Svchost.exe does not go away.

Jonkiote · February 22, 2012

Hi, I'm getting repeated notices that malwarebytes is blocking a program called svchost.exe. I have no idea what to do in order to fix it, and I would greatly appreciate your assistance. It is incredibly annoying to have those little balloons show up every minute or so with the occasional pop-up telling me to quarantine svchost.

While I don't think svchost has actually caused any damage yet, there was this one instance where I got the quarantine pop-up and my computer started running really slow. So I opened up task manager, and found svchost taking up quite a bit of memory. I quickly shut down the process and ran a quick scan with Malwarebytes which revealed 2 infections which were svchost and svchost(memory)? Needless to say, I deleted them and restarted, but the balloons still appear. It should also be noted that every time I use the scan be it quick or full, the same 2 infections appear every time.

Here is the DDS log I got by running DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Carelessjon at 20:55:33 on 2012-02-21

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1629 [GMT -10:00]

.

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

-netsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe

C:\Program Files (x86)\Java\jre6\bin\java.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27361010l200p0427y155k45m1r27r

mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27361010l200p0427y155k45m1r27r

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27361010l200p0427y155k45m1r27r

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll

uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll

mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll

BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: {95b7759c-8c7f-4bf1-b163-73684a933233} - AVG Security Toolbar

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} -

TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [<NO NAME>]

mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.star.hawaii.edu:10012/studentinterface/PrintScript/smsx.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{96059DF4-BD72-42CB-9A0E-796370067E7B} : DhcpNameServer = 192.168.2.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll

BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - AVG Safe Search

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: {95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll

TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll

TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -

TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll

mRun-x64: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

mRun-x64: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [(Default)]

mRun-x64: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.minecraftwiki.net/wiki/Minecraft_Wiki

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\components\IPSFFPl.dll

FF - component: C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko5.dll

FF - component: C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko6.dll

FF - component: C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko7.dll

FF - component: C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko8.dll

FF - component: C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko9.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys [2011-12-14 1151096]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSviA64.sys [2011-12-14 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 {60DB6561-0A84-4c94-AF33-288405CFD56D};Power Control [2010/04/12 00:48:29];C:\Program Files (x86)\CyberLink\PowerCinema Movie\000.fcl [2010-2-8 146928]

R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-2-6 748440]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-27 1150496]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-1 652360]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe [2012-1-31 138248]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-3-10 2320920]

R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-3-10 243232]

R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2012-1-14 869216]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-14 138360]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664]

S2 SBSDWSCService;SBSD Security Center Service; [x]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-02-22 01:05:47 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AE8CA75F-975E-407B-AB5A-9D41891355EF}\mpengine.dll

2012-02-15 09:24:33 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-15 09:24:33 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-15 09:24:30 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-15 09:24:30 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-02-15 09:24:29 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-02-15 09:24:28 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-02-15 09:24:25 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-02-15 09:24:25 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2012-02-12 15:09:02 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar

2012-02-12 15:09:02 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot

2012-02-12 15:09:02 -------- d-----w- C:\Program Files (x86)\Application Updater

2012-02-02 12:20:25 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2012-01-31 13:56:42 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\symnets.sys

2012-01-31 13:56:42 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\symefa64.sys

2012-01-31 13:56:41 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\srtsp64.sys

2012-01-31 13:56:41 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1305000.091\symds64.sys

2012-01-31 13:56:41 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\srtspx64.sys

2012-01-31 13:56:41 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\ironx64.sys

2012-01-31 13:56:41 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\ccsetx64.sys

2012-01-31 13:56:36 -------- d-----w- C:\Windows\System32\drivers\NISx64\1305000.091

2012-01-29 03:33:17 -------- d-----w- C:\Program Files\iTunes

2012-01-29 03:33:17 -------- d-----w- C:\Program Files\iPod

2012-01-25 00:31:47 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

.

==================== Find3M ====================

.

2012-02-17 05:22:51 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-15 09:52:35 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-01-31 13:56:47 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-01-29 15:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-11 08:43:30 167704 ----a-w- C:\Windows\System32\igfxtray.exe

2012-01-11 08:43:28 510232 ----a-w- C:\Windows\System32\igfxsrvc.exe

2012-01-11 08:43:26 417560 ----a-w- C:\Windows\System32\igfxpers.exe

2012-01-11 08:43:20 239896 ----a-w- C:\Windows\System32\igfxext.exe

2012-01-11 08:43:08 4379416 ----a-w- C:\Windows\System32\GfxUI.exe

2012-01-11 08:43:08 392984 ----a-w- C:\Windows\System32\hkcmd.exe

2012-01-11 08:43:06 184600 ----a-w- C:\Windows\System32\difx64.exe

2012-01-11 08:37:38 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2622.dll

2012-01-11 08:28:32 8313856 ----a-w- C:\Windows\System32\igdumd64.dll

2012-01-11 08:28:18 12311904 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys

2012-01-11 08:27:26 867020 ----a-w- C:\Windows\SysWow64\igkrng575.bin

2012-01-11 08:27:26 867020 ----a-w- C:\Windows\System32\igkrng575.bin

2012-01-11 08:27:26 128204 ----a-w- C:\Windows\SysWow64\igcompkrng575.bin

2012-01-11 08:27:26 128204 ----a-w- C:\Windows\System32\igcompkrng575.bin

2012-01-11 08:27:26 105608 ----a-w- C:\Windows\SysWow64\igfcg575m.bin

2012-01-11 08:27:26 105608 ----a-w- C:\Windows\System32\igfcg575m.bin

2012-01-11 08:18:36 6323712 ----a-w- C:\Windows\SysWow64\igdumd32.dll

2012-01-11 08:12:26 581120 ----a-w- C:\Windows\SysWow64\igdumdx32.dll

2012-01-11 08:06:22 9528832 ----a-w- C:\Windows\System32\igd10umd64.dll

2012-01-11 07:55:08 7988224 ----a-w- C:\Windows\SysWow64\igd10umd32.dll

2012-01-11 07:42:26 18653696 ----a-w- C:\Windows\System32\ig4icd64.dll

2012-01-11 07:29:54 13904384 ----a-w- C:\Windows\SysWow64\ig4icd32.dll

2012-01-11 07:19:58 378368 ----a-w- C:\Windows\System32\igfxTMM.dll

2012-01-11 07:19:52 28672 ----a-w- C:\Windows\System32\igfxexps.dll

2012-01-11 07:19:42 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll

2012-01-11 07:19:14 110080 ----a-w- C:\Windows\System32\hccutils.dll

2012-01-11 07:19:06 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll

2012-01-11 07:19:06 390656 ----a-w- C:\Windows\System32\igfxdev.dll

2012-01-11 07:19:06 146432 ----a-w- C:\Windows\System32\gfxSrvc.dll

2012-01-11 07:18:36 285696 ----a-w- C:\Windows\System32\igfxrenu.lrc

2012-01-11 07:18:32 9014784 ----a-w- C:\Windows\System32\igfxress.dll

2012-01-11 07:18:32 142336 ----a-w- C:\Windows\System32\igfxdo.dll

2012-01-11 07:15:16 24576 ----a-w- C:\Windows\SysWow64\igfxexps32.dll

2012-01-11 07:14:34 294400 ----a-w- C:\Windows\SysWow64\igfxdv32.dll

2012-01-11 07:12:12 98304 ----a-w- C:\Windows\SysWow64\iglhcp32.dll

2012-01-11 07:12:12 98304 ----a-w- C:\Windows\System32\iglhcp64.dll

2012-01-11 07:12:12 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll

2012-01-11 07:12:12 376832 ----a-w- C:\Windows\SysWow64\iglhsip32.dll

2012-01-11 07:12:12 376832 ----a-w- C:\Windows\System32\iglhsip64.dll

2012-01-11 07:12:12 2177536 ----a-w- C:\Windows\System32\igfxcmjit64.dll

2012-01-11 07:12:12 171520 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll

2012-01-11 07:12:12 1663488 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll

2012-01-11 07:12:12 148480 ----a-w- C:\Windows\System32\igfxcmrt64.dll

2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll

2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-12-11 01:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 20:56:43.00 ===============

Jonkiote · February 22, 2012

This might be a different problem, but google keeps directing me to gimmieanswers.org and then malwarebytes blocks "Process: Firefox.exe".

Is my Firefox bugged now too?

Maurice Naggar · February 23, 2012

Hello Jonkiote, and welcome to MalwareBytes forum.

Please do the following.

First, disable Teatimer and keep it disabled, otherwise it will revert any malware fixes we may do.

Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode

then select Advanced Mode

On the left hand side, slect Tools

Then click on the Resident icon in the list

Uncheck Resident TeaTimer and OK any prompts.

Now Logoff & Restart your computer fresh.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

Go to your Desktop

Double-Click the Computer icon.
From the menu options, Select Tools, then Folder Options.
Next click the View tab.
Locate and uncheck Hide file extensions for known file types.
Locate and uncheck Hide protected operating system files (Recommended).
Locate and click Show hidden files and folders and drives.
Click Apply > OK.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

Run Security Check
Follow the onscreen instructions inside of the command window.
A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender.

Use separate replies as needed if logs do not fit into one reply box.

Edited February 23, 2012 by Maurice Naggar

Jonkiote · February 24, 2012

Here is the Log.txt:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Carelessjon at 2012-02-23 20:40:15

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 29 GB (5%) free of 596 GB

Total RAM: 3895 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:40:30 PM, on 2/23/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files\trend micro\Carelessjon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27361010l200p0427y155k45m1r27r

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27361010l200p0427y155k45m1r27r

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27361010l200p0427y155k45m1r27r

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll

R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

O4 - HKLM\..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.star.hawaii.edu:10012/studentinterface/PrintScript/smsx.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown owner - (no file)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14405 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

/QuitInfo:0000000000000304;0000000000000318; /AddRef;

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

"C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe"

"C:\Program Files\Bonjour\mDNSResponder.exe"

"C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"

"C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll" /prefetch:1

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe"

"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe"

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

WLIDSvcM.exe 1988

-netsvcs

\??\C:\Windows\system32\conhost.exe "59880542667788685646282671-1373317506-10043856741464174483-1192844600-161465234

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe" /c /a /s UserSession2

/QuitInfo:00000000000008B0;00000000000008B4; /AddRef;

/QuitInfo:00000000000007A8;00000000000008BC;

/loadhooks /Parent:0000000000000984

"taskhost.exe"

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

"C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe"

"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s

"C:\Windows\System32\rundll32.exe" C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

"C:\Windows\System32\igfxtray.exe"

"C:\Windows\System32\hkcmd.exe"

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

C:\Windows\system32\wbem\unsecapp.exe -Embedding

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

"C:\Program Files (x86)\CyberLink\Shared files\brs.exe"

"C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

"C:\Program Files\iPod\bin\iPodService.exe"

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"

C:\Windows\System32\svchost.exe -k secsvcs

"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"

C:\Windows\servicing\TrustedInstaller.exe

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\ERUNT\README.TXT

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528

"C:\Users\Carelessjon\Desktop\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default

prefs.js - "browser.startup.homepage" - "http://www.minecraftwiki.net/wiki/Minecraft_Wiki"

prefs.js - "extensions.enabledItems" - "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.8.1.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2, {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.2.1.6, wtxpcom@mybrowserbar.com:4.9, youtubedownloader@mybrowserbar.com:4.9, {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}:1.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.25"

prefs.js - "keyword.URL" - "chrome://browser-region/locale/region.properties"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 10.1 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0]

"Description"=Virtual Earth 3D

"Path"=C:\Program Files (x86)\Virtual Earth 3D\

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nexon.net/NxGame]

"Description"=Nexon Game Controller

"Path"=C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]

"Description"=This plugin detects and launches Pando Media Booster

"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0]

"Description"=

"Path"=C:\Program Files (x86)\Virtual Earth 3D\

C:\Program Files (x86)\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\

npdeployJava1.dll

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

npqtplugin7.dll

QuickTimePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\

amazondotcom.xml

avg-secure-search.xml

bing.xml

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\

adblockpopups@jessehakanen.net

{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}

{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-01-11 458352]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll [2011-12-14 501176]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL [2011-11-23 210360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-14 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

AVG Security Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-11 342128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-14 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]

YouTube Downloader Toolbar - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll [2012-02-06 1074016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-01-11 458352]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll [2011-12-14 501176]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-11 342128]

{95B7759C-8C7F-4BF1-B163-73684A933233} -

{F3FEE66E-E034-436a-86E4-9690573BEE8A} - YouTube Downloader Toolbar - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll [2012-02-06 1074016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"TouchORB"=C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe [2010-02-03 153416]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-02-23 10081312]

"TouchPortal"=C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe [2010-03-08 6310432]

"RunDLLEntry_THXCfg"=C:\Windows\system32\THXCfg64.dll [2009-09-30 17920]

"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-01-10 167704]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-01-10 392984]

"Persistence"=C:\Windows\system32\igfxpers.exe [2012-01-10 417560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-03-10 39408]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"UCam_Menu"=C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

"YouCam Mirror Tray icon"=C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2009-11-23 167008]

"BDRegion"=C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [2010-02-08 74984]

"THX Audio Control Panel"=C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [2010-02-22 1016832]

"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-10 90112]

"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-01 59240]

"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]

"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]

"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-01-16 421736]

""= []

"SearchSettings"=C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [2012-02-06 934240]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2012-01-10 390656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-02-23 20:40:15 ----D---- C:\rsit

2012-02-23 20:40:15 ----D---- C:\Program Files\trend micro

2012-02-23 20:35:04 ----D---- C:\Windows\ERDNT

2012-02-23 20:33:52 ----D---- C:\Program Files (x86)\ERUNT

2012-02-15 21:44:05 ----D---- C:\ProgramData\Intel

2012-02-15 00:40:31 ----A---- C:\Windows\system32\MRT.INI

2012-02-15 00:37:41 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2012-02-15 00:37:41 ----A---- C:\Windows\system32\mshtmled.dll

2012-02-15 00:37:40 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2012-02-15 00:37:40 ----A---- C:\Windows\system32\jscript9.dll

2012-02-15 00:37:40 ----A---- C:\Windows\system32\iertutil.dll

2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\url.dll

2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\jscript.dll

2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\ieui.dll

2012-02-15 00:37:39 ----A---- C:\Windows\system32\url.dll

2012-02-15 00:37:39 ----A---- C:\Windows\system32\jscript.dll

2012-02-15 00:37:39 ----A---- C:\Windows\system32\ieui.dll

2012-02-15 00:37:38 ----A---- C:\Windows\SYSWOW64\wininet.dll

2012-02-15 00:37:38 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2012-02-15 00:37:38 ----A---- C:\Windows\system32\wininet.dll

2012-02-15 00:37:38 ----A---- C:\Windows\system32\urlmon.dll

2012-02-15 00:37:38 ----A---- C:\Windows\system32\jsproxy.dll

2012-02-15 00:37:37 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2012-02-15 00:37:36 ----A---- C:\Windows\system32\mshtml.dll

2012-02-15 00:37:35 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2012-02-15 00:37:34 ----A---- C:\Windows\system32\ieframe.dll

2012-02-14 23:52:40 ----A---- C:\Windows\SYSWOW64\javaws.exe

2012-02-14 23:52:40 ----A---- C:\Windows\SYSWOW64\javaw.exe

2012-02-14 23:52:40 ----A---- C:\Windows\SYSWOW64\java.exe

2012-02-14 23:24:35 ----A---- C:\Windows\system32\shell32.dll

2012-02-14 23:24:33 ----A---- C:\Windows\SYSWOW64\shell32.dll

2012-02-14 23:24:33 ----A---- C:\Windows\SYSWOW64\ntshrui.dll

2012-02-14 23:24:33 ----A---- C:\Windows\system32\ntshrui.dll

2012-02-14 23:24:29 ----A---- C:\Windows\system32\win32k.sys

2012-02-14 23:24:28 ----A---- C:\Windows\system32\drivers\afd.sys

2012-02-14 23:24:25 ----A---- C:\Windows\SYSWOW64\msvcrt.dll

2012-02-14 23:24:25 ----A---- C:\Windows\system32\msvcrt.dll

2012-02-12 05:09:02 ----D---- C:\Program Files (x86)\YouTube Downloader Toolbar

2012-02-12 05:09:02 ----D---- C:\Program Files (x86)\Application Updater

2012-01-28 17:33:17 ----D---- C:\Program Files\iTunes

2012-01-28 17:33:17 ----D---- C:\Program Files\iPod

======List of files/folders modified in the last 1 month======

2012-02-23 20:40:29 ----D---- C:\Windows\Prefetch

2012-02-23 20:40:26 ----D---- C:\Windows\Temp

2012-02-23 20:40:15 ----RD---- C:\Program Files

2012-02-23 20:35:04 ----D---- C:\Windows

2012-02-23 20:34:32 ----D---- C:\Windows\System32

2012-02-23 20:34:32 ----D---- C:\Windows\inf

2012-02-23 20:34:32 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-02-23 20:33:52 ----RD---- C:\Program Files (x86)

2012-02-23 20:33:25 ----D---- C:\Windows\system32\config

2012-02-23 20:30:02 ----A---- C:\Windows\SYSWOW64\log.txt

2012-02-22 13:25:14 ----A---- C:\Windows\wininit.ini

2012-02-21 22:10:14 ----D---- C:\Windows\system32\Tasks

2012-02-21 15:04:20 ----SHD---- C:\System Volume Information

2012-02-17 12:40:50 ----D---- C:\Program Files (x86)\Mozilla Firefox

2012-02-16 13:41:29 ----RSD---- C:\Windows\assembly

2012-02-16 13:41:29 ----D---- C:\Windows\Microsoft.NET

2012-02-15 21:44:05 ----D---- C:\ProgramData

2012-02-15 21:43:20 ----D---- C:\Windows\SysWOW64

2012-02-15 21:42:34 ----D---- C:\Windows\system32\catroot2

2012-02-15 21:41:58 ----D---- C:\Program Files (x86)\Intel

2012-02-15 21:41:27 ----D---- C:\Windows\system32\drivers

2012-02-15 21:41:22 ----D---- C:\Windows\system32\catroot

2012-02-15 21:41:18 ----D---- C:\Windows\system32\DriverStore

2012-02-15 17:51:24 ----D---- C:\Windows\winsxs

2012-02-15 17:49:50 ----D---- C:\Windows\SYSWOW64\migration

2012-02-15 17:49:50 ----D---- C:\Windows\system32\migration

2012-02-15 17:49:50 ----D---- C:\Program Files\Internet Explorer

2012-02-15 17:49:50 ----D---- C:\Program Files (x86)\Internet Explorer

2012-02-15 00:45:05 ----SHD---- C:\Windows\Installer

2012-02-15 00:41:18 ----D---- C:\Program Files (x86)\Microsoft Silverlight

2012-02-15 00:38:39 ----D---- C:\Windows\debug

2012-02-15 00:38:37 ----A---- C:\Windows\system32\MRT.exe

2012-02-14 23:52:52 ----D---- C:\Program Files (x86)\Common Files

2012-02-14 23:52:35 ----A---- C:\Windows\SYSWOW64\deployJava1.dll

2012-02-14 22:55:50 ----D---- C:\Windows\system32\NDF

2012-02-13 13:29:04 ----D---- C:\Users\Carelessjon\AppData\Roaming\uTorrent

2012-02-09 10:25:30 ----D---- C:\Windows\system32\FxsTmp

2012-02-01 16:12:33 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-01-31 09:56:35 ----D---- C:\Windows\system32\drivers\NISx64

2012-01-31 03:57:07 ----D---- C:\Program Files\Symantec

2012-01-30 12:01:20 ----D---- C:\ProgramData\AVG Secure Search

2012-01-29 05:10:42 ----N---- C:\Windows\system32\MpSigStub.exe

2012-01-28 17:34:01 ----D---- C:\Program Files (x86)\iTunes

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [2011-07-25 451192]

R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [2011-11-23 1092728]

R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys [2011-09-01 1151096]

R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [2011-11-04 167048]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2011-12-14 482936]

R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVia64.sys [2011-07-20 488568]

R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS [2011-11-23 37496]

R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [2011-11-16 190072]

R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [2011-11-16 405624]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]

R2 {60DB6561-0A84-4c94-AF33-288405CFD56D};Power Control [2010/04/12 00:48:29]; \??\C:\Program Files (x86)\CyberLink\PowerCinema Movie\000.fcl [2010-02-08 146928]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K; C:\Windows\system32\DRIVERS\e1k62x64.sys [2009-12-24 294064]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-14 138360]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]

R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-01-10 12311904]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-02-23 2272544]

R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2009-12-24 244736]

R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2010-02-24 67616]

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 23152]

R3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2010-02-01 852256]

R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2012-01-31 175736]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]

S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []

S3 int15.sys;int15.sys; \??\C:\Windows\syswow64\OEM\Factory\int15.sys []

S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\ENG64.SYS [2011-12-14 117880]

S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\EX64.SYS [2011-12-14 2048632]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-02-08 239136]

S3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS [2011-11-23 738936]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-05-10 51712]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-08-13 73984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]

R2 Application Updater;Application Updater; C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-02-06 748440]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

R2 Greg_Service;GRegService; C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-27 1150496]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2009-12-28 268824]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-29 138248]

R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-28 2320920]

R2 Updater Service;Updater Service; C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]

R2 vToolbarUpdater;vToolbarUpdater; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2012-01-14 869216]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 934760]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664]

S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe [2009-10-09 238328]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664]

S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-10 182768]

S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-01-15 935208]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-03 441712]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-18 1255736]

-----------------EOF-----------------

Here is the Info.txt

info.txt logfile of random's system information tool 1.09 2012-02-23 20:40:31

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}

-->"C:\Program Files (x86)\Gateway Games\Game Explorer Categories - main\Uninstall.exe"

-->"C:\Program Files (x86)\Gateway Games\Web Link - Club Penguin\Uninstall.exe"

-->"C:\Program Files (x86)\InstallShield Installation Information\{70CC0095-AA68-45BE-AE98-D8170182E9EB}\Setup.exe" /z-uninstall

-->"C:\Program Files (x86)\InstallShield Installation Information\{74D911AE-4A04-4481-902F-7B496E721F7F}\setup.exe" /z-uninstall

-->"C:\ProgramData\{CD365A7B-CF03-4BDA-BFCA-FC24F7407C39}\Best Buy pc app Setup.exe" REMOVE=TRUE MODIFY=FALSE

-->C:\ProgramData\{CD365A7B-CF03-4BDA-BFCA-FC24F7407C39}\Best Buy pc app Setup.exe

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7662728E-ED8B-4995-ABFD-ABB9B5098C30}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7662728E-ED8B-4995-ABFD-ABB9B5098C30}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DDCCBB78-8FFB-4FDE-912F-930E4D9FBC67}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DDCCBB78-8FFB-4FDE-912F-930E4D9FBC67}\setup.exe" -l0x9 /remove

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}

Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}

Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}

Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}

Adobe Download Assistant-->msiexec /qb /x {E1845F1C-068C-F8F4-D31D-D3540D47C453}

Adobe Download Assistant-->MsiExec.exe /I{E1845F1C-068C-F8F4-D31D-D3540D47C453}

Adobe Flash Player 11 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_0_1_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe -maintain plugin

Adobe Photoshop CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}"

Adobe Reader 9.5.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A95000000001}

Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}

Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}

Apple Mobile Device Support-->MsiExec.exe /I{75104836-CAC7-444E-A39E-3F54151942F5}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

Bandisoft MPEG-1 Decoder-->"C:\Program Files (x86)\BandiMPEG1\uninstall.exe"

Bejeweled 2 Deluxe-->"C:\Program Files (x86)\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe"

Blackhawk Striker 2-->"C:\Program Files (x86)\Gateway Games\Blackhawk Striker 2\Uninstall.exe"

Bob the Builder Can-Do-Zoo-->"C:\Program Files (x86)\Gateway Games\Bob the Builder Can-Do-Zoo\Uninstall.exe"

Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}

Build-a-lot 2-->"C:\Program Files (x86)\Gateway Games\Build-a-lot 2\Uninstall.exe"

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

CyberLink PowerCinema Movie-->"C:\Program Files (x86)\InstallShield Installation Information\{70CC0095-AA68-45BE-AE98-D8170182E9EB}\Setup.exe" /z-uninstall

CyberLink PowerCinema-->"C:\Program Files (x86)\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall

CyberLink Touch Browser-->"C:\Program Files (x86)\InstallShield Installation Information\{74D911AE-4A04-4481-902F-7B496E721F7F}\setup.exe" /z-uninstall

CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall /s

D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

DVD Decrypter (Remove Only)-->"C:\Program Files (x86)\DVD Decrypter\uninstall.exe"

ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"

Escape Rosecliff Island-->"C:\Program Files (x86)\Gateway Games\Escape Rosecliff Island\Uninstall.exe"

Faerie Solitaire-->"C:\Program Files (x86)\Gateway Games\Faerie Solitaire\Uninstall.exe"

Gateway Game Console-->"C:\Program Files (x86)\Gateway Games\Gateway Game Console\Uninstall.exe"

Gateway Games-->"C:\Program Files (x86)\Gateway Games\Uninstall.exe"

Gateway InfoCentre-->C:\Program Files (x86)\Gateway\InfoCentre\Uninstall.exe

Gateway Recovery Management-->"C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x409 -removeonly

Gateway Registration-->C:\Program Files (x86)\Gateway\Registration\Uninstall.exe

Gateway ScreenSaver-->C:\Program Files (x86)\Gateway\Screensaver\Uninstall.exe

Gateway Touch Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{C652F86F-348A-4A65-8BE8-A3F7A6370D98}\setup.exe" -runfromtemp -l0x409 -removeonly

Gateway Updater-->"C:\Program Files (x86)\InstallShield Installation Information\{EE171732-BEB4-4576-887D-CB62727F01CA}\setup.exe" -runfromtemp -l0x409 -removeonly

Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_A0AC09CE5247ECEF.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Identity Card-->C:\Program Files (x86)\Gateway\Identity Card\Uninstall.exe

Intel® Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm

Intel® Graphics Media Accelerator Driver-->C:\Program Files (x86)\Intel\Intel® Graphics Media Accelerator Driver\Uninstall\setup.exe -uninstall

Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall

ITE Infrared Transceiver-->C:\Program Files (x86)\InstallShield Installation Information\{40580068-9B10-40B5-9548-536CE88AB23C}\setup.exe -runfromtemp -l0x0009 -removeonly

iTunes-->MsiExec.exe /I{5E11C972-1E76-45FE-8F92-14E0D1140B1B}

Java 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}

Jewel Quest Solitaire 3-->"C:\Program Files (x86)\Gateway Games\Jewel Quest Solitaire 3\Uninstall.exe"

Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

Katawa Shoujo-->"C:\Program Files (x86)\Katawa Shoujo\Uninstall Katawa Shoujo.exe"

Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

MapleStory-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -game:33563155 -locale:US

Microsoft .NET Framework 4 Client Profile-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}

Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE}

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Touch Pack for Windows 7-->MsiExec.exe /I{8FF90DB8-6DED-44A3-B182-244FEC09012F}

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175-->MsiExec.exe /X{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570-->MsiExec.exe /X{8338783A-0968-3B85-AFC7-BAAE0A63DC50}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Works-->MsiExec.exe /I{67E03279-F703-408F-B4BF-46B5FC8D70CD}

Microsoft XNA Framework Redistributable 3.0-->MsiExec.exe /I{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}

Microsoft XNA Framework Redistributable 3.1-->MsiExec.exe /I{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}

Microsoft_VC80_ATL_x86_x64-->MsiExec.exe /I{925D058B-564A-443A-B4B2-7E90C6432E55}

Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}

Microsoft_VC80_CRT_x86_x64-->MsiExec.exe /I{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}

Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}

Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}

Microsoft_VC80_MFCLOC_x86_x64-->MsiExec.exe /I{1E9FC118-651D-4934-97BE-E53CAE5C7D45}

Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}

Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}

Microsoft_VC90_CRT_x86_x64-->MsiExec.exe /I{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}

Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}

Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}

Monopoly-->"C:\Program Files (x86)\Gateway Games\Monopoly\Uninstall.exe"

MotioninJoy ds3 driver version 0.6.0001-->"C:\Program Files\MotioninJoy\unins000.exe"

Mozilla Firefox 10.0.2 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}

MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Mystery P.I. - Lost in Los Angeles-->"C:\Program Files (x86)\Gateway Games\Mystery P.I. - Lost in Los Angeles\Uninstall.exe"

Nero 9 Essentials-->C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="2M02-K09C-CW07-4933-7UKZ-4K5H-CZA8-0XA6-T4X7-P288-2P9U-AZ0M-1E68-AE4Z-1A7E-7T4H-0000"

Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}

Nero ControlCenter-->MsiExec.exe /X{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}

Nero DiscSpeed Help-->MsiExec.exe /X{CC019E3F-59D2-4486-8D4B-878105B62A71}

Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}

Nero DriveSpeed Help-->MsiExec.exe /X{E5C7D048-F9B4-4219-B323-8BDB01A2563D}

Nero DriveSpeed-->MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A}

Nero Express Help-->MsiExec.exe /X{83202942-84B3-4C50-8622-B8C0AA2D2885}

Nero InfoTool Help-->MsiExec.exe /X{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}

Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139}

Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}

Nero Online Upgrade-->MsiExec.exe /X{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}

Nero StartSmart Help-->MsiExec.exe /X{2348B586-C9AE-46CE-936C-A68E9426E214}

Nero StartSmart OEM-->MsiExec.exe /X{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}

Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}

NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Nexon Game Manager-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:0 -locale:US -load_from_local

Norton Internet Security-->C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\19.5.0.145\InstStub.exe /X /ARP

Pando Media Booster-->C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe

Penguins!-->"C:\Program Files (x86)\Gateway Games\Penguins!\Uninstall.exe"

Plants vs. Zombies-->"C:\Program Files (x86)\Gateway Games\Plants vs. Zombies\Uninstall.exe"

Polar Bowler-->"C:\Program Files (x86)\Gateway Games\Polar Bowler\Uninstall.exe"

Polar Golfer-->"C:\Program Files (x86)\Gateway Games\Polar Golfer\Uninstall.exe"

QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly

Realtek USB 2.0 Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -removeonly

Scrabble Plus-->"C:\Program Files (x86)\Gateway Games\Scrabble Plus\Uninstall.exe"

Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}

Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}

Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}

Security Update for 2007 Microsoft Office System (KB2553089)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {01D4CA59-7070-4420-9BCC-0EFA7C5D76BE}

Security Update for 2007 Microsoft Office System (KB2553090)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {643C12A2-AF9A-4712-B8BE-3B7650AFE00A}

Security Update for 2007 Microsoft Office System (KB2584063)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BF3F1CBD-B05C-4644-AE43-6EE0FCC227A4}

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}

Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"

System Requirements Lab-->C:\Program Files (x86)\SystemRequirementsLab\Uninstall.exe

The Price is Right-->"C:\Program Files (x86)\Gateway Games\The Price is Right\Uninstall.exe"

THX TruStudio PC-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F5298C34-48DC-400B-A2DB-E3E11CB7C373}\setup.exe" -l0x9 /remove

TouchSettings-->"C:\Program Files (x86)\InstallShield Installation Information\{75880CD4-9436-4EDD-B7E7-400EBFD60B2C}\setup.exe" -runfromtemp -l0x0009 -removeonly

Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202}

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF}

Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF}

Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}

Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}

Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}

Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}

Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}

Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}

Vindictus-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -game:33562635 -locale:US

Virtual Earth 3D (Beta)-->MsiExec.exe /I{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}

Virtual Families-->"C:\Program Files (x86)\Gateway Games\Virtual Families\Uninstall.exe"

Virtual Villagers - A New Home-->"C:\Program Files (x86)\Gateway Games\Virtual Villagers - A New Home\Uninstall.exe"

Visual Studio 2008 x64 Redistributables-->MsiExec.exe /I{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}

VLC media player 1.1.10-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe

Welcome Center-->C:\Program Files (x86)\Gateway\Welcome Center\Uninstall.exe

WinASO Registry Optimizer 4.7.5-->"C:\Program Files (x86)\WinASO\Registry Optimizer\unins000.exe"

Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}

Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}

Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}

Windows Live Language Selector-->MsiExec.exe /I{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}

Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}

Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}

Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}

Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}

Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}

Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}

Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}

Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}

Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}

Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}

Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}

Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}

Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}

Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}

Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}

WinRAR 4.00 (32-bit)-->C:\Program Files (x86)\WinRAR\uninstall.exe

Yahtzee-->"C:\Program Files (x86)\Gateway Games\Yahtzee\Uninstall.exe"

YouTube Downloader 3.4-->"C:\Program Files (x86)\YouTube Downloader\uninstall.exe"

YouTube Downloader Toolbar v5.0-->MsiExec.exe /X{B9B55E8C-7EF6-4937-85F2-282A9F645EAC}

Zuma Deluxe-->"C:\Program Files (x86)\Gateway Games\Zuma Deluxe\Uninstall.exe"

======Hosts File======

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

======System event log======

Computer Name: Carelessjon-PC

Event Code: 27

Message: Intel® 82578DC Gigabit Network Connection

Network link has been disconnected.

Record Number: 138055

Source Name: e1kexpress

Time Written: 20111029221023.788026-000

Event Type: Warning

User:

Computer Name: Carelessjon-PC

Event Code: 4001

Message: WLAN AutoConfig service has successfully stopped.

Record Number: 138010

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20111029220949.656075-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Carelessjon-PC

Event Code: 1014

Message: Name resolution for the name photos-b.ak.fbcdn.net timed out after none of the configured DNS servers responded.

Record Number: 137896

Source Name: Microsoft-Windows-DNS-Client

Time Written: 20111029201017.602557-000

Event Type: Warning

User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Carelessjon-PC

Event Code: 27

Message: Intel® 82578DC Gigabit Network Connection

Network link has been disconnected.

Record Number: 137842

Source Name: e1kexpress

Time Written: 20111029200907.209227-000

Event Type: Warning

User:

Computer Name: Carelessjon-PC

Event Code: 4001

Message: WLAN AutoConfig service has successfully stopped.

Record Number: 137805

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20111029200831.637083-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Carelessjon-PC

Event Code: 100

Message: 316: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Record Number: 44208

Source Name: Bonjour Service

Time Written: 20110924095521.000000-000

Event Type: Error

User:

Computer Name: Carelessjon-PC

Event Code: 1008

Message: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Record Number: 44195

Source Name: Microsoft-Windows-CEIP

Time Written: 20110924031707.000000-000

Event Type: Error

User:

Computer Name: Carelessjon-PC

Event Code: 100

Message: 484: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Record Number: 44106

Source Name: Bonjour Service

Time Written: 20110923215747.000000-000

Event Type: Error

User:

Computer Name: Carelessjon-PC

Event Code: 100

Message: 220: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Record Number: 44105

Source Name: Bonjour Service

Time Written: 20110923215747.000000-000

Event Type: Error

User:

Computer Name: Carelessjon-PC

Event Code: 100

Message: 492: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Record Number: 44104

Source Name: Bonjour Service

Time Written: 20110923215747.000000-000

Event Type: Error

User:

=====Security event log=====

Computer Name: Carelessjon-PC

Event Code: 5058

Message: Key file operation.

Subject:

Security ID: S-1-5-19

Account Name: LOCAL SERVICE

Account Domain: NT AUTHORITY

Logon ID: 0x3e5

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: Not Available.

Key Name: cf11e609-5e16-44d3-bc20-ea62eea1625b

Key Type: Machine key.

Key File Operation Information:

File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\120b34a1a646eeecb1b7704addf1adea_204a83c1-4f42-470c-906d-ae78a8dc1349

Operation: Read persisted key from file.

Return Code: 0x0

Record Number: 62870

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110923201023.585010-000

Event Type: Audit Success

User:

Computer Name: Carelessjon-PC

Event Code: 5061

Message: Cryptographic operation.

Subject:

Security ID: S-1-5-18

Account Name: CARELESSJON-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: RSA

Key Name: {732BAC3B-281A-40F0-89C4-2355CFA5C8AC}

Key Type: Machine key.

Cryptographic Operation:

Operation: Open Key.

Return Code: 0x0

Record Number: 62869

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110923201022.805009-000

Event Type: Audit Success

User:

Computer Name: Carelessjon-PC

Event Code: 5058

Message: Key file operation.

Subject:

Security ID: S-1-5-18

Account Name: CARELESSJON-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: Not Available.

Key Name: {732BAC3B-281A-40F0-89C4-2355CFA5C8AC}

Key Type: Machine key.

Key File Operation Information:

File Path: C:\ProgramData\Microsoft\Crypto\Keys\4d9200b2c026e3ff177b048c0da0568d_204a83c1-4f42-470c-906d-ae78a8dc1349

Operation: Read persisted key from file.

Return Code: 0x0

Record Number: 62868

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110923201022.805009-000

Event Type: Audit Success

User:

Computer Name: Carelessjon-PC

Event Code: 5061

Message: Cryptographic operation.

Subject:

Security ID: S-1-5-19

Account Name: LOCAL SERVICE

Account Domain: NT AUTHORITY

Logon ID: 0x3e5

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: RSA

Key Name: cf11e609-5e16-44d3-bc20-ea62eea1625b

Key Type: Machine key.

Cryptographic Operation:

Operation: Open Key.

Return Code: 0x0

Record Number: 62867

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110923085751.711625-000

Event Type: Audit Success

User:

Computer Name: Carelessjon-PC

Event Code: 5058

Message: Key file operation.

Subject:

Security ID: S-1-5-19

Account Name: LOCAL SERVICE

Account Domain: NT AUTHORITY

Logon ID: 0x3e5

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: Not Available.

Key Name: cf11e609-5e16-44d3-bc20-ea62eea1625b

Key Type: Machine key.

Key File Operation Information:

File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\120b34a1a646eeecb1b7704addf1adea_204a83c1-4f42-470c-906d-ae78a8dc1349

Operation: Read persisted key from file.

Return Code: 0x0

Record Number: 62866

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110923085751.711625-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=4

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 37 Stepping 2, GenuineIntel

"PROCESSOR_REVISION"=2502

"TouchAppsTargetDir"=C:\Program Files (x86)\Microsoft Touch Pack for Windows 7\

"asl.log"=Destination=file

"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Here is the checkup.txt

Results of screen317's Security Check version 0.99.31

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

MVPS Hosts File

Spybot - Search & Destroy

Java 6 Update 31

Adobe Flash Player 11.1.102.62

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox (10.0.2)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

windows defender MpCmdRun.exe

``````````End of Log````````````

Jonkiote · February 24, 2012

Here is the bitdefender log:

QuickScan 32-bit v0.9.9.105

---------------------------

Scan date: Thu Feb 23 20:51:12 2012

Machine ID: 56FEDFD1

No infection found.

-------------------

Processes

---------

Acer Touch Portal Monitor 2976 C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe

Application Updater 1584 C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

cyberlink brs 3608 C:\Program Files (x86)\CyberLink\Shared files\brs.exe

CyberLink YouCam Tray 3600 C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe

Global Registration 1664 C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

Intel® Active Management Technology L 1740 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

Intel® Management & Security Applicat 3856 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

iTunes 3732 C:\Program Files (x86)\iTunes\iTunesHelper.exe

Java Platform SE Auto Updater 2 0 3772 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

Malwarebytes Anti-Malware 4932 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

Microsoft® Windows® Operating System 2612 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe

Microsoft® Windows® Operating System 2440 C:\Windows\svchost.exe

MobileDeviceService 1552 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

Symantec Security Technologies 1776 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe

Symantec Security Technologies 2232 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe

THXAudio 3616 C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe

ToolbarU Application 1960 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

Updater Service 1892 C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

Widgi Toolbar 3744 C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

Windows® Internet Explorer 4300 C:\Program Files (x86)\Internet Explorer\iexplore.exe

Windows® Internet Explorer 5800 C:\Program Files (x86)\Internet Explorer\iexplore.exe

(verified) GoogleToolbarNotifier 3172 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

Network activity

----------------

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.239.8

Process svchost.exe (2440) connected on port 80 (HTTP) --> 209.197.7.31

Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.19

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.239.8

Process svchost.exe (2440) connected on port 80 (HTTP) --> 66.150.149.23

Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.19

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.224.187

Process svchost.exe (2440) connected on port 80 (HTTP) --> 209.197.7.31

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.217.78.140

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.224.187

Process svchost.exe (2440) connected on port 80 (HTTP) --> 66.150.149.23

Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.208.5.19

Process svchost.exe (2440) connected on port 80 (HTTP) --> 93.184.215.73

Process svchost.exe (2440) connected on port 80 (HTTP) --> 208.71.123.59

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.224.218

Process svchost.exe (2440) connected on port 80 (HTTP) --> 107.20.138.220

Process svchost.exe (2440) connected on port 80 (HTTP) --> 184.87.49.107

Process svchost.exe (2440) connected on port 80 (HTTP) --> 69.171.229.15

Process svchost.exe (2440) connected on port 80 (HTTP) --> 204.236.130.144

Process svchost.exe (2440) connected on port 80 (HTTP) --> 184.72.60.74

Process svchost.exe (2440) connected on port 80 (HTTP) --> 50.16.230.70

Process svchost.exe (2440) connected on port 80 (HTTP) --> 216.137.45.245

Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.67

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.217.66.128

Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.208.5.19

Process svchost.exe (2440) connected on port 80 (HTTP) --> 184.28.37.55

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.224.219

Process svchost.exe (2440) connected on port 80 (HTTP) --> 50.16.212.13

Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.67

Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.12.249.161

Process svchost.exe (2440) connected on port 80 (HTTP) --> 216.137.45.184

Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.8

Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.82

Process svchost.exe (2440) connected on port 80 (HTTP) --> 184.28.37.55

Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.49

Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.43

Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.66

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.217.78.150

Process svchost.exe (2440) connected on port 80 (HTTP) --> 107.20.134.140

Process svchost.exe (2440) connected on port 80 (HTTP) --> 96.17.70.43

Process svchost.exe (2440) connected on port 80 (HTTP) --> 208.40.245.50

Process svchost.exe (2440) connected on port 80 (HTTP) --> 192.150.16.64

Process svchost.exe (2440) connected on port 80 (HTTP) --> 23.49.57.42

Process svchost.exe (2440) connected on port 80 (HTTP) --> 24.143.202.10

Process svchost.exe (2440) connected on port 80 (HTTP) --> 184.50.2.77

Process svchost.exe (2440) connected on port 80 (HTTP) --> 204.11.109.22

Process svchost.exe (2440) connected on port 80 (HTTP) --> 8.19.18.172

Process svchost.exe (2440) connected on port 80 (HTTP) --> 50.18.120.113

Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.208.5.26

Process svchost.exe (2440) connected on port 80 (HTTP) --> 74.125.224.218

Process svchost.exe (2440) connected on port 80 (HTTP) --> 8.19.18.172

Process svchost.exe (2440) connected on port 80 (HTTP) --> 174.137.34.100

Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.208.5.27

Process svchost.exe (2440) connected on port 443 (HTTP over SSL) --> 74.125.224.197

Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.208.5.27

Process svchost.exe (2440) connected on port 80 (HTTP) --> 209.18.46.83

Process svchost.exe (2440) connected on port 80 (HTTP) --> 207.200.74.25

Process svchost.exe (2440) connected on port 80 (HTTP) --> 184.50.0.191

Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.208.5.19

Process svchost.exe (2440) connected on port 80 (HTTP) --> 64.208.5.17

Process svchost.exe (2440) connected on port 443 (HTTP over SSL) --> 66.220.146.87

Process svchost.exe (2440) connected on port 80 (HTTP) --> 50.19.123.221

Process svchost.exe (2440) connected on port 80 (HTTP) --> 69.171.229.15

Process svchost.exe (2440) connected on port 80 (HTTP) --> 208.111.155.109

Process svchost.exe (2440) connected on port 80 (HTTP) --> 50.19.215.118

Process jusched.exe (3772) connected on port 443 (HTTP over SSL) --> 23.3.192.60

Process iexplore.exe (4300) connected on port 80 (HTTP) --> 85.195.93.243

Process iexplore.exe (4300) connected on port 80 (HTTP) --> 64.208.159.32

Process iexplore.exe (4300) connected on port 80 (HTTP) --> 74.125.239.8

Process GregHSRW.exe (1664) listens on ports: 8093

Process LMS.exe (1740) listens on ports: 623, 16992

Autoruns and critical files

---------------------------

Acer Touch Portal Monitor C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe

Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe

Adobe CS5 Service Manager C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Adobe Updater Startup Utility C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe

Apple Push C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

Creative Updreg C:\Windows\UpdReg.EXE

cyberlink brs C:\Program Files (x86)\CyberLink\Shared files\brs.exe

CyberLink YouCam Tray C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe

iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe

Java Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

Malwarebytes Anti-Malware C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

Microsoft® Windows® Operating System C:\Windows\system32\userinit.exe

MUI StartMenu Application C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe

Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

SBSV 2010/02/19-11:02:07 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

THXAudio C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe

TouchPortal C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe

Widgi Toolbar C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

(verified) GoogleToolbarNotifier C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

Browser plugins

---------------

AcroIEHelperShim Library C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll

Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll

Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll

Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

Google Toolbar for Internet Explorer c:\program files (x86)\google\google toolbar\googletoolbar_32.dll

Google Update C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

Java Deployment Toolkit 6.0.310.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

Java Platform SE 6 U31 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

Java Platform SE 6 U31 C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

Java Platform SE 6 U31 c:\program files (x86)\java\jre6\bin\ssv.dll

mabinogi mabiwebframe C:\Windows\Downloaded Program Files\mabiwebframe.dll

Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll

Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll

Nexon Game Controller C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

Norton Confidential c:\program files (x86)\norton internet security\engine\19.5.0.145\coieplg.dll

npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

Pando Web Plugin C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

RadioWMPCoreGecko10.dll C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko10.dll

RadioWMPCoreGecko5.dll C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko5.dll

RadioWMPCoreGecko6.dll C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko6.dll

RadioWMPCoreGecko7.dll C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko7.dll

RadioWMPCoreGecko8.dll C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko8.dll

RadioWMPCoreGecko9.dll C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko9.dll

sdhelper.dll c:\program files (x86)\spybot - search & destroy\sdhelper.dll

Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

Symantec Intrusion Detection c:\program files (x86)\norton internet security\engine\19.5.0.145\ips\ipsbho.dll

System Requirements Lab C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll

Widgi Toolbar c:\program files (x86)\youtube downloader toolbar\ie\5.0\youtubedownloadertoolbarie.dll

Windows Live Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

(verified) RadioWMPCoreGecko19.dll C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll

Scan

----

MD5: 2ceff13ace25a40bd8d97654944297cd \\.\globalroot\systemroot\svchost.exe

MD5: 1fa3b42da40d0f387a7899a9731a2e94 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

MD5: 505f022493d471025add399a4162208b C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe

MD5: d84dd079b86dac2e3d0f92ca383b4086 C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files (x86)\Bonjour\mdnsNSP.dll

MD5: 2cbca94abccb2b79e4693ba0e4fc85be C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

MD5: 1f9b3487739b31c3d770728cb157a54d C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: f577910a133a592234ebaad3f3afa258 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

MD5: 60c079cb2150760263d1fe5ff6218961 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll

MD5: 1f3ff6c062b311fe410ec89f6bfac213 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

MD5: 37cf2461cb5e40c4cfab82c8fc79a2bc C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll

MD5: fc33cbbb9cadcec307da010fe763d04c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll

MD5: 054b87c872292a960b9b8a834b34dfa7 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll

MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll

MD5: 250bf888ddbe88d61eb19a9d4957c794 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll

MD5: fd86c605fd7ad4a41c01ec7a4a1e1c5d C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll

MD5: a3609397ef273b03295dbb10274be12c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll

MD5: 18301b40411b2108076ab685b4e4b6dc C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MD5: 794950db77aa590c2964eca0a5874a09 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll

MD5: df1c1cd0c7ee95cc00d71e9e415e7bcd C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll

MD5: c28fd3b37b6f18751c99e6022a2a9782 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll

MD5: 2503287bd19ae52e36e9de42834a2ac0 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.DLL

MD5: a56ccbbfccedce2fd9c69fed24e035e3 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MD5: 3debbecf665dcdde3a95d9b902010817 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

MD5: 1224bc6de919f8cd8c1c945280e63852 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll

MD5: 06a4250c9e3606cae3f68da45702f342 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll

MD5: 905b5bf5be0a86e8412801bf20357195 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll

MD5: 41404aa06914e6f94d14b671ae1e5c37 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

MD5: 98a078f838a70f84e1bd490d7c7675f4 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

MD5: 2dc64a3446c8c6e020e781456b46573d C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe

MD5: ed0a4dd3439d1231b47416604a7d84dc C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tpcps.dll

MD5: 6bf01e200063d7274f3af06d226671f5 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

MD5: da579734b4375740efee86ffdfed57a7 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL

MD5: 9d4a1690af93f233e15380398bec7431 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

MD5: 91b3cd7595274b90c253b74057920811 C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

MD5: 7dd73b8a2db467b0121d1331eb39812b C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth.dll

MD5: 5ccf1be80930aeb1cdebf561666325e8 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

MD5: 7a898e4a744621711be7e7b796c69876 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

MD5: 606893821219520ca2cd44a8cb2235ad C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\CTAudEp.dll

MD5: 544013c383833189a61c2f72b8814319 C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\CTLoadRs.dll

MD5: 07162b620bf03e1e6804160efcd677b5 C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\CTSetAPO.dll

MD5: 39d5953dc7be13705878e35ed093f88e C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\CTSUSDKu.dll

MD5: 1798de71b8051046cb987db000df51d9 C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\en-US\THXAudio.resources.dll

MD5: 8fc069758a9d4bd2a049226c017c083d C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe

MD5: 55371fbc7e2237e9403882c7cbde8460 C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXLgcy.dll

MD5: 32d7226f843abb61be3390339aab5556 C:\Program Files (x86)\CyberLink\Shared files\brs.exe

MD5: 212be9ad764e1eacc26994c3e08b25fb C:\Program Files (x86)\CyberLink\YouCam\Custom\Lang\ENU\IM.dll

MD5: dff1e77e82a343f71956a0d6840abffb C:\Program Files (x86)\CyberLink\YouCam\MFC71U.DLL

MD5: fa02920fb5c311b07e30cecf7cbf3a7c C:\Program Files (x86)\CyberLink\YouCam\MSVCP71.dll

MD5: 696a483efc2d7bae2734188c1a3ee07d C:\Program Files (x86)\CyberLink\YouCam\MSVCR71.dll

MD5: 7448354e89900479c227dd3118ebd6fd C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUITransfer.dll

MD5: fc6aeb9413b8f1fec4e22bf81f6d919c C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe

MD5: 6858c318e8daa40e747e6fb9b214e104 C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe

MD5: 56cd679490894445bc2f42214b377016 C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe

MD5: 61980095ae5d02b1e9d2ed604a90c1bf c:\program files (x86)\google\google toolbar\googletoolbar_32.dll

MD5: e460233208906ecc0e8f057b25562f13 C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\gtn.dll

MD5: ab3668c159e1cfea184f72650bd66807 C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

MD5: 27626506e07795bb6357f7f2ef78a90b C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

MD5: 1d82a01a368255fe78c65cf66b5b8281 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

MD5: 1cbad5eee017fafea2bf75e82330783d C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\DTMessageLib.dll

MD5: d480c9220bfe667de65a46cde80ea7e9 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\StatusStrings.dll

MD5: c6142b8cb72558d91cea8e38f1b7d905 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

MD5: 122f89e0905fc656d56f65cd7a2e9b4d C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\xerces-c_2_7.dll

MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll

MD5: cf5d4889c15cc8a40be54f55f27093b1 C:\Program Files (x86)\Internet Explorer\IEShims.dll

MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe

MD5: 1fa3b42da40d0f387a7899a9731a2e94 C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

MD5: e4ce6c4ae730e0ec87fc5da4cd1946ad C:\Program Files (x86)\iTunes\iTunesHelper.dll

MD5: 0dcac41eb58a45049bd7ff665c32d5f4 C:\Program Files (x86)\iTunes\iTunesHelper.exe

MD5: e7be61eb1bde3921ff0cdd24f1535332 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL

MD5: 93a67ad03fd9c2286a4a5ad9a67f381a C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.DLL

MD5: 64151c0799431e0304ae1bd6202131a7 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

MD5: a9770771b622a871643ea2a4a3983e95 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

MD5: 34e3709244736b8976820f730e5a8815 C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

MD5: 8e6c86726b67d3faa3144849b9aac06c c:\program files (x86)\java\jre6\bin\ssv.dll

MD5: 82f9764ebe2ef590cd2b3beb234e5671 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll

MD5: d3b6d02f0d95a62dfbae7d7ea404db59 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll

MD5: 60d0647a2dc2d397b84d0afb0808f85d C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

MD5: a2c2ec01306a666c4372bb7a06659b5d C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll

MD5: 056b19651bd7b7ce5f89a3ac46dbdc08 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

MD5: ed327201724ea05d509b7939abe49e98 c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

MD5: a878453a1714870eaada83e6434bdb77 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

MD5: 1fa3b42da40d0f387a7899a9731a2e94 C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

MD5: c6b68e5cc56e7cf732c75c2498a6da55 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\APPMGR32.DLL

MD5: 9261959f6c6dc6435234e97954e4902d C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\asEngine.dll

MD5: 6e5d56ae8ba13fe2be8cc649f2e66684 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\ASHELPER.DLL

MD5: 818690f79aefc5a0365bf4ff5e4976c2 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\ASOEHOOK.DLL

MD5: 9202e913a12c6c985c1003eee6ecdc16 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\AVIfc.dll

MD5: c32ad313e558cb38784ddc15445de56e C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\AVMail.dll

MD5: ee0dec36a77b6117ee45f0b3a91ae1f6 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\avModule.dll

MD5: 1f2b32dd1f96e6386ce7bcfb63327753 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\AVPAPP32.dll

MD5: 54de6a7f48a05926ba8ba37bee42bd92 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\AVPSVC32.DLL

MD5: d0c0c17e2a31c33fa495d3ab8a0d5bb2 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\BHClient.dll

MD5: 1f761da08b1855ddbdd97204d69b48dd C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\BHSVCPLG.DLL

MD5: ceaf83f1be7fb3d9794a3f93d6d1b2f5 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\CCEMLPXY.DLL

MD5: e215110df049874e42208f88ac35f470 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\CCGEVT.DLL

MD5: 0e5ab9d11235172f6e5ce988597977d1 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccGLog.dll

MD5: fa89858c35dcc34a23dc643498ed99cf C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccIPC.dll

MD5: 0616266256e18eb8813ff30d5bf6fcf8 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\CCJOBMGR.DLL

MD5: f695b4bdbeea2a64dbd87a8355cd1ea1 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccL110U.dll

MD5: 09a527ee12c7a05abd1c18cbe3744a64 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSet.dll

MD5: 5b88c32019ad04f7aba397b4fe99b77d C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\CCSUBENG.DLL

MD5: 7af5798d958f7c460db0a06c7cc4373d C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvc.dll

MD5: 9d0f43b1d0434b44183d4795e89f6c14 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe

MD5: b3ab6de181dd772dcda738919ce7a244 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccVrTrst.dll

MD5: a48fc9ba3b84b79ebab1297ffe308373 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\CLTALDIS.DLL

MD5: 3c473ca451f879060293054dab80a76b C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\CLTLMS.DLL

MD5: aa2613a21a8ff0fb7f856bd7774c8585 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\cltPE.dll

MD5: 20b3c342343101167c9955123ca7823f C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\COACTMGR.DLL

MD5: c65293b51b0202b04621db8e54454d5c C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coDataPr.dll

MD5: 1a2c475bde442def24df0e877bf44c6a c:\program files (x86)\norton internet security\engine\19.5.0.145\coieplg.dll

MD5: 5b61ed457c04d2a81858eb438479fb22 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\COMM.DLL

MD5: 3d4c6ecf301e2097759ae1a21e8f849e C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coShdObj.dll

MD5: 58c38acc219e17389b137d7a5bf36c76 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\COSVCPLG.DLL

MD5: 35c511425f8b14fef155331d0a8f713b C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\DATASTOR.DLL

MD5: 6f8e100d7978ba9d53db01d7b7711b69 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\DIMASTER.DLL

MD5: f553d3f88d32022c6fb35479b1be552d C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\diStRptr.dll

MD5: 5e0c5b5be5304e133968d6d6f8840b28 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\DSCli.dll

MD5: 521d39167094d40fb7065b76a32cef5c C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\EFACli.dll

MD5: 1de3315940d277aeebe5e9607bfbd7d7 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\FWCORE.DLL

MD5: 28024a6f2d8a11f73632fcf8471440b4 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\FWGenPlg.dll

MD5: 8eae60994e660575d998ec4a6f89a8f6 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\FWSESAL.DLL

MD5: 36c381e92a4a90d978fa6f42a7a5da9f C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\HNCORE.DLL

MD5: 3cc5e2b69c67b56cd828411737163328 c:\program files (x86)\norton internet security\engine\19.5.0.145\ips\ipsbho.dll

MD5: 9eaa83d9ca0235e55e4780623d2066d3 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\IPSPLUG.DLL

MD5: 23fac53ce10497c70604019bf7aef347 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\IRON.DLL

MD5: fa943824256da6a2e00e7d3e211205b4 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\ISDATAPR.DLL

MD5: a2e1ec6fbc2afc950e50a0fc0717269f C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\ISDATASV.DLL

MD5: be8a377f362debcb92fc0e9c3187c0a7 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\NAHELPER.DLL

MD5: 604ede0da0d45de5a1bf20275c70be5c C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\NCW.DLL

MD5: 2bc45786c202e751a708daa9b8577a60 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\NPCStats.dll

MD5: 480349b65cca6438692b0d37f1af54b5 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\NPCTRAY.DLL

MD5: db5cadff710623ac0142a39f203ad394 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ProxyClt.dll

MD5: dab49e139099335b3ae936ff3d0c168f C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\QBackup.dll

MD5: c3de5413b9ad428eea62dc9e77e481e7 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\QSPLUGIN.DLL

MD5: 7f72ec268ce9e066e29e50f11d20cb92 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\SDKCMN.DLL

MD5: 7eabaa542a7da553552128f595dda08e C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\SNDSVC.DLL

MD5: eca13822896935dc641a35ead4b88ecc C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\SPOCCLNT.DLL

MD5: 91770e8f7fa61b155292db5123430aff C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\SQLite.dll

MD5: b2883ddd812199ea718ad4e315e98e62 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\SQSVC.DLL

MD5: 5caec47a463bb3f88ddaca6813c2ae7d C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\srtsp32.dll

MD5: 6487a19e0ea3228515394a4b1a780b17 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\SYMHTML.DLL

MD5: ff6b44e0bd9c3941a9d7764839100ac6 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\SymNeti.dll

MD5: 7601a29152ed8edf2478debf5cdd89b6 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\SYMRDRSV.DLL

MD5: 2cfe545abafce9ab0c375dc05ce831c7 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\SymRedir.dll

MD5: b78913e8e6a3debf7aab188975594e84 C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\UIALERT.DLL

MD5: dc0d4ea3e23965a47e730e6b57f68d5a C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\USERCTXT.DLL

MD5: 6f2775cc551cc3eee10c84ddeee531bc C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.5.0.145\USERLOG.DLL

MD5: b2eddcd119f894769f70417e515890f7 C:\Program Files (x86)\Norton Internet Security\MUI\19.5.0.145\09\01\cltRes.loc

MD5: fed935f9471c4f28cdfbca604d08bd65 C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

MD5: af43c4f7f3c8bc95dad95024f96cdc4a C:\Program Files (x86)\QuickTime\QTTask.exe

MD5: 9f385d03b1708f6e9c9fa432433cfbab C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe

MD5: ac421a44de902f2627f1e63793ed89cd C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

MD5: 73e7920f41e9d91cc131831026cbb731 c:\program files (x86)\youtube downloader toolbar\ie\5.0\youtubedownloadertoolbarie.dll

MD5: f9d908de6b166dac9b89bf62fa291ce8 C:\Program Files\Bonjour\mdnsNSP.dll

MD5: ebbcd5dfbb1de70e8f4af8fa59e401fd C:\Program Files\Bonjour\mDNSResponder.exe

MD5: 28ad5e311996a34025cfb07e131058dd C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

MD5: 7e47c328fc4768cb8beafbcfafa70362 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

MD5: f9ec9acd504d823d9b9ca98a4f8d3ca2 C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

MD5: ee4c2a137c7088911a8919effc9812e7 C:\Program Files\iPod\bin\iPodService.exe

MD5: 0b267e5ac46693584e2e0acfd8d9ce83 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

MD5: a9f3bfc9345f49614d5859ec95b9e994 C:\Program Files\Windows Media Player\wmpnetwk.exe

MD5: 6d657abadf217dbb17cf0a0af44a7e29 C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

MD5: 41da5845e1f8af445bd626cf085c4541 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys

MD5: 5b4c50526c1ddbe0f966a524548935fb C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHEngine.dll

MD5: 0b97f1a640ad3d159a7b5d2164c42e50 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVia64.sys

MD5: 58815deb605847d3e07c4f832e1d412b C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSxpx86.dll

MD5: 2dbe90210de76be6e1653bb20ec70ec2 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\ENG64.SYS

MD5: 346da70e203b8e2c850277713de8f71b C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\EX64.SYS

MD5: 8d7de77590f586fa630a2322e35b45ed C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko10.dll

MD5: c2ad81a8cb014376dcc05257bc31ca23 C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko5.dll

MD5: 402f5c01b3629e70015d4eac29bd4b80 C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko6.dll

MD5: d55024f2e996643e54d736c83b4a4e8e C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko7.dll

MD5: 6b9ecf45d72b1b47bea6fbfd62925634 C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko8.dll

MD5: 816c504ac507224f0ec4f72f2024b028 C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko9.dll

MD5: 4c790c3c2edf1aebf95b6baa248cf230 C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll

MD5: 638f45c6397c911828d2a478729b23aa C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MD5: 68b5370cc7b84ba569089715225e22e6 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll

MD5: 18164b0144b43860965f161c79cff4c4 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll

MD5: dfd0283dd8506e8506d4621717fbecf9 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll

MD5: 95e8d9c0e865ead5a440c91d933b7d60 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MD5: 56cebc1d7b1d98959b87149ea3d22071 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll

MD5: a2c3f8e5ac37dbee96c563606f710fe3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MD5: 5764f20720f350d46fd6cef6cb3a4941 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll

MD5: dcc1ac29aa8d2ce725cc86a626cec360 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MD5: 3d725c257ea3952158fffbb5874896da C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MD5: d3ba339de4c1c7082e815ad49a41cd38 C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll

MD5: dbab8613e82049d86bf9f66fecb843fa C:\Windows\Downloaded Program Files\mabiwebframe.dll

MD5: bb7fcdcd4de287340b5c1bb1949ad3c6 C:\Windows\Downloaded Program Files\qsax.dll

MD5: c4002b6b41975f057d98c439030cea07 C:\Windows\ehome\ehRecvr.exe

MD5: 332feab1435662fc6c672e25beb37be3 C:\Windows\Explorer.exe

MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

MD5: 59d16fd61802739988728790bf1232b3 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

MD5: 96076b8fcdff3c6db4ccfbf7fe3a9b28 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

MD5: 54aafdf0193f9e7cfa2a579b6f983f3e C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll

MD5: 189ef45eb56724a888159c084588155d C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll

MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll

MD5: 773212b2aaa24c1e31f10246b15b276c C:\Windows\servicing\TrustedInstaller.exe

MD5: 2ceff13ace25a40bd8d97654944297cd C:\Windows\svchost.exe

MD5: 37ce7a79d901235504f9add99a7ac177 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

MD5: cb4863f2bd46aa02d954b86b56a149da C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

MD5: 2cae4ed96aa903578452b85e5383940c C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

MD5: e96170a923a69711b4d08e885f05d889 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

MD5: 15df9eb8daba744e4d0e9b117f760f49 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

MD5: a2385b02cb492131af6f79959a42a93f C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

MD5: 88dc1714e38d4eb41a4378aab98e753b C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

MD5: b302a1630e5aea2d830b76bbcd761d72 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

MD5: 22f767bb3b704f79363999bd4a49e68e C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

MD5: 00b83152f99e846fefb139c574cd4a96 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

MD5: 50035c36acee069d0c209288208626d9 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

MD5: cdf677ad479fa99f2e4d9766b83ef53c C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

MD5: 12c34c7325b74e8347e8db75279a8f3f C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

MD5: 96324ed3218133a13fff82055afac733 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

MD5: a7bdf88a46bcc218b73e383e6547ba5f C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

MD5: 573c70d7076f2f101752a727db7c2280 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

MD5: 0cc90316b34118e3b8af760d92c262a4 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

MD5: 6f399c3e562c4e69df96039743a7aa26 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

MD5: f3b94e04053c2483a6fecf953d6661d6 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

MD5: c6942a18444bfffc3cceca69a7e1879c C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\system32\apphelp.dll

MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\system32\AUDIOSES.DLL

MD5: 7a6986dd659b96398a11af5173892715 C:\Windows\system32\Cabinet.dll

MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\system32\cmd.exe

MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\Windows\system32\credssp.dll

MD5: a585bebf7d054bd9618eda0922d5484a C:\Windows\system32\cryptsvc.dll

MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\Windows\system32\cscapi.dll

MD5: 35cede6439ff0d8903223a0817ffe46c C:\Windows\system32\d2d1.dll

MD5: 2de90400a63818fa38c4c5c9adb166bf C:\Windows\system32\d3d10_1.dll

MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\Windows\system32\d3d10_1core.dll

MD5: 78b7a3bda25c90daa50d36a56a8d1351 C:\Windows\system32\D3D10Warp.dll

MD5: 6ef5f3f18413c367195f06e503ab86a6 C:\Windows\system32\d3d9.dll

MD5: 91b4aad4412bb223b466f3dfb43e86da C:\Windows\system32\D3Dx10_40.dll

MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:\Windows\system32\DBGHELP.DLL

MD5: 162d247e995eaebf3ef4289069e1111c C:\Windows\system32\DEVRTL.dll

MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:\Windows\system32\dhcpcore.dll

MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\system32\dnsapi.DLL

MD5: 062373995eae5f0eac9eaa9192136bfb C:\Windows\system32\dnssd.dll

MD5: 0a5c7253183a6f956d10a3a4bbc96288 C:\Windows\system32\DWrite.dll

MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\Windows\system32\dxgi.dll

MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\Windows\system32\explorer.exe

MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\system32\explorerframe.dll

MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\Windows\System32\fwpuclnt.dll

MD5: 490fc0d07f7c0468e232ab8e8e956719 C:\Windows\system32\IEFRAME.dll

MD5: 07970aa4c392efb133d1a1bfbd66a58f C:\Windows\system32\IEUI.dll

MD5: ab142f0ddc6e236472da8ba5b23a9e66 C:\Windows\system32\igd10umd32.dll

MD5: 8020c0923cb26676e998d0bd246cfaef C:\Windows\system32\igdumd32.dll

MD5: c679f9e548ecb2e75a2879a3aacb6104 C:\Windows\system32\igdumdx32.dll

MD5: 68563ac389f92ee79f1c714288ba1dce C:\Windows\system32\ImgUtil.dll

MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\system32\IMM32.DLL

MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\system32\iphlpapi.dll

MD5: 243974ec02f7ae49e4179c54624143ab C:\Windows\System32\MMDevApi.dll

MD5: 7f8678c59f188528d60104e697c2361e C:\Windows\system32\mscms.dll

MD5: d83947a58613e9091b4c9cc0f1546a8d C:\Windows\SYSTEM32\MSCOREE.DLL

MD5: 45fb05f743e626d9e239e52602cea041 C:\Windows\system32\msctfui.dll

MD5: 497c9c3db953a60ec4f43a097e15f75e C:\Windows\system32\MSHTML.dll

MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\system32\msiexec.exe

MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll

MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\Windows\system32\mswsock.dll

MD5: 4205ca4cd43e725db9ff02b0a588a8c6 C:\Windows\System32\msxml3.dll

MD5: 269d867585cda04d3972a39f3694e7df C:\Windows\System32\msxml6.dll

MD5: 8b57a1ad493653bb57f281fe75dd175b C:\Windows\System32\NaturalLanguage6.dll

MD5: 8ce1a6d16b9077e91e192499eb611c5f C:\Windows\system32\NETAPI32.dll

MD5: 20b3934db73eaba2b49b7177873cb81f C:\Windows\system32\netutils.dll

MD5: 104a1070e90f1c530328e69b49718841 C:\Windows\system32\NLAapi.dll

MD5: 03f3b770dfbed6131653ceda8ca780f0 C:\Windows\system32\ntshrui.dll

MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\system32\OLEACC.dll

MD5: 487f44b08efeaf5ad087878357b9403d C:\Windows\system32\PDH.DLL

MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\system32\pla.dll

MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\Windows\system32\PROPSYS.dll

MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\Windows\system32\provsvc.dll

MD5: 102cf6879887bbe846a00c459e6d4abc C:\Windows\system32\RICHED20.dll

MD5: b5506b451bfe7148eca7056bda2970bd C:\Windows\system32\RICHED32.DLL

MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\system32\RpcRtRemote.dll

MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\Windows\system32\rtutils.dll

MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\system32\SAMCLI.DLL

MD5: 236f286e103fd44bd85fdd93097fd5dd C:\Windows\system32\SearchIndexer.exe

MD5: 69678722290c78d5d7198c60b5a4e3e8 C:\Windows\system32\Secur32.dll

MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\system32\sessenv.dll

MD5: 414da952a35bf5d50192e28263b40577 C:\Windows\System32\shsvcs.dll

MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\Windows\system32\srvcli.dll

MD5: 6a1e8deb746912df47cf651e138401d7 C:\Windows\System32\StructuredQuery.dll

MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\system32\SXS.DLL

MD5: 613bf4820361543956909043a265c6ac C:\Windows\System32\tapisrv.dll

MD5: 465dbf63a5049e4db4bc5c12ffe781cb C:\Windows\system32\tquery.dll

MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\system32\USERENV.dll

MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 C:\Windows\system32\userinit.exe

MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\system32\wbem\fastprox.dll

MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll

MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll

MD5: d205c24a9d069049fe2df2a1b38726a7 C:\Windows\system32\wdmaud.drv

MD5: a9d880f97530d5b8fee278923349929d C:\Windows\System32\webclnt.dll

MD5: fb19fc5951a88f3c523e35c2c98d23c0 C:\Windows\system32\webio.dll

MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\Windows\system32\windowscodecs.dll

MD5: ca9f7888b524d8100b977c81f44c3234 C:\Windows\system32\WINHTTP.dll

MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\system32\WINMM.dll

MD5: 9419abf3163b6f0e3ad3dd2b381c879f C:\Windows\system32\WinSCard.dll

MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\system32\WINSPOOL.DRV

MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\system32\WINSTA.dll

MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\system32\wkscli.dll

MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\system32\ws2_32.dll

MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\system32\WsmSvc.dll

MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\system32\WTSAPI32.dll

MD5: edf2a5e96bec469da3f64e9bdd386111 C:\Windows\system32\XmlLite.dll

MD5: d2958325c1ae1ae37a83334c6229e3bc C:\Windows\SysWOW64\actxprxy.dll

MD5: 95e2376b3323f062eb562b8586d0f14a C:\Windows\syswow64\ADVAPI32.dll

MD5: 0c0350b58b6a9d3e20e8564999adfe12 C:\Windows\SysWOW64\APOMngr.DLL

MD5: f436e847fa799ecd75ad8c313673f450 C:\Windows\syswow64\CFGMGR32.dll

MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\syswow64\COMDLG32.dll

MD5: 454e292861a4ef1d72f43f42bbaf6917 C:\Windows\syswow64\CRYPT32.dll

MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C:\Windows\syswow64\DEVOBJ.dll

MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll

MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll

MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C:\Windows\syswow64\GDI32.dll

MD5: 490fc0d07f7c0468e232ab8e8e956719 C:\Windows\SysWOW64\ieframe.dll

MD5: cdf5b6aec538e02d5579e2e791042a1a C:\Windows\syswow64\iertutil.dll

MD5: b2fd31e20b423335fe3273b4bf95813c C:\Windows\syswow64\imagehlp.dll

MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\SysWOW64\IPHLPAPI.DLL

MD5: 2f0971c08f73ee881bb54cc7c11dff7b C:\Windows\SysWOW64\jscript9.dll

MD5: 99c3f8e9cc59d95666eb8d8a8b4c2beb C:\Windows\syswow64\kernel32.dll

MD5: 5c2d21c9b6b6175b89bc5d7e3cb979e1 C:\Windows\syswow64\KERNELBASE.dll

MD5: bd007d624e4cd905ab2e8df2c6de891c C:\Windows\SysWOW64\Macromed\Flash\Flash11c.ocx

MD5: 5789773089bc334c56cc31833f20daf6 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\syswow64\MSASN1.dll

MD5: 9dc80a8aaaaac397bdab3c67165a824e C:\Windows\syswow64\msvcrt.dll

MD5: e73b0f1819602cb6ef176fb78d76a47b C:\Windows\SysWOW64\ntdll.dll

MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\syswow64\ole32.dll

MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\SysWOW64\OLEACC.dll

MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\Windows\syswow64\OLEAUT32.dll

MD5: c5ad8083cf94201f1f8084ecc696a8b7 C:\Windows\syswow64\RPCRT4.dll

MD5: 1affb765af1fdcc0c185c38e9ddddaee C:\Windows\SysWOW64\schannel.dll

MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\syswow64\SETUPAPI.dll

MD5: 358fc25391c6733eaf49db480afdfd8c C:\Windows\syswow64\SHELL32.dll

MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\syswow64\SHLWAPI.dll

MD5: 44b2693080979a0e05085b3faaa43a09 C:\Windows\syswow64\SspiCli.dll

MD5: 544eff88ac6c85df5a4d6f18dfe08cfc C:\Windows\SysWOW64\taskschd.dll

MD5: 79f14b5df9e17e12193337ed4ee1c491 C:\Windows\syswow64\urlmon.dll

MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C:\Windows\syswow64\USER32.dll

MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:\Windows\syswow64\USP10.dll

MD5: 5e7a2cf7719161c5e6c0e47d67ad45ae C:\Windows\SysWOW64\vbscript.dll

MD5: 1d94fa7c81d2ffe494af094619ba706f C:\Windows\syswow64\WININET.dll

MD5: 2d0d2da87bea7144f2a17f19d0d17e4c C:\Windows\syswow64\WINTRUST.dll

MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\syswow64\WLDAP32.dll

MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\syswow64\WS2_32.dll

MD5: c419df63e0121d72411285780c2fc6cc C:\Windows\UpdReg.EXE

MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll

MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll

MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL

MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL

MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll

MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll

MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\Comctl32.dll

MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

MD5: 0029eba325f2fc9b6ba46bee33f32a09 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

No file uploaded.

Scan finished - communication took 4 sec

Total traffic - 0.02 MB sent, 1.11 KB recvd

Scanned 493 files and modules - 37 seconds

==============================================================================

Also, I noticed the bitdefender scan(the log right above this) created a log with "Quickscan 32-bit" at the top. Is that a problem? I mean my system is a 64-bit OS.

Thank you for replying!

Jonkiote · February 24, 2012

Sorry for posting again, but I also noticed these logs keep listing Norton with my antivirus/firewall. As soon as the trial expired, I did not ever use Norton again. Should I just delete it? Or is it still helping?

Maurice Naggar · February 24, 2012

The BitDefender used 32-bit scan & that is ok.

If the Norton Internet Security Trial expired and you did not purchase a license, you'll need to plan for some alternate. For now, keep it and tell me if by chance you installed something else.

I'll help you sort it out later.

For now, I need for you to absolutely de-install Bit torrent & any other 'torrent utility. The logs show the pc has loads of open ports.

Torrents are infamous for being facilitators in spreading malware.

Confirm that you have removed all torrents / file-sharing programs !

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for jonkiote only. If you are a casual viewer, do NOT try this on your system!

If you are not jonkiote and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

Next, step 2

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
*****************************************************************
:processes
killallprocesses
:files
C:\Windows\svchost.exe
:Commands
[purity]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]
*****************************************************************
Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
Close any browser(s) windows that may be open.
Using your mouse, click on the red-lettered button Run Fix.
Once you see a message box "Fix complete! Click OK to open the fix log."
Click the OK button
The log will open in Notepad (your default text editor).
Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

Accept the Terms of Use and press Start button;
Approve the install of the required ActiveX Control, then follow on-screen instructions;
Enable (check) the Remove found threats option, and run the scan.
After the scan completes, the Details tab in the Results window will display what was found and removed.
- A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad or Wordpad.
The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://go.eset.com/u...ine-scanner/faq
- It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
  (And the prompt re-enabling when finished.)
- If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
- Do not use the system while the scan is running. Once the full scan is underway, go take a long break

Step 4

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Re-enable the antivirus program.

Reply with copy of contents of OTLMoved Files log,

ESET scan log,

MBAM scan log

There will be more to do later.

Jonkiote · February 25, 2012

Thank you for continuing to help me!

Strange. I uninstalled/deleted bittorrent months ago.. Anyway, I deleted all files(about 4) that popped up when I searched my computer for "torrent," and double-checked to see if bittorrent was still in my system somewhere.(It wasn't.)

As for the Norton problem, I have not downloaded any replacements for it. Unless Malwarebytes or SpybotS&D count?

And now the logs:

OTLMoved Files log:

========== PROCESSES ==========

All processes killed

========== FILES ==========

C:\Windows\svchost.exe moved successfully.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Carelessjon

->Flash cache emptied: 25025 bytes

User: Default

->Flash cache emptied: 56466 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Guest

->Flash cache emptied: 8197508 bytes

User: Public

Total Flash Files Cleaned = 8.00 mb

OTL by OldTimer - Version 3.2.33.2 log created on 02242012_183051

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

ESET scan log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=1001863ced58ea4fbc46e7708c1d6056

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-25 06:30:21

# local_time=2012-02-24 08:30:21 (-1000, Hawaiian Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 100 94 0 81690316 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=324498

# found=25

# cleaned=25

# scan_time=4576

C:\$Recycle.Bin\S-1-5-21-368538222-2643626402-1821840259-1000\$RPEU5A5.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C

C:\$Recycle.Bin\S-1-5-21-368538222-2643626402-1821840259-1000\$RX7TA7M.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\YouTube Downloader\ytd_installer.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Carelessjon\Downloads\YouTubeDownloaderSetup272.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Carelessjon\Downloads\YouTubeDownloaderSetup32.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Windows\Temp\Temporary Internet Files\Content.IE5\BUJXF5AO\a012aef2fa691f6a511f19f61cdaff7f[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

MBAM log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.25.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Carelessjon :: CARELESSJON-PC [administrator]

Protection: Disabled

2/24/2012 8:35:54 PM

mbam-log-2012-02-24 (20-35-54).txt

Scan type: Full scan

Scan options disabled: P2P

Objects scanned: 496732

Time elapsed: 54 minute(s), 40 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 5380 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Yup, still getting the svchost baloons.

Maurice Naggar · February 25, 2012

You will want to print out or copy these instructions to Notepad for Safe offline reference!

These steps are for Jonkiote only. If you are a casual viewer, do NOT try this on your system!

If you are not Jonkiote and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

Given you are running Windows 7, please remember that on most all tools you'll need to start them by Right-clicking, selecting Run as Administrator, AND allowing them to run at UAC prompt!

Let's have you run some additional diagnostic tools. Do as much as you can:

Step 1

Download aswMBR.exe ( 511KB ) to your desktop.

RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 2

Please read carefully and follow these steps.

Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have (if you have).
Download TDSSKiller and save it to your Desktop.
RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
Then press Start Scan

When the scan is done, it will display a summary screen.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3

Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here and click the "Download EXE" button & Save the file to ARK folder

RIGHT-click the exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)

Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

Step 4

Close all non-essential programs & windows that you have open.

Go here and download & SAVE Silent Runners.vbs (use IE to download it) to a new folder on your drive and run it. It generates a log too {name will start with "Startup Programs". It takes a minute or two and it will notify you with a popup when your log is ready (it will be in the new folder you created). Please post the information back in this thread. If your AV queries the script, allow it to run. It's not malicious. It simply generates a report on your system, and does not do any cleanup.

Step 5

Reply with copy of contents of aswmbr log,

the TDSSKILLER log,

the GMER log,

the Silent Runners log,

also provide an update on current status (eg, are things better, or are you still in Safe Mode with Networking)

Jonkiote · February 25, 2012

Thanks for replying!

Here are a few things I noted during this process:

1.The GMER scan ended saying something like "unable to find any..." and when I clicked "copy" and pasted it on a notepad, it pasted nothing. I tried clicking "save" instead and that produced a blank log.

2.After the ASWMBR scan, the "fix" button was enabled, but I did not click it.

3.After the TDSSKILLER scan was complete, there were two infections found one was set to cure and the other was set to skip. Seeing nothing of this in your instructions, I simply clicked continue.

4.Google no longer redirects me! svchost balloons no longer appear, however while I was running the GMER scan, I got a svchost quarantine pop-up from MBAM...

aswmbr log:

Run date: 2012-02-25 04:54:22

-----------------------------

04:54:22.091 OS Version: Windows x64 6.1.7601 Service Pack 1

04:54:22.091 Number of processors: 4 586 0x2502

04:54:22.091 ComputerName: CARELESSJON-PC UserName: Carelessjon

04:54:23.307 Initialize success

04:56:40.708 AVAST engine defs: 12022500

04:56:53.688 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

04:56:53.688 Disk 0 Vendor: WDC_WD6400AAKS-22A7B2 01.03B01 Size: 610480MB BusType: 11

04:56:53.688 Device \Driver\atapi -> MajorFunction fffffa80052b15c4

04:56:53.688 Disk 0 MBR read successfully

04:56:53.688 Disk 0 MBR scan

04:56:53.703 Disk 0 MBR:Pihar-C [Rtk]

04:56:53.703 Disk 0 TDL4@MBR code has been found

04:56:53.703 Disk 0 Windows 7 default MBR code found via API

04:56:53.703 Disk 0 MBR hidden

04:56:53.719 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048

04:56:53.719 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176

04:56:53.734 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 596042 MB offset 29566976

04:56:53.734 Disk 0 MBR [TDL4] **ROOTKIT**

04:56:54.202 Scan finished successfully

04:57:19.568 Disk 0 MBR has been saved successfully to "C:\Users\Carelessjon\Desktop\MBR.dat"

04:57:19.568 The log file has been saved successfully to "C:\Users\Carelessjon\Desktop\aswMBR.txt"

TDSSKILLER log:

04:59:13.0708 1360 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49

04:59:14.0238 1360 ============================================================

04:59:14.0238 1360 Current date / time: 2012/02/25 04:59:14.0238

04:59:14.0238 1360 SystemInfo:

04:59:14.0238 1360

04:59:14.0238 1360 OS Version: 6.1.7601 ServicePack: 1.0

04:59:14.0238 1360 Product type: Workstation

04:59:14.0238 1360 ComputerName: CARELESSJON-PC

04:59:14.0238 1360 UserName: Carelessjon

04:59:14.0238 1360 Windows directory: C:\Windows

04:59:14.0238 1360 System windows directory: C:\Windows

04:59:14.0238 1360 Running under WOW64

04:59:14.0238 1360 Processor architecture: Intel x64

04:59:14.0238 1360 Number of processors: 4

04:59:14.0238 1360 Page size: 0x1000

04:59:14.0238 1360 Boot type: Normal boot

04:59:14.0238 1360 ============================================================

04:59:15.0112 1360 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

04:59:15.0112 1360 \Device\Harddisk0\DR0:

04:59:15.0112 1360 MBR used

04:59:15.0112 1360 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000

04:59:15.0112 1360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x48C25000

04:59:15.0143 1360 Initialize success

04:59:15.0143 1360 ============================================================

04:59:38.0481 4660 ============================================================

04:59:38.0481 4660 Scan started

04:59:38.0481 4660 Mode: Manual; SigCheck; TDLFS;

04:59:38.0481 4660 ============================================================

04:59:39.0120 4660 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

04:59:39.0183 4660 1394ohci - ok

04:59:39.0214 4660 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

04:59:39.0230 4660 ACPI - ok

04:59:39.0230 4660 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

04:59:39.0308 4660 AcpiPmi - ok

04:59:39.0339 4660 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

04:59:39.0354 4660 adp94xx - ok

04:59:39.0386 4660 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

04:59:39.0401 4660 adpahci - ok

04:59:39.0401 4660 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

04:59:39.0417 4660 adpu320 - ok

04:59:39.0464 4660 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

04:59:39.0526 4660 AFD - ok

04:59:39.0557 4660 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

04:59:39.0573 4660 agp440 - ok

04:59:39.0588 4660 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

04:59:39.0588 4660 aliide - ok

04:59:39.0604 4660 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

04:59:39.0620 4660 amdide - ok

04:59:39.0620 4660 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

04:59:39.0682 4660 AmdK8 - ok

04:59:39.0682 4660 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

04:59:39.0729 4660 AmdPPM - ok

04:59:39.0729 4660 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

04:59:39.0744 4660 amdsata - ok

04:59:39.0760 4660 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

04:59:39.0760 4660 amdsbs - ok

04:59:39.0791 4660 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

04:59:39.0807 4660 amdxata - ok

04:59:39.0822 4660 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

04:59:39.0963 4660 AppID - ok

04:59:40.0025 4660 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

04:59:40.0025 4660 arc - ok

04:59:40.0041 4660 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

04:59:40.0056 4660 arcsas - ok

04:59:40.0088 4660 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

04:59:40.0212 4660 AsyncMac - ok

04:59:40.0244 4660 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

04:59:40.0259 4660 atapi - ok

04:59:40.0322 4660 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

04:59:40.0368 4660 b06bdrv - ok

04:59:40.0415 4660 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

04:59:40.0446 4660 b57nd60a - ok

04:59:40.0493 4660 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

04:59:40.0540 4660 Beep - ok

04:59:40.0680 4660 BHDrvx64 (41da5845e1f8af445bd626cf085c4541) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys

04:59:40.0743 4660 BHDrvx64 - ok

04:59:40.0774 4660 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

04:59:40.0821 4660 blbdrive - ok

04:59:40.0883 4660 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

04:59:40.0930 4660 bowser - ok

04:59:40.0961 4660 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

04:59:40.0992 4660 BrFiltLo - ok

04:59:41.0039 4660 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

04:59:41.0055 4660 BrFiltUp - ok

04:59:41.0070 4660 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

04:59:41.0117 4660 Brserid - ok

04:59:41.0148 4660 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

04:59:41.0164 4660 BrSerWdm - ok

04:59:41.0180 4660 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

04:59:41.0211 4660 BrUsbMdm - ok

04:59:41.0211 4660 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

04:59:41.0242 4660 BrUsbSer - ok

04:59:41.0242 4660 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

04:59:41.0273 4660 BTHMODEM - ok

04:59:41.0336 4660 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys

04:59:41.0351 4660 ccSet_NIS - ok

04:59:41.0382 4660 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

04:59:41.0429 4660 cdfs - ok

04:59:41.0476 4660 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

04:59:41.0523 4660 cdrom - ok

04:59:41.0570 4660 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

04:59:41.0601 4660 circlass - ok

04:59:41.0648 4660 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

04:59:41.0679 4660 CLFS - ok

04:59:41.0897 4660 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

04:59:41.0960 4660 CmBatt - ok

04:59:41.0975 4660 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

04:59:41.0975 4660 cmdide - ok

04:59:42.0022 4660 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

04:59:42.0038 4660 CNG - ok

04:59:42.0053 4660 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

04:59:42.0069 4660 Compbatt - ok

04:59:42.0100 4660 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

04:59:42.0131 4660 CompositeBus - ok

04:59:42.0147 4660 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

04:59:42.0147 4660 crcdisk - ok

04:59:42.0209 4660 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

04:59:42.0287 4660 DfsC - ok

04:59:42.0318 4660 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

04:59:42.0381 4660 discache - ok

04:59:42.0428 4660 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

04:59:42.0428 4660 Disk - ok

04:59:42.0474 4660 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

04:59:42.0490 4660 drmkaud - ok

04:59:42.0537 4660 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

04:59:42.0584 4660 DXGKrnl - ok

04:59:42.0615 4660 e1kexpress (f369e83f6cdab987ca2dd764278659a6) C:\Windows\system32\DRIVERS\e1k62x64.sys

04:59:42.0615 4660 e1kexpress - ok

04:59:42.0646 4660 EagleX64 - ok

04:59:42.0740 4660 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

04:59:42.0833 4660 ebdrv - ok

04:59:42.0911 4660 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

04:59:42.0927 4660 eeCtrl - ok

04:59:42.0974 4660 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

04:59:42.0989 4660 elxstor - ok

04:59:43.0052 4660 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

04:59:43.0052 4660 EraserUtilRebootDrv - ok

04:59:43.0067 4660 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

04:59:43.0114 4660 ErrDev - ok

04:59:43.0161 4660 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

04:59:43.0208 4660 exfat - ok

04:59:43.0239 4660 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

04:59:43.0286 4660 fastfat - ok

04:59:43.0317 4660 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

04:59:43.0348 4660 fdc - ok

04:59:43.0395 4660 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

04:59:43.0395 4660 FileInfo - ok

04:59:43.0410 4660 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

04:59:43.0473 4660 Filetrace - ok

04:59:43.0488 4660 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

04:59:43.0504 4660 flpydisk - ok

04:59:43.0535 4660 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

04:59:43.0551 4660 FltMgr - ok

04:59:43.0582 4660 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

04:59:43.0582 4660 FsDepends - ok

04:59:43.0598 4660 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

04:59:43.0598 4660 Fs_Rec - ok

04:59:43.0644 4660 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

04:59:43.0644 4660 fvevol - ok

04:59:43.0676 4660 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

04:59:43.0691 4660 gagp30kx - ok

04:59:43.0707 4660 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

04:59:43.0722 4660 GEARAspiWDM - ok

04:59:43.0769 4660 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

04:59:43.0816 4660 hcw85cir - ok

04:59:43.0863 4660 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

04:59:43.0878 4660 HdAudAddService - ok

04:59:43.0925 4660 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

04:59:43.0972 4660 HDAudBus - ok

04:59:44.0003 4660 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

04:59:44.0003 4660 HECIx64 - ok

04:59:44.0019 4660 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

04:59:44.0019 4660 HidBatt - ok

04:59:44.0050 4660 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

04:59:44.0175 4660 HidBth - ok

04:59:44.0206 4660 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

04:59:44.0222 4660 HidIr - ok

04:59:44.0253 4660 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

04:59:44.0284 4660 HidUsb - ok

04:59:44.0300 4660 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

04:59:44.0315 4660 HpSAMD - ok

04:59:44.0362 4660 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

04:59:44.0424 4660 HTTP - ok

04:59:44.0456 4660 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

04:59:44.0456 4660 hwpolicy - ok

04:59:44.0502 4660 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

04:59:44.0518 4660 i8042prt - ok

04:59:44.0534 4660 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

04:59:44.0549 4660 iaStorV - ok

04:59:44.0643 4660 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVia64.sys

04:59:44.0658 4660 IDSVia64 - ok

04:59:44.0830 4660 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys

04:59:45.0111 4660 igfx - ok

04:59:45.0158 4660 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

04:59:45.0158 4660 iirsp - ok

04:59:45.0267 4660 int15.sys (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\System32\OEM\Factory\int15.sys

04:59:45.0282 4660 int15.sys - ok

04:59:45.0345 4660 IntcAzAudAddService (935faa1a0af889f1ef46be55666100d0) C:\Windows\system32\drivers\RTKVHD64.sys

04:59:45.0407 4660 IntcAzAudAddService - ok

04:59:45.0438 4660 IntcDAud (d248aae81c156c0d47a77cd61bc24cd4) C:\Windows\system32\DRIVERS\IntcDAud.sys

04:59:45.0485 4660 IntcDAud - ok

04:59:45.0501 4660 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

04:59:45.0501 4660 intelide - ok

04:59:45.0516 4660 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

04:59:45.0548 4660 intelppm - ok

04:59:45.0579 4660 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

04:59:45.0641 4660 IpFilterDriver - ok

04:59:45.0657 4660 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

04:59:45.0672 4660 IPMIDRV - ok

04:59:45.0704 4660 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

04:59:45.0766 4660 IPNAT - ok

04:59:45.0813 4660 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

04:59:45.0844 4660 IRENUM - ok

04:59:45.0860 4660 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

04:59:45.0875 4660 isapnp - ok

04:59:45.0891 4660 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

04:59:45.0906 4660 iScsiPrt - ok

04:59:45.0938 4660 itecir (729cc577a823542aad779a0f1327bdb6) C:\Windows\system32\DRIVERS\itecir.sys

04:59:45.0938 4660 itecir - ok

04:59:45.0969 4660 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

04:59:45.0969 4660 kbdclass - ok

04:59:45.0984 4660 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

04:59:46.0000 4660 kbdhid - ok

04:59:46.0016 4660 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

04:59:46.0031 4660 KSecDD - ok

04:59:46.0062 4660 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

04:59:46.0062 4660 KSecPkg - ok

04:59:46.0078 4660 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

04:59:46.0140 4660 ksthunk - ok

04:59:46.0172 4660 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

04:59:46.0234 4660 lltdio - ok

04:59:46.0296 4660 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

04:59:46.0312 4660 LSI_FC - ok

04:59:46.0328 4660 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

04:59:46.0328 4660 LSI_SAS - ok

04:59:46.0343 4660 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

04:59:46.0343 4660 LSI_SAS2 - ok

04:59:46.0359 4660 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

04:59:46.0374 4660 LSI_SCSI - ok

04:59:46.0390 4660 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

04:59:46.0452 4660 luafv - ok

04:59:46.0515 4660 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

04:59:46.0530 4660 MBAMProtector - ok

04:59:46.0562 4660 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys

04:59:46.0562 4660 MBfilt - ok

04:59:46.0577 4660 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

04:59:46.0593 4660 megasas - ok

04:59:46.0624 4660 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

04:59:46.0640 4660 MegaSR - ok

04:59:46.0671 4660 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

04:59:46.0718 4660 Modem - ok

04:59:46.0749 4660 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

04:59:46.0796 4660 monitor - ok

04:59:46.0811 4660 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

04:59:46.0827 4660 mouclass - ok

04:59:46.0827 4660 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

04:59:46.0874 4660 mouhid - ok

04:59:46.0905 4660 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

04:59:46.0905 4660 mountmgr - ok

04:59:46.0952 4660 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

04:59:46.0967 4660 mpio - ok

04:59:46.0998 4660 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

04:59:47.0045 4660 mpsdrv - ok

04:59:47.0092 4660 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

04:59:47.0139 4660 MRxDAV - ok

04:59:47.0186 4660 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

04:59:47.0248 4660 mrxsmb - ok

04:59:47.0279 4660 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

04:59:47.0310 4660 mrxsmb10 - ok

04:59:47.0326 4660 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

04:59:47.0342 4660 mrxsmb20 - ok

04:59:47.0357 4660 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

04:59:47.0373 4660 msahci - ok

04:59:47.0373 4660 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

04:59:47.0388 4660 msdsm - ok

04:59:47.0420 4660 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

04:59:47.0451 4660 Msfs - ok

04:59:47.0466 4660 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

04:59:47.0498 4660 mshidkmdf - ok

04:59:47.0513 4660 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

04:59:47.0529 4660 msisadrv - ok

04:59:47.0544 4660 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

04:59:47.0607 4660 MSKSSRV - ok

04:59:47.0638 4660 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

04:59:47.0685 4660 MSPCLOCK - ok

04:59:47.0716 4660 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

04:59:47.0778 4660 MSPQM - ok

04:59:47.0810 4660 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

04:59:47.0825 4660 MsRPC - ok

04:59:47.0841 4660 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

04:59:47.0856 4660 mssmbios - ok

04:59:47.0856 4660 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

04:59:47.0919 4660 MSTEE - ok

04:59:47.0934 4660 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

04:59:47.0950 4660 MTConfig - ok

04:59:47.0981 4660 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

04:59:47.0997 4660 Mup - ok

04:59:48.0012 4660 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

04:59:48.0059 4660 NativeWifiP - ok

04:59:48.0153 4660 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\ENG64.SYS

04:59:48.0153 4660 NAVENG - ok

04:59:48.0231 4660 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\EX64.SYS

04:59:48.0293 4660 NAVEX15 - ok

04:59:48.0340 4660 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

04:59:48.0371 4660 NDIS - ok

04:59:48.0387 4660 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

04:59:48.0449 4660 NdisCap - ok

04:59:48.0480 4660 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

04:59:48.0527 4660 NdisTapi - ok

04:59:48.0574 4660 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

04:59:48.0636 4660 Ndisuio - ok

04:59:48.0668 4660 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

04:59:48.0730 4660 NdisWan - ok

04:59:48.0777 4660 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

04:59:48.0824 4660 NDProxy - ok

04:59:48.0855 4660 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

04:59:48.0886 4660 NetBIOS - ok

04:59:48.0902 4660 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

04:59:48.0948 4660 NetBT - ok

04:59:49.0026 4660 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys

04:59:49.0058 4660 netr28x - ok

04:59:49.0104 4660 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

04:59:49.0104 4660 nfrd960 - ok

04:59:49.0151 4660 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

04:59:49.0198 4660 Npfs - ok

04:59:49.0229 4660 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

04:59:49.0276 4660 nsiproxy - ok

04:59:49.0338 4660 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

04:59:49.0385 4660 Ntfs - ok

04:59:49.0401 4660 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

04:59:49.0463 4660 Null - ok

04:59:49.0510 4660 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

04:59:49.0510 4660 nvraid - ok

04:59:49.0526 4660 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

04:59:49.0541 4660 nvstor - ok

04:59:49.0572 4660 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

04:59:49.0588 4660 nv_agp - ok

04:59:49.0604 4660 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

04:59:49.0635 4660 ohci1394 - ok

04:59:49.0650 4660 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

04:59:49.0666 4660 Parport - ok

04:59:49.0697 4660 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

04:59:49.0697 4660 partmgr - ok

04:59:49.0713 4660 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

04:59:49.0728 4660 pci - ok

04:59:49.0744 4660 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

04:59:49.0744 4660 pciide - ok

04:59:49.0791 4660 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

04:59:49.0791 4660 pcmcia - ok

04:59:49.0838 4660 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

04:59:49.0838 4660 pcw - ok

04:59:49.0869 4660 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

04:59:49.0947 4660 PEAUTH - ok

04:59:50.0009 4660 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

04:59:50.0087 4660 PptpMiniport - ok

04:59:50.0087 4660 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

04:59:50.0103 4660 Processor - ok

04:59:50.0165 4660 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

04:59:50.0212 4660 Psched - ok

04:59:50.0259 4660 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

04:59:50.0306 4660 ql2300 - ok

04:59:50.0321 4660 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

04:59:50.0337 4660 ql40xx - ok

04:59:50.0352 4660 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

04:59:50.0399 4660 QWAVEdrv - ok

04:59:50.0415 4660 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

04:59:50.0462 4660 RasAcd - ok

04:59:50.0493 4660 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

04:59:50.0524 4660 RasAgileVpn - ok

04:59:50.0540 4660 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

04:59:50.0602 4660 Rasl2tp - ok

04:59:50.0633 4660 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

04:59:50.0696 4660 RasPppoe - ok

04:59:50.0727 4660 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

04:59:50.0758 4660 RasSstp - ok

04:59:50.0789 4660 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

04:59:50.0852 4660 rdbss - ok

04:59:50.0867 4660 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

04:59:50.0883 4660 rdpbus - ok

04:59:50.0914 4660 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

04:59:50.0961 4660 RDPCDD - ok

04:59:50.0976 4660 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

04:59:51.0039 4660 RDPENCDD - ok

04:59:51.0070 4660 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

04:59:51.0101 4660 RDPREFMP - ok

04:59:51.0132 4660 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

04:59:51.0164 4660 RDPWD - ok

04:59:51.0195 4660 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

04:59:51.0210 4660 rdyboost - ok

04:59:51.0242 4660 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

04:59:51.0288 4660 rspndr - ok

04:59:51.0351 4660 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\System32\Drivers\RtsUStor.sys

04:59:51.0366 4660 RSUSBSTOR - ok

04:59:51.0382 4660 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

04:59:51.0382 4660 sbp2port - ok

04:59:51.0444 4660 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

04:59:51.0476 4660 scfilter - ok

04:59:51.0507 4660 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

04:59:51.0554 4660 secdrv - ok

04:59:51.0569 4660 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

04:59:51.0585 4660 Serenum - ok

04:59:51.0616 4660 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

04:59:51.0632 4660 Serial - ok

04:59:51.0647 4660 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

04:59:51.0678 4660 sermouse - ok

04:59:51.0694 4660 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

04:59:51.0710 4660 sffdisk - ok

04:59:51.0725 4660 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

04:59:51.0741 4660 sffp_mmc - ok

04:59:51.0756 4660 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

04:59:51.0772 4660 sffp_sd - ok

04:59:51.0772 4660 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

04:59:51.0788 4660 sfloppy - ok

04:59:51.0819 4660 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

04:59:51.0819 4660 SiSRaid2 - ok

04:59:51.0834 4660 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

04:59:51.0850 4660 SiSRaid4 - ok

04:59:51.0866 4660 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

04:59:51.0897 4660 Smb - ok

04:59:51.0928 4660 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

04:59:51.0944 4660 spldr - ok

04:59:52.0006 4660 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS

04:59:52.0037 4660 SRTSP - ok

04:59:52.0053 4660 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS

04:59:52.0053 4660 SRTSPX - ok

04:59:52.0084 4660 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

04:59:52.0100 4660 srv - ok

04:59:52.0131 4660 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

04:59:52.0209 4660 srv2 - ok

04:59:52.0240 4660 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

04:59:52.0271 4660 srvnet - ok

04:59:52.0334 4660 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

04:59:52.0349 4660 stexstor - ok

04:59:52.0396 4660 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

04:59:52.0412 4660 swenum - ok

04:59:52.0474 4660 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS

04:59:52.0490 4660 SymDS - ok

04:59:52.0536 4660 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS

04:59:52.0568 4660 SymEFA - ok

04:59:52.0599 4660 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

04:59:52.0614 4660 SymEvent - ok

04:59:52.0646 4660 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS

04:59:52.0646 4660 SymIRON - ok

04:59:52.0677 4660 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS

04:59:52.0692 4660 SymNetS - ok

04:59:52.0739 4660 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

04:59:52.0802 4660 Tcpip - ok

04:59:52.0833 4660 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

04:59:52.0864 4660 TCPIP6 - ok

04:59:52.0895 4660 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

04:59:52.0942 4660 tcpipreg - ok

04:59:52.0989 4660 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

04:59:53.0036 4660 TDPIPE - ok

04:59:53.0067 4660 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

04:59:53.0145 4660 TDTCP - ok

04:59:53.0192 4660 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

04:59:53.0223 4660 tdx - ok

04:59:53.0270 4660 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

04:59:53.0270 4660 TermDD - ok

04:59:53.0301 4660 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

04:59:53.0348 4660 tssecsrv - ok

04:59:53.0426 4660 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

04:59:53.0441 4660 TsUsbFlt - ok

04:59:53.0472 4660 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

04:59:53.0519 4660 tunnel - ok

04:59:53.0550 4660 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

04:59:53.0550 4660 uagp35 - ok

04:59:53.0597 4660 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

04:59:53.0628 4660 udfs - ok

04:59:53.0644 4660 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

04:59:53.0660 4660 uliagpkx - ok

04:59:53.0675 4660 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

04:59:53.0722 4660 umbus - ok

04:59:53.0738 4660 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

04:59:53.0784 4660 UmPass - ok

04:59:53.0816 4660 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

04:59:53.0862 4660 USBAAPL64 - ok

04:59:53.0894 4660 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

04:59:53.0909 4660 usbccgp - ok

04:59:53.0940 4660 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

04:59:53.0956 4660 usbcir - ok

04:59:53.0987 4660 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

04:59:54.0003 4660 usbehci - ok

04:59:54.0034 4660 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

04:59:54.0065 4660 usbhub - ok

04:59:54.0081 4660 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

04:59:54.0096 4660 usbohci - ok

04:59:54.0112 4660 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

04:59:54.0128 4660 usbprint - ok

04:59:54.0159 4660 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

04:59:54.0206 4660 USBSTOR - ok

04:59:54.0206 4660 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

04:59:54.0237 4660 usbuhci - ok

04:59:54.0284 4660 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

04:59:54.0299 4660 usbvideo - ok

04:59:54.0330 4660 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

04:59:54.0346 4660 vdrvroot - ok

04:59:54.0362 4660 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

04:59:54.0377 4660 vga - ok

04:59:54.0408 4660 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

04:59:54.0471 4660 VgaSave - ok

04:59:54.0486 4660 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

04:59:54.0502 4660 vhdmp - ok

04:59:54.0502 4660 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

04:59:54.0518 4660 viaide - ok

04:59:54.0518 4660 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

04:59:54.0533 4660 volmgr - ok

04:59:54.0564 4660 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

04:59:54.0580 4660 volmgrx - ok

04:59:54.0611 4660 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

04:59:54.0611 4660 volsnap - ok

04:59:54.0658 4660 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

04:59:54.0658 4660 vsmraid - ok

04:59:54.0720 4660 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

04:59:54.0752 4660 vwifibus - ok

04:59:54.0798 4660 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

04:59:54.0830 4660 vwififlt - ok

04:59:54.0876 4660 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

04:59:54.0892 4660 vwifimp - ok

04:59:54.0908 4660 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

04:59:54.0939 4660 WacomPen - ok

04:59:54.0986 4660 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

04:59:55.0032 4660 WANARP - ok

04:59:55.0064 4660 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

04:59:55.0095 4660 Wanarpv6 - ok

04:59:55.0110 4660 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

04:59:55.0126 4660 Wd - ok

04:59:55.0157 4660 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

04:59:55.0173 4660 Wdf01000 - ok

04:59:55.0204 4660 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

04:59:55.0235 4660 WfpLwf - ok

04:59:55.0266 4660 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

04:59:55.0266 4660 WIMMount - ok

04:59:55.0298 4660 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

04:59:55.0329 4660 WinUsb - ok

04:59:55.0376 4660 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

04:59:55.0391 4660 WmiAcpi - ok

04:59:55.0422 4660 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

04:59:55.0454 4660 ws2ifsl - ok

04:59:55.0485 4660 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

04:59:55.0532 4660 WudfPf - ok

04:59:55.0578 4660 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

04:59:55.0625 4660 WUDFRd - ok

04:59:55.0656 4660 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys

04:59:55.0688 4660 xusb21 - ok

04:59:55.0766 4660 {60DB6561-0A84-4c94-AF33-288405CFD56D} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerCinema Movie\000.fcl

04:59:55.0781 4660 {60DB6561-0A84-4c94-AF33-288405CFD56D} - ok

04:59:55.0797 4660 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0

04:59:55.0812 4660 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

04:59:55.0812 4660 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

04:59:55.0844 4660 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

04:59:55.0844 4660 \Device\Harddisk0\DR0 - detected TDSS File System (1)

04:59:55.0859 4660 Boot (0x1200) (69f1d6595ccff5ed5e003954c3ddf376) \Device\Harddisk0\DR0\Partition0

04:59:55.0875 4660 \Device\Harddisk0\DR0\Partition0 - ok

04:59:55.0875 4660 Boot (0x1200) (f91a56594bb57a1e167718f5df3c7eac) \Device\Harddisk0\DR0\Partition1

04:59:55.0875 4660 \Device\Harddisk0\DR0\Partition1 - ok

04:59:55.0875 4660 ============================================================

04:59:55.0875 4660 Scan finished

04:59:55.0875 4660 ============================================================

04:59:55.0875 4460 Detected object count: 2

04:59:55.0875 4460 Actual detected object count: 2

05:01:20.0818 4460 \Device\Harddisk0\DR0\# - copied to quarantine

05:01:20.0818 4460 \Device\Harddisk0\DR0 - copied to quarantine

05:01:20.0833 4460 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

05:01:20.0833 4460 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

05:01:20.0833 4460 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

05:01:20.0849 4460 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

05:01:20.0849 4460 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

05:01:20.0849 4460 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

05:01:20.0865 4460 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

05:01:20.0880 4460 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

05:01:20.0880 4460 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

05:01:20.0880 4460 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

05:01:20.0911 4460 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

05:01:20.0911 4460 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

05:01:20.0911 4460 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

05:01:20.0911 4460 \Device\Harddisk0\DR0 - ok

05:01:21.0114 4460 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

05:01:21.0114 4460 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

05:01:21.0114 4460 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

05:01:37.0136 1364 Deinitialize success

GMER log:

SilentRunners log:

"Silent Runners.vbs", revision 63, http://www.silentrunners.org/

Operating System: Windows 7 SP1

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"swg" = ""C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"TouchORB" = "C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe" ["Acer Corp."]

"RtHDVCpl" = "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" ["Realtek Semiconductor"]

"TouchPortal" = "C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe" [null data]

"RunDLLEntry_THXCfg" = "C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64" [MS]

"AdobeAAMUpdater-1.0" = ""C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"" ["Adobe Systems Incorporated"]

"IgfxTray" = "C:\Windows\system32\igfxtray.exe" ["Intel Corporation"]

"HotKeysCmds" = "C:\Windows\system32\hkcmd.exe" ["Intel Corporation"]

"Persistence" = "C:\Windows\system32\igfxpers.exe" ["Intel Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live ID Sign-in Helper"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

\InProcServer32\(Default) = "C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = "WLIDCredentialProvider"

-> {HKLM...CLSID} = "WLIDCredentialProvider"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

-> {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32\(Default) = ""C:\Program Files (x86)\Norton Internet Security\Engine64\19.5.0.145\NavShExt.dll"" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"

-> {HKLM...CLSID} = "GraphicsShellExt Class"

\InProcServer32\(Default) = "C:\Windows\system32\igfxpph.dll" ["Intel Corporation"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

-> {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32\(Default) = ""C:\Program Files (x86)\Norton Internet Security\Engine64\19.5.0.145\NavShExt.dll"" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" ["Alexander Roshal"]

Default executables:

--------------------

HKLM\SOFTWARE\Classes\.hta\(Default) = "htafile"

<<!>> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "C:\Windows\SysWOW64\mshta.exe "%1" %*" [MS]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoActiveDesktop" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

"ForceActiveDesktopOn" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp"

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

DVDDecrypterPlayDVDMovieOnArrival\

"Provider" = "DVD Decrypter"

"InvokeProgID" = "DVDDecrypter"

"InvokeVerb" = "PlayDVDMovieOnArrival_Decrypt"

HKLM\SOFTWARE\Classes\DVDDecrypter\shell\PlayDVDMovieOnArrival_Decrypt\Command\(Default) = ""C:\Program Files (x86)\DVD Decrypter\DVDDecrypter.exe" /MODE READ /SOURCE "%1"" ["LIGHTNING UK!"]

iTunesBurnCDOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.BurnCD"

"InvokeVerb" = "burn"

HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

iTunesImportSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ImportSongsOnCD"

"InvokeVerb" = "import"

HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

iTunesPlaySongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.PlaySongsOnCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

iTunesShowSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ShowSongsOnCD"

"InvokeVerb" = "showsongs"

HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

MSLivePhotoAcquireDropHandler\

"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"

"InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll" [MS]

MSLiveShowPicturesOnArrival\

"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"

"InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll" [MS]

MSPlayCDAudioOnArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.AudioCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"" [MS]

MSPlayDVDMovieOnArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.DVD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"" [MS]

MSPlaySuperVideoCDMovieOnArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.VCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS]

MSPlayVideoCDMovieOnArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.VCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS]

MSTPCollageHandler\

"Provider" = "@C:\Program Files (x86)\Microsoft Touch Pack for Windows 7\TouchpackShellResources.dll,-117"

"InvokeProgID" = "Microsoft.Surface.TouchApps.Collage.1.0"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.Surface.TouchApps.Collage.1.0\shell\open\command\(Default) = ""C:\Program Files (x86)\Microsoft Touch Pack for Windows 7\Collage.exe" "%1"" [null data]

MSWMPBurnCDOnArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.BurnCD"

"InvokeVerb" = "Burn"

HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L"" [MS]

NeroAutoPlay9CDAudio\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay9CopyCD\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe -w /Dialog:DiscCopy" ["Nero AG"]

NeroAutoPlay9DataDisc\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe -w /New:ISODisc" ["Nero AG"]

NeroAutoPlay9LaunchNeroStartSmart\

"Provider" = "Nero StartSmart"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

PCinemaPlayCDAudioOnArrival\

"Provider" = "PowerCinema"

"InvokeProgID" = "AudioCD"

"InvokeVerb" = "PlayWithPowerCinema"

HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerCinema\Command\(Default) = ""C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY CD "%L"" ["CyberLink Corp."]

PCMMoviePlayBluRayOnArrival\

"Provider" = "PowerCinema"

"InvokeProgID" = "BD"

"InvokeVerb" = "PlayWithPCMMovie"

HKLM\SOFTWARE\Classes\BD\shell\PlayWithPCMMovie\Command\(Default) = ""C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

PCMMoviePlayDVDMovieOnArrival\

"Provider" = "PowerCinema"

"InvokeProgID" = "DVD"

"InvokeVerb" = "PlayWithPCMMovie"

HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPCMMovie\Command\(Default) = ""C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

PCMMoviePlaySVCDOnArrival\

"Provider" = "PowerCinema"

"InvokeProgID" = "SVCD"

"InvokeVerb" = "PlayWithPCMMovie"

HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPCMMovie\Command\(Default) = ""C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe" "%L"" ["CyberLink Corp."]

PCMMoviePlayVCDMovieOnArrival\

"Provider" = "PowerCinema"

"InvokeProgID" = "VCD"

"InvokeVerb" = "PlayWithPCMMovie"

HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPCMMovie\Command\(Default) = ""C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

VLCPlayCDAudioOnArrival\