----a-w- c:\windows\system32\igfxrsve.lrc

2012-01-11 07:20 . 2012-01-11 07:20 285696 ----a-w- c:\windows\system32\igfxrtha.lrc

2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrrus.lrc

2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrptg.lrc

2012-01-11 07:20 . 2012-01-11 07:20 286208 ----a-w- c:\windows\system32\igfxrptb.lrc

2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrplk.lrc

2012-01-11 07:20 . 2012-01-11 07:20 286208 ----a-w- c:\windows\system32\igfxrnor.lrc

2012-01-11 07:20 . 2012-01-11 07:20 283136 ----a-w- c:\windows\system32\igfxrkor.lrc

2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrita.lrc

2012-01-11 07:20 . 2012-01-11 07:20 286208 ----a-w- c:\windows\system32\igfxrhun.lrc

2012-01-11 07:20 . 2012-01-11 07:20 285184 ----a-w- c:\windows\system32\igfxrheb.lrc

2012-01-11 07:20 . 2012-01-11 07:20 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc

2012-01-11 07:20 . 2012-01-11 07:20 287232 ----a-w- c:\windows\system32\igfxrfra.lrc

2012-01-11 07:20 . 2012-01-11 07:20 287232 ----a-w- c:\windows\system32\igfxrell.lrc

2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc

2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrnld.lrc

2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc

2012-01-11 07:20 . 2012-01-11 07:20 286208 ----a-w- c:\windows\system32\igfxrfin.lrc

2012-01-11 07:20 . 2012-01-11 07:20 285696 ----a-w- c:\windows\system32\igfxrdan.lrc

2012-01-11 07:20 . 2012-01-11 07:20 285184 ----a-w- c:\windows\system32\igfxrara.lrc

2012-01-11 07:20 . 2012-01-11 07:20 282624 ----a-w- c:\windows\system32\igfxrcht.lrc

2012-01-11 07:20 . 2012-01-11 07:20 282624 ----a-w- c:\windows\system32\igfxrchs.lrc

2012-01-11 07:20 . 2012-01-11 07:20 126976 ----a-w- c:\windows\system32\igfxcpl.cpl

2012-01-11 07:20 . 2012-01-11 07:20 375808 ----a-w- c:\windows\system32\igfxpph.dll

2012-01-11 07:19 . 2012-01-11 07:19 378368 ----a-w- c:\windows\system32\igfxTMM.dll

2012-01-11 07:19 . 2012-01-11 07:19 28672 ----a-w- c:\windows\system32\igfxexps.dll

2012-01-11 07:19 . 2010-08-26 05:04 62464 ----a-w- c:\windows\system32\igfxsrvc.dll

2012-01-11 07:19 . 2010-08-26 05:04 110080 ----a-w- c:\windows\system32\hccutils.dll

2012-01-11 07:19 . 2012-01-11 07:19 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll

2012-01-11 07:19 . 2012-01-11 07:19 390656 ----a-w- c:\windows\system32\igfxdev.dll

2012-01-11 07:19 . 2012-01-11 07:19 146432 ----a-w- c:\windows\system32\gfxSrvc.dll

2012-01-11 07:18 . 2012-01-11 07:18 285696 ----a-w- c:\windows\system32\igfxrenu.lrc

2012-01-11 07:18 . 2012-01-11 07:18 142336 ----a-w- c:\windows\system32\igfxdo.dll

2012-01-11 07:18 . 2010-08-26 05:03 9014784 ----a-w- c:\windows\system32\igfxress.dll

2012-01-11 07:15 . 2012-01-11 07:15 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll

2012-01-11 07:14 . 2012-01-11 07:14 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll

2012-01-11 07:12 . 2012-01-11 07:12 98304 ----a-w- c:\windows\SysWow64\iglhcp32.dll

2012-01-11 07:12 . 2012-01-11 07:12 98304 ----a-w- c:\windows\system32\iglhcp64.dll

2012-01-11 07:12 . 2012-01-11 07:12 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll

2012-01-11 07:12 . 2012-01-11 07:12 376832 ----a-w- c:\windows\SysWow64\iglhsip32.dll

2012-01-11 07:12 . 2012-01-11 07:12 376832 ----a-w- c:\windows\system32\iglhsip64.dll

2012-01-11 07:12 . 2012-01-11 07:12 2177536 ----a-w- c:\windows\system32\igfxcmjit64.dll

2012-01-11 07:12 . 2012-01-11 07:12 171520 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll

2012-01-11 07:12 . 2012-01-11 07:12 1663488 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll

2012-01-11 07:12 . 2012-01-11 07:12 148480 ----a-w- c:\windows\system32\igfxcmrt64.dll

2011-12-11 01:24 . 2012-01-14 21:25 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-10 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2009-11-24 167008]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-02-08 74984]

"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2010-02-23 1016832]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-25 421888]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-14 460872]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-19 254696]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-9-21 9216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664]

R2 SBSDWSCService;SBSD Security Center Service; [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys [2011-09-02 1151096]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVia64.sys [2011-07-21 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 {60DB6561-0A84-4c94-AF33-288405CFD56D};Power Control [2010/04/12 00:48];c:\program files (x86)\CyberLink\PowerCinema Movie\000.fcl [2010-02-09 03:43 146928]

S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-14 652360]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-30 138248]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-29 2320920]

S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-29 243232]

S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2012-01-14 869216]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-14 138360]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 11:20]

.

2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 11:20]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TouchORB"="c:\program files (x86)\TouchSettings\TouchPortalOBR.exe" [2010-02-04 153416]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-23 10081312]

"TouchPortal"="c:\program files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe" [2010-03-09 6310432]

"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27361010l200p0427y155k45m1r27r

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll

FF - ProfilePath - c:\users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.minecraftwiki.net/wiki/Minecraft_Wiki

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)

BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

Toolbar-Locked - (no file)

Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

Toolbar-Locked - (no file)

WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{60DB6561-0A84-4c94-AF33-288405CFD56D}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerCinema Movie\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-368538222-2643626402-1821840259-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-368538222-2643626402-1821840259-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

.

**************************************************************************

.

Completion time: 2012-02-25 16:47:03 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-26 02:47

.

Pre-Run: 33,842,069,504 bytes free

Post-Run: 35,544,367,104 bytes free

.

- - End Of File - - 5B94ACC2255DB4E1BD17A4ACB200CD42

Awaiting orders, sir.

Link to post
Share on other sites

Locate, then use Notepad to open, copy all lines, then Paste into a reply C:\Qoobox\ComboFix-quarantined-files.txt

That will show us what Combofix quarantined (if any).

Then, start MBAM, do an Update run, then do a Quick scan. Copy & paste that log report back here.

You should have Rsitx64 on your Desktop. Start it & run. Copy & paste contents of Log.txt & Info.txt

Remember, you can use Winkey to begin the Start option, then type in to the search box the name of an exe to locate & run an application.

e.g. NOTEPAD for the Notepad applet.

MBAM.exe

Rsitx64.exe

Link to post
Share on other sites

Hi again, The Rsitx64 did not create an info.txt this time, only a log.txt

I'm sorry, but what do you mean by "Winkey"?

Combofix log:

2012-02-26 02:46:02 . 2012-02-26 02:46:02 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D}.reg.dat

2012-02-26 02:46:02 . 2012-02-26 02:46:02 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527}.reg.dat

2012-02-26 02:46:01 . 2012-02-26 02:46:01 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat

2012-02-26 02:45:51 . 2012-02-26 02:45:51 676 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233}.reg.dat

2012-02-26 02:45:51 . 2012-02-26 02:45:51 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat

2012-02-26 02:45:50 . 2012-02-26 02:45:50 718 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-BHO-{95B7759C-8C7F-4BF1-B163-73684A933233}.reg.dat

2012-02-26 02:45:49 . 2012-02-26 02:45:49 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527}.reg.dat

2012-02-26 02:29:54 . 2012-02-26 02:29:54 6,273 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2012-02-26 02:21:53 . 2012-02-26 02:21:53 51 ----a-w- C:\Qoobox\Quarantine\catchme.log

MBAM log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.25.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Carelessjon :: CARELESSJON-PC [administrator]

Protection: Enabled

2/25/2012 5:58:14 PM

mbam-log-2012-02-25 (17-58-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 221065

Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

RSIT log:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Carelessjon at 2012-02-25 18:05:11

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 33 GB (6%) free of 596 GB

Total RAM: 3895 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:05:19 PM, on 2/25/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\trend micro\Carelessjon.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27361010l200p0427y155k45m1r27r

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

O4 - HKLM\..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.star.hawaii.edu:10012/studentinterface/PrintScript/smsx.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown owner - (no file)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 12394 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

/QuitInfo:0000000000000264;00000000000002C8; /AddRef;

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

"C:\Program Files\Bonjour\mDNSResponder.exe"

"C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"

"C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll" /prefetch:1

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe"

"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe"

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

WLIDSvcM.exe 1856

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

"taskhost.exe"

"C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe" /c /a /s UserSession

/QuitInfo:00000000000008D4;00000000000008D8; /AddRef;

/QuitInfo:0000000000000884;00000000000008B8;

/loadhooks /Parent:00000000000004E0

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /startalways

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files (x86)\Internet Explorer\iexplore.exe"

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3956 CREDAT:145409

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Users\Carelessjon\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default

prefs.js - "browser.startup.homepage" - "http://www.minecraftwiki.net/wiki/Minecraft_Wiki"

prefs.js - "extensions.enabledItems" - "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.8.1.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2, {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.2.1.6, wtxpcom@mybrowserbar.com:4.9, youtubedownloader@mybrowserbar.com:4.9, {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}:1.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.25"

prefs.js - "keyword.URL" - "chrome://browser-region/locale/region.properties"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 10.1 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0]

"Description"=Virtual Earth 3D

"Path"=C:\Program Files (x86)\Virtual Earth 3D\

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nexon.net/NxGame]

"Description"=Nexon Game Controller

"Path"=C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]

"Description"=This plugin detects and launches Pando Media Booster

"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0]

"Description"=

"Path"=C:\Program Files (x86)\Virtual Earth 3D\

C:\Program Files (x86)\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\

npdeployJava1.dll

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

npqtplugin7.dll

QuickTimePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\

amazondotcom.xml

avg-secure-search.xml

bing.xml

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\

adblockpopups@jessehakanen.net

{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}

{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-01-11 458352]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll [2011-12-14 501176]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL [2011-11-23 210360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-14 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

AVG Security Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-11 342128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-14 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-01-11 458352]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll [2011-12-14 501176]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-11 342128]

{95B7759C-8C7F-4BF1-B163-73684A933233} -

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"TouchORB"=C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe [2010-02-03 153416]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-02-23 10081312]

"TouchPortal"=C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe [2010-03-08 6310432]

"RunDLLEntry_THXCfg"=C:\Windows\system32\THXCfg64.dll [2009-09-30 17920]

"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-01-10 167704]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-01-10 392984]

"Persistence"=C:\Windows\system32\igfxpers.exe [2012-01-10 417560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-03-10 39408]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"UCam_Menu"=C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

"YouCam Mirror Tray icon"=C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2009-11-23 167008]

"BDRegion"=C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [2010-02-08 74984]

"THX Audio Control Panel"=C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [2010-02-22 1016832]

"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-10 90112]

"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-01 59240]

"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]

"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]

"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-01-16 421736]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2012-01-10 390656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-11-12 249344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-02-25 16:47:08 ----D---- C:\Windows\temp

2012-02-25 16:47:06 ----A---- C:\ComboFix.txt

2012-02-25 16:22:01 ----A---- C:\Windows\zip.exe

2012-02-25 16:22:01 ----A---- C:\Windows\SWSC.exe

2012-02-25 16:22:01 ----A---- C:\Windows\SWREG.exe

2012-02-25 16:22:01 ----A---- C:\Windows\sed.exe

2012-02-25 16:22:01 ----A---- C:\Windows\PEV.exe

2012-02-25 16:22:01 ----A---- C:\Windows\NIRCMD.exe

2012-02-25 16:22:01 ----A---- C:\Windows\MBR.exe

2012-02-25 16:22:01 ----A---- C:\Windows\grep.exe

2012-02-25 16:21:50 ----D---- C:\Qoobox

2012-02-25 12:32:19 ----A---- C:\TDSSKiller.2.7.14.0_25.02.2012_12.32.19_log.txt

2012-02-25 05:33:38 ----D---- C:\SilentRunner

2012-02-25 05:04:30 ----D---- C:\ARK

2012-02-25 05:01:20 ----D---- C:\TDSSKiller_Quarantine

2012-02-25 04:59:13 ----A---- C:\TDSSKiller.2.7.14.0_25.02.2012_04.59.13_log.txt

2012-02-24 18:43:55 ----D---- C:\Program Files (x86)\ESET

2012-02-24 18:30:51 ----D---- C:\_OTL

2012-02-23 20:50:58 ----D---- C:\Users\Carelessjon\AppData\Roaming\QuickScan

2012-02-23 20:40:15 ----D---- C:\rsit

2012-02-23 20:40:15 ----D---- C:\Program Files\trend micro

2012-02-23 20:35:04 ----D---- C:\Windows\ERDNT

2012-02-23 20:33:52 ----D---- C:\Program Files (x86)\ERUNT

2012-02-15 21:44:05 ----D---- C:\ProgramData\Intel

2012-02-15 00:40:31 ----A---- C:\Windows\system32\MRT.INI

2012-02-15 00:37:41 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2012-02-15 00:37:41 ----A---- C:\Windows\system32\mshtmled.dll

2012-02-15 00:37:40 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2012-02-15 00:37:40 ----A---- C:\Windows\system32\jscript9.dll

2012-02-15 00:37:40 ----A---- C:\Windows\system32\iertutil.dll

2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\url.dll

2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\jscript.dll

2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\ieui.dll

2012-02-15 00:37:39 ----A---- C:\Windows\system32\url.dll

2012-02-15 00:37:39 ----A---- C:\Windows\system32\jscript.dll

2012-02-15 00:37:39 ----A---- C:\Windows\system32\ieui.dll

2012-02-15 00:37:38 ----A---- C:\Windows\SYSWOW64\wininet.dll

2012-02-15 00:37:38 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2012-02-15 00:37:38 ----A---- C:\Windows\system32\wininet.dll

2012-02-15 00:37:38 ----A---- C:\Windows\system32\urlmon.dll

2012-02-15 00:37:38 ----A---- C:\Windows\system32\jsproxy.dll

2012-02-15 00:37:37 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2012-02-15 00:37:36 ----A---- C:\Windows\system32\mshtml.dll

2012-02-15 00:37:35 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2012-02-15 00:37:34 ----A---- C:\Windows\system32\ieframe.dll

2012-02-14 23:52:40 ----A---- C:\Windows\SYSWOW64\javaws.exe

2012-02-14 23:52:40 ----A---- C:\Windows\SYSWOW64\javaw.exe

2012-02-14 23:52:40 ----A---- C:\Windows\SYSWOW64\java.exe

2012-02-14 23:24:35 ----A---- C:\Windows\system32\shell32.dll

2012-02-14 23:24:33 ----A---- C:\Windows\SYSWOW64\shell32.dll

2012-02-14 23:24:33 ----A---- C:\Windows\SYSWOW64\ntshrui.dll

2012-02-14 23:24:33 ----A---- C:\Windows\system32\ntshrui.dll

2012-02-14 23:24:29 ----A---- C:\Windows\system32\win32k.sys

2012-02-14 23:24:28 ----A---- C:\Windows\system32\drivers\afd.sys

2012-02-14 23:24:25 ----A---- C:\Windows\SYSWOW64\msvcrt.dll

2012-02-14 23:24:25 ----A---- C:\Windows\system32\msvcrt.dll

2012-02-12 05:09:02 ----D---- C:\Program Files (x86)\YouTube Downloader Toolbar

2012-02-12 05:09:02 ----D---- C:\Program Files (x86)\Application Updater

2012-01-28 17:33:17 ----D---- C:\Program Files\iTunes

2012-01-28 17:33:17 ----D---- C:\Program Files\iPod

======List of files/folders modified in the last 1 month======

2012-02-25 17:59:19 ----D---- C:\Windows\system32\config

2012-02-25 16:52:57 ----SHD---- C:\Windows\Installer

2012-02-25 16:52:50 ----D---- C:\ProgramData\Adobe

2012-02-25 16:47:09 ----D---- C:\Windows\system32\drivers

2012-02-25 16:47:08 ----D---- C:\Windows

2012-02-25 16:42:00 ----A---- C:\Windows\system.ini

2012-02-25 16:41:53 ----D---- C:\Windows\system32\drivers\etc

2012-02-25 16:41:07 ----D---- C:\Windows\System32

2012-02-25 16:41:07 ----D---- C:\Windows\inf

2012-02-25 16:41:07 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-02-25 16:36:55 ----A---- C:\Windows\SYSWOW64\log.txt

2012-02-25 16:29:12 ----D---- C:\Windows\SYSWOW64\drivers

2012-02-25 16:29:12 ----D---- C:\Windows\SysWOW64

2012-02-25 16:29:12 ----D---- C:\Windows\AppPatch

2012-02-25 16:29:11 ----D---- C:\Program Files\Common Files

2012-02-25 16:29:11 ----D---- C:\Program Files (x86)\Common Files

2012-02-24 19:37:05 ----D---- C:\ProgramData\YouTube Downloader

2012-02-24 18:43:59 ----D---- C:\Windows\Downloaded Program Files

2012-02-24 18:43:55 ----RD---- C:\Program Files (x86)

2012-02-24 18:31:11 ----SHD---- C:\System Volume Information

2012-02-24 18:28:04 ----D---- C:\Windows\Prefetch

2012-02-23 20:40:15 ----RD---- C:\Program Files

2012-02-22 13:25:14 ----A---- C:\Windows\wininit.ini

2012-02-21 22:10:14 ----D---- C:\Windows\system32\Tasks

2012-02-17 12:40:50 ----D---- C:\Program Files (x86)\Mozilla Firefox

2012-02-16 13:41:29 ----RSD---- C:\Windows\assembly

2012-02-16 13:41:29 ----D---- C:\Windows\Microsoft.NET

2012-02-15 21:44:05 ----D---- C:\ProgramData

2012-02-15 21:42:34 ----D---- C:\Windows\system32\catroot2

2012-02-15 21:41:58 ----D---- C:\Program Files (x86)\Intel

2012-02-15 21:41:22 ----D---- C:\Windows\system32\catroot

2012-02-15 21:41:18 ----D---- C:\Windows\system32\DriverStore

2012-02-15 17:51:24 ----D---- C:\Windows\winsxs

2012-02-15 17:49:50 ----D---- C:\Windows\SYSWOW64\migration

2012-02-15 17:49:50 ----D---- C:\Windows\system32\migration

2012-02-15 17:49:50 ----D---- C:\Program Files\Internet Explorer

2012-02-15 17:49:50 ----D---- C:\Program Files (x86)\Internet Explorer

2012-02-15 00:41:18 ----D---- C:\Program Files (x86)\Microsoft Silverlight

2012-02-15 00:38:39 ----D---- C:\Windows\debug

2012-02-15 00:38:37 ----A---- C:\Windows\system32\MRT.exe

2012-02-14 23:52:35 ----A---- C:\Windows\SYSWOW64\deployJava1.dll

2012-02-14 22:55:50 ----D---- C:\Windows\system32\NDF

2012-02-13 13:29:04 ----D---- C:\Users\Carelessjon\AppData\Roaming\uTorrent

2012-02-09 10:25:30 ----D---- C:\Windows\system32\FxsTmp

2012-02-01 16:12:33 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-01-31 09:56:35 ----D---- C:\Windows\system32\drivers\NISx64

2012-01-31 03:57:07 ----D---- C:\Program Files\Symantec

2012-01-30 12:01:20 ----D---- C:\ProgramData\AVG Secure Search

2012-01-29 05:10:42 ----N---- C:\Windows\system32\MpSigStub.exe

2012-01-28 17:34:01 ----D---- C:\Program Files (x86)\iTunes

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [2011-07-25 451192]

R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [2011-11-23 1092728]

R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys [2011-09-01 1151096]

R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [2011-11-04 167048]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2011-12-14 482936]

R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVia64.sys [2011-07-20 488568]

R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS [2011-11-23 37496]

R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [2011-11-16 190072]

R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [2011-11-16 405624]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]

R2 {60DB6561-0A84-4c94-AF33-288405CFD56D};Power Control [2010/04/12 00:48:29]; \??\C:\Program Files (x86)\CyberLink\PowerCinema Movie\000.fcl [2010-02-08 146928]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K; C:\Windows\system32\DRIVERS\e1k62x64.sys [2009-12-24 294064]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-14 138360]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]

R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-01-10 12311904]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-02-23 2272544]

R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2009-12-24 244736]

R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2010-02-24 67616]

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 23152]

R3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2010-02-01 852256]

R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2012-01-31 175736]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-13 95232]

S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []

S3 int15.sys;int15.sys; \??\C:\Windows\syswow64\OEM\Factory\int15.sys []

S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\ENG64.SYS [2011-12-14 117880]

S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\EX64.SYS [2011-12-14 2048632]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-02-08 239136]

S3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS [2011-11-23 738936]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-05-10 51712]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-08-13 73984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

R2 Greg_Service;GRegService; C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-27 1150496]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2009-12-28 268824]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-29 138248]

R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-28 2320920]

R2 Updater Service;Updater Service; C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]

R2 vToolbarUpdater;vToolbarUpdater; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2012-01-14 869216]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664]

S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe [2009-10-09 238328]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664]

S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-10 182768]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 934760]

S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-01-15 935208]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-03 441712]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-18 1255736]

-----------------EOF-----------------

Link to post
Share on other sites

Hello,

Winkey is the Windows key on your keyboard (lower left-hand on keyboard). Most all modern-day keyboards have it.

Let's try this registry fix to see if it helps your current issue.

Please download ExeFix.reg by farbar and save it to a flashdrive or on the root of the system drive (usually C:).

  • Important: Boot your computer into the account that has trouble running exe files.
  • Right-click it and select Merge.

Logoff & Restart system fresh. Tell me, How is it now?

Also, I need for us to square away your anti-virus program situation: Logs showed presence of Norton/Symantec & AVG.

Was AVG the latest one that you setup?

Did Norton come pre-installed from factory?

There should only be one active anti-virus app & it needs to be current & up-to-date.

Link to post
Share on other sites

Alright. WTG.

Kindly make it plainly clear to me: which one of the anti-virus is currently installed?

Cause you will need to run a cleanup tool to completely remove the other.

Also, Check to insure your Adobe Reader is up-to-date for any patches/fixes.

Start Adobe Reader. Go to the Help menu item, select the Check for Updates option, and follow the prompts.

Next, you already have Security Check utility. Run it one more time. Then copy/paste the new Checkup.txt

Tell me if all else is OK ?

I think on next round we can have you do the final closure steps.

Link to post
Share on other sites

I believe Norton is currently installed. I could have sworn I uninstalled avg already using avg remover.

Yes, all else seems to be fine. All systems green!

Results of screen317's Security Check version 0.99.31

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

Java 6 Update 31

Adobe Flash Player 11.1.102.62

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox (10.0.2)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

``````````End of Log````````````

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.