TechSpot

Need help removing System-Check malware virus

Solved
By res0jh1y2
Jan 2, 2012
  1. Some where my PC became infected with the System-Check malware virus that is giving me false hard drive and RAM hardware failure errors. I takes over my screen with a blank screen and locks out using Task Manager. I am running Vista with Microsoft Essentials security which is up to date but does not find the malware when I do a full scan. I have used the Microsoft malware remover and Malwarebytes' Anti-Malware (ran in Safe mode) which found infections which I removed but they have not removed this System-Check malware virus. I am new to Techspot, below is my log. My GMER and DDS logs were too long to include here.


    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.02.05

    Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    OWNER :: OWNER-PC-DEN [administrator]

    Protection: Disabled

    1/2/2012 4:35:51 PM
    mbam-log-2012-01-02 (16-35-51).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 434790
    Time elapsed: 1 hour(s), 8 minute(s), 22 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\OWNER\Desktop\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
    C:\Windows\System32\winexplorer.dll.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    (end)

    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.02.06

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    OWNER :: OWNER-PC-DEN [administrator]

    Protection: Enabled

    1/2/2012 6:14:04 PM
    mbam-log-2012-01-02 (18-14-04).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 215118
    Time elapsed: 10 minute(s), 37 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  2. res0jh1y2

    res0jh1y2 TS Rookie Topic Starter Posts: 24

    Logs

    1. GMER Log attached, too big to paste.

    2. DDS log

    3. DDS Attach
    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by OWNER at 19:43:29 on 2012-01-02
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1629 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Camera Assistant Software for ViewSonic\traybar.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\OWNER\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\ProgramData\rojcXnmSQnPTbrc.exe
    C:\Program Files\Creative Home\Hallmark Card Studio Trial Edition 2009\Planner\PLNRnote.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Windows Home Server\WHSTrayApp.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Windows Home Server\esClient.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Verizon\VSP\ServicepointService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Windows Home Server\WHSConnector.exe
    C:\Program Files\Camera Assistant Software for ViewSonic\CEC_MAIN.exe
    C:\Windows\system32\WUDFHost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\alg.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\ProgramData\7eGXsUa44RsITX.exe
    C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.washingtonpost.com/
    mStart Page = hxxp://www.yahoo.com
    mDefault_Page_URL = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: AOL Radio Toolbar Search Class: {69224684-5682-419b-9fe4-ef7946ee3319} - c:\program files\aol radio toolbar\aolradiotb.dll
    uURLSearchHooks: johnqtv1 Toolbar: {e413a417-d00b-4a3b-9c17-19048046f1ce} - c:\program files\johnqtv1\tbjohn.dll
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    mURLSearchHooks: AOL Radio Toolbar Search Class: {69224684-5682-419b-9fe4-ef7946ee3319} - c:\program files\aol radio toolbar\aolradiotb.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AOL Radio Toolbar Loader: {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - c:\program files\aol radio toolbar\aolradiotb.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: johnqtv1 Toolbar: {e413a417-d00b-4a3b-9c17-19048046f1ce} - c:\program files\johnqtv1\tbjohn.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    TB: johnqtv1 Toolbar: {e413a417-d00b-4a3b-9c17-19048046f1ce} - c:\program files\johnqtv1\tbjohn.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: AOL Radio Toolbar: {9167da98-6f9b-46f1-991d-826cae46cab6} - c:\program files\aol radio toolbar\aolradiotb.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
    uRun: [MoneyInsights] "c:\program files\microsoft money plus\mnycorefiles\mnyinsit.exe"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [MusicManager] "c:\users\owner\appdata\local\programs\google\musicmanager\MusicManager.exe"
    uRun: [rojcXnmSQnPTbrc.exe] c:\programdata\rojcXnmSQnPTbrc.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
    mRun: [Camera Assistant Software] "c:\program files\camera assistant software for viewsonic\traybar.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
    mRun: [USBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
    mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventp~1.lnk - c:\windows\installer\{7b1ff9c5-abde-4d1b-be70-df6a4a546131}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
    DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{81920D7E-5609-4616-BCCD-A2BA500F3AA1} : DhcpNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
    R1 MpKslcea74710;MpKslcea74710;c:\programdata\microsoft\microsoft antimalware\definition updates\{d433473d-0f65-406f-9b60-f8e3dd4b80a2}\MpKslcea74710.sys [2012-1-2 29904]
    R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2011-1-10 97136]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-2 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-2 652872]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-12-28 2253120]
    R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2011-3-10 689464]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248]
    R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]
    R3 DVxplore;NVTV;c:\windows\system32\drivers\DVxplore.sys [2007-9-29 73344]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-2 20464]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
    R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2010-3-23 1170464]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 239472]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-31 135664]
    S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2008-6-23 362992]
    S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-6-23 309744]
    S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-6-23 166384]
    S3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2007-9-6 46368]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-24 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-31 135664]
    S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\drivers\MarvinAVS.sys [2007-5-9 434176]
    S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2008-6-23 313840]
    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-6-23 1120752]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
    .
    =============== Created Last 30 ================
    .
    2012-01-02 23:36:19 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d433473d-0f65-406f-9b60-f8e3dd4b80a2}\MpKslcea74710.sys
    2012-01-02 23:35:57 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d433473d-0f65-406f-9b60-f8e3dd4b80a2}\offreg.dll
    2012-01-02 23:35:53 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d433473d-0f65-406f-9b60-f8e3dd4b80a2}\mpengine.dll
    2012-01-02 23:09:28 -------- d--h--w- c:\users\owner\appdata\local\{7298B8D8-C1FB-4AF3-B595-D9CF9287E74D}
    2012-01-02 23:09:04 -------- d--h--w- c:\users\owner\appdata\local\{3DDB63DB-EB9A-4F01-B115-78E2C88F20A3}
    2012-01-02 21:34:37 -------- d--h--w- c:\users\owner\appdata\roaming\Malwarebytes
    2012-01-02 21:34:22 -------- d--h--w- c:\programdata\Malwarebytes
    2012-01-02 21:34:21 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-02 21:34:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-02 01:01:34 -------- d--h--w- c:\users\owner\appdata\local\{418E58D4-1348-4FAE-B094-9468DCCF0E5E}
    2012-01-02 01:01:13 -------- d--h--w- c:\users\owner\appdata\local\{B7FFD582-75BF-4597-A6F2-4EEB04D6451E}
    2012-01-01 18:28:55 366462 ---ha-w- c:\programdata\7eGXsUa44RsITX.exe
    2012-01-01 15:52:03 458622 ---ha-w- c:\programdata\rojcXnmSQnPTbrc.exe
    2012-01-01 13:00:43 -------- d--h--w- c:\users\owner\appdata\local\{3799A976-DD16-4697-AAFB-E6AF0CE27E56}
    2012-01-01 13:00:21 -------- d--h--w- c:\users\owner\appdata\local\{F0F78033-C146-405C-9F9D-A89066AD9605}
    2011-12-31 15:38:20 -------- d--h--w- c:\users\owner\appdata\local\{CB731A8F-7714-42A8-91BE-D1EE7C943516}
    2011-12-31 15:37:52 -------- d--h--w- c:\users\owner\appdata\local\{D17A7992-834E-4D0A-A026-7FCA624949DC}
    2011-12-31 00:45:26 -------- d--h--w- c:\users\owner\appdata\local\{0E15062F-3981-40A8-8AD9-A02FC52BB1B1}
    2011-12-31 00:45:04 -------- d--h--w- c:\users\owner\appdata\local\{04CDFF29-AC6B-40BE-9C28-13AE5CE57F1F}
    2011-12-30 13:20:05 919872 ----a-w- c:\windows\system32\nvdispco32.dll
    2011-12-30 13:20:05 877376 ----a-w- c:\windows\system32\nvgenco32.dll
    2011-12-30 13:20:05 61248 ----a-w- c:\windows\system32\OpenCL.dll
    2011-12-30 13:20:05 18871616 ----a-w- c:\windows\system32\nvoglv32.dll
    2011-12-30 13:20:05 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-12-30 13:20:04 5578560 ----a-w- c:\windows\system32\nvcuda.dll
    2011-12-30 13:20:04 2401088 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-12-30 13:20:04 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-12-30 13:20:04 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-12-30 12:44:40 -------- d--h--w- c:\users\owner\appdata\local\{008C5F84-D810-4062-BB93-E2E3D6EA94C4}
    2011-12-30 12:44:30 -------- d--h--w- c:\users\owner\appdata\local\{8B3DD721-61BF-4C9A-9154-7702642CE903}
    2011-12-29 15:07:57 -------- d--h--w- c:\users\owner\appdata\local\{3C309ADD-8A53-4547-A842-2AFD25B103EA}
    2011-12-29 15:07:38 -------- d--h--w- c:\users\owner\appdata\local\{2F8E11C8-D6E2-4B3F-92F0-5BCE7AEE3694}
    2011-12-29 01:54:20 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
    2011-12-29 01:54:18 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
    2011-12-29 01:48:59 -------- d-----w- c:\windows\system32\drivers\umdf\nl-NL
    2011-12-29 01:48:55 -------- d-----w- c:\windows\system32\drivers\umdf\it-IT
    2011-12-29 01:48:52 -------- d-----w- c:\windows\system32\drivers\umdf\de-DE
    2011-12-29 01:48:48 -------- d-----w- c:\windows\system32\drivers\umdf\fr-FR
    2011-12-29 01:48:44 -------- d-----w- c:\windows\system32\drivers\umdf\es-ES
    2011-12-28 14:35:47 -------- d--h--w- c:\users\owner\appdata\local\{7F7F0E3E-7D31-41F5-9C67-62177DF216BF}
    2011-12-28 14:35:26 -------- d--h--w- c:\users\owner\appdata\local\{EFC84986-05D8-4D1F-A9AD-D89F26DC3E9B}
    2011-12-28 00:27:34 -------- d--h--w- c:\users\owner\appdata\local\{6ABA2B91-8FC8-496B-A1DD-2CFCD6667657}
    2011-12-28 00:27:13 -------- d--h--w- c:\users\owner\appdata\local\{2D99B19E-9AF2-4EB9-8B4C-372C3756AAD4}
    2011-12-27 12:26:59 -------- d--h--w- c:\users\owner\appdata\local\{E0082879-7A31-4211-87B5-70FB68931B3E}
    2011-12-27 12:26:34 -------- d--h--w- c:\users\owner\appdata\local\{E8793C07-5B7A-4BE8-A314-AE7429B6816D}
    2011-12-26 21:12:25 -------- d--h--w- c:\users\owner\appdata\local\{9607B1CC-472C-4E23-8B18-CF7F6934314E}
    2011-12-26 21:12:09 -------- d--h--w- c:\users\owner\appdata\local\{15AAF5A9-F8B3-4757-B0D1-8D0FAA8CABCF}
    2011-12-23 13:45:43 -------- d--h--w- c:\users\owner\appdata\local\{3A082929-01A2-4F19-BE6D-62013731A2F1}
    2011-12-23 13:45:19 -------- d--h--w- c:\users\owner\appdata\local\{C2536868-B2E9-4A5B-BD59-D009E562A8B9}
    2011-12-22 22:39:55 -------- d--h--w- c:\users\owner\appdata\local\{3C2FD598-EF72-49E9-ADA7-D0A4DD06B84C}
    2011-12-22 22:39:41 -------- d--h--w- c:\users\owner\appdata\local\{20BA3FC1-F841-412C-8D2F-A76CA6E6A8D9}
    2011-12-21 23:11:51 -------- d--h--w- c:\users\owner\appdata\local\{7AF92889-7DD8-4E9A-AAAD-71E69F84E710}
    2011-12-21 23:11:29 -------- d--h--w- c:\users\owner\appdata\local\{B5AA8C0F-E017-4728-812E-CD0E426593B9}
    2011-12-21 11:11:01 -------- d--h--w- c:\users\owner\appdata\local\{90F8E8DF-E2CE-44FE-A1E1-980B3B710C04}
    2011-12-21 11:10:43 -------- d--h--w- c:\users\owner\appdata\local\{4026FEBA-291A-4C51-AFA2-49C41C4ED3C1}
    2011-12-19 15:16:54 -------- d--h--w- c:\users\owner\appdata\local\{76548B33-D73A-494C-B6F7-E8AA68B05BA4}
    2011-12-19 15:16:41 -------- d--h--w- c:\users\owner\appdata\local\{CC925330-7BFA-421B-9816-4B4F9D748AAC}
    2011-12-18 22:15:53 -------- d--h--w- c:\users\owner\appdata\local\{65615064-A1EB-400A-9664-F0FAFB1AA476}
    2011-12-18 22:15:39 -------- d--h--w- c:\users\owner\appdata\local\{85C4E1B8-1F3D-43F9-A9B3-F3797DF82074}
    2011-12-17 22:45:18 -------- d-----w- c:\program files\iPod
    2011-12-17 22:45:15 -------- d-----w- c:\program files\iTunes
    2011-12-17 11:38:07 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-17 11:38:07 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-12-17 11:38:06 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-17 11:38:05 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-12-17 11:38:03 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-12-17 11:38:01 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-17 11:37:53 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-17 11:31:32 -------- d--h--w- c:\users\owner\appdata\local\{0BCDEFBC-4B83-450C-AE1E-76D3B1B4ECF1}
    2011-12-17 11:31:20 -------- d--h--w- c:\users\owner\appdata\local\{77E37575-15D1-4DE6-AEB3-C32E983FB55C}
    2011-12-11 15:00:33 -------- d--h--w- c:\users\owner\appdata\local\{0D3C7A68-D8C3-4946-B311-4A6525A98379}
    2011-12-11 15:00:06 -------- d--h--w- c:\users\owner\appdata\local\{108E2AE0-100C-48FF-B71F-10EB24388C35}
    2011-12-04 20:38:31 -------- d--h--w- c:\users\owner\appdata\local\Programs
    2011-12-04 17:48:57 -------- d--h--w- c:\users\owner\appdata\local\{F58FF0C0-AB62-4B1E-9931-28FDE618A3E4}
    2011-12-04 17:48:32 -------- d--h--w- c:\users\owner\appdata\local\{EFD557A4-C050-489E-9329-5DD59461EC13}
    .
    ==================== Find3M ====================
    .
    2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-15 08:53:00 7041856 ----a-w- c:\windows\system32\nvwgf2um.dll
    2011-10-15 08:53:00 6350144 ----a-w- c:\windows\system32\nvcpl.dll
    2011-10-15 08:53:00 3840320 ----a-w- c:\windows\system32\nvsvc.dll
    2011-10-15 08:53:00 2458432 ----a-w- c:\windows\system32\nvapi.dll
    2011-10-15 08:53:00 203072 ----a-w- c:\windows\system32\nvmctray.dll
    2011-10-15 08:53:00 13205312 ----a-w- c:\windows\system32\nvd3dum.dll
    2011-10-15 08:53:00 123712 ----a-w- c:\windows\system32\nvshext.dll
    2011-10-15 08:53:00 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-10-15 05:54:52 321856 ----a-w- c:\windows\system32\nvStreaming.exe
    2002-07-26 23:02:06 153088 ----a-w- c:\program files\UNWISE.EXE
    .
    ============= FINISH: 19:44:01.00 ===============
     

    Attached Files:

  3. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================================

    As out forum rules say...
    All logs have to be pasted.
    Split longer logs between several replies if needed.
     
  4. res0jh1y2

    res0jh1y2 TS Rookie Topic Starter Posts: 24

    Attach Log

    Thank-you for your help. Here is the Attach Log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/29/2007 9:11:54 AM
    System Uptime: 1/2/2012 6:30:47 PM (1 hours ago)
    .
    Motherboard: Intel Corporation | | DG33BU
    Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | J1PR | 2664/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 60.666 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart 3300 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart 3300 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    3100_3200_3300_Help
    3100_3200_3300trb
    32 Bit HP CIO Components Installer
    3300
    Adobe Acrobat 4.0
    Adobe Digital Editions
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.3.1
    Adobe® Photoshop® Album Starter Edition 3.2
    AIO_CDB_ProductContext
    AIO_CDB_Software
    AIO_Scan
    AnswerWorks 4.0 Runtime - English
    AnswerWorks 5.0 English Runtime
    AOL Radio Toolbar
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AQUAZONE "Virtual Aquarium Collection"
    Audit Support Center 1.0
    Avery Wizard 3.1
    AXIS Media Control Embedded
    AXIS Media Control Embedded Installer
    Berlitz Before You Know It Flash Cards
    Berlitz Learning System - Italian
    Bing Bar
    Bing Rewards Client Installer
    Bonjour
    BufferChm
    Camera Assistant Software for ViewSonic
    Chinese Simplified Fonts Support For Adobe Reader 8
    Copy
    Cucusoft DVD to Zune + Zune Video Converter Suite 8.2.8.2
    CustomerResearchQFolder
    D3DX10
    Destinations
    DeviceManagementQFolder
    DirectXInstallService
    DivX Content Uploader
    DivX Web Player
    DocProc
    DocProcQFolder
    Download Updater (AOL LLC)
    EMC 10 Content
    eSupportQFolder
    Fax
    Form Fill (Windows Live Toolbar)
    Garmin City Navigator North America NT 2010.30
    Garmin City Navigator North America NT 2011.10 Update
    Garmin City Navigator North America NT 2012.30 Update
    Garmin Communicator Plugin
    Garmin Lifetime Updater
    Garmin USB Drivers
    Garmin WebUpdater
    Google Chrome
    Google Earth
    Google SketchUp Pro 8
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    GoToMeeting 4.5.0.457
    Hallmark Card Studio Trial Edition 2009
    HDView for Internet Explorer
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 8.0
    HP Imaging Device Functions 8.0
    HP MediaSmart Server
    HP OCR Software 8.0
    HP Photosmart Essential
    HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
    HP Product Assistant
    HP Product Detection
    HP Solution Center 8.0
    HP Update
    HPDiagnosticAlert
    HPProductAssistant
    HPSSupply
    Hulu Desktop
    iCloud
    Intel(R) Management Engine Interface
    Intel(R) PRO Network Connections 12.1.12.0
    iTunes
    Japanese Fonts Support For Adobe Reader 8
    Java(TM) 6 Update 20
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    johnqtv1 Toolbar
    Junk Mail filter update
    LightScribe 1.4.124.1
    Malwarebytes Anti-Malware version 1.60.0.1800
    Map Button (Windows Live Toolbar)
    MarketResearch
    MemoriesOnTV
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Default Manager
    Microsoft IntelliPoint 6.2
    Microsoft IntelliType Pro 6.1
    Microsoft Money Plus
    Microsoft Money Shared Libraries
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office Live Add-in Patches
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft UI Engine
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    MobileMe Control Panel
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 4.0 SP3 Parser (KB973685)
    Multimedia Bible and Christian References
    Music Manager
    neroxml
    NetDeviceManager
    NetZero For Cosmi
    NVIDIA 3D Vision Controller Driver 285.62
    NVIDIA 3D Vision Driver 285.62
    NVIDIA Control Panel 285.62
    NVIDIA ForceWare Multimedia
    NVIDIA Graphics Driver 285.62
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.11.0621
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.5.20
    NVIDIA Update Components
    OGA Notifier 2.0.0048.0
    OverDrive Media Console
    PDF-File Converter
    Print Artist 22 Platinum
    PVSonyDll
    Quicken 2010
    Quicken WillMaker Plus 2007
    QuickTime
    Realtek High Definition Audio Driver
    Redist
    Rhapsody Player Engine
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio CinePlayer
    Roxio CinePlayer Decoder Pack
    Roxio Disc Gallery
    Roxio Easy Media Creator
    Roxio Easy Media Creator 10 Suite
    Roxio File Backup
    Roxio MediaShare
    Roxio Update Manager
    Safari
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Segoe UI
    Shipping Assistant 3.6
    Shop for HP Supplies
    Skype Toolbars
    Skype™ 5.1
    Smart Menus (Windows Live Toolbar)
    SmartSound Quicktracks Plugin
    SolutionCenter
    Status
    Studio 10
    Studio 10.8 Patch
    System Requirements Lab
    Toolbox
    TrayApp
    TurboTax 2008
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wrapper
    TurboTax 2008 wvaiper
    TurboTax 2009
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wrapper
    TurboTax 2009 wvaiper
    TurboTax 2010
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    TurboTax 2010 wvaiper
    TurboTax Deluxe 2007
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Verizon FiOS Activation
    Verizon Media Manager
    Verizon Servicepoint 3.7.44
    Verizon Yahoo! Applications
    ViewSonic Windows Vista Signed Files
    Virtual Earth 3D (Beta)
    Vz In Home Agent
    WebReg
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Home Server Connector
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live Toolbar Feed Detector (Windows Live Toolbar)
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Mobile Device Updater Component
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Software Update
    Zune
    Zune Language Pack (CHS)
    Zune Language Pack (CHT)
    Zune Language Pack (CSY)
    Zune Language Pack (DAN)
    Zune Language Pack (DEU)
    Zune Language Pack (ELL)
    Zune Language Pack (ESP)
    Zune Language Pack (FIN)
    Zune Language Pack (FRA)
    Zune Language Pack (HUN)
    Zune Language Pack (IND)
    Zune Language Pack (ITA)
    Zune Language Pack (JPN)
    Zune Language Pack (KOR)
    Zune Language Pack (MSL)
    Zune Language Pack (NLD)
    Zune Language Pack (NOR)
    Zune Language Pack (PLK)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    Zune Language Pack (RUS)
    Zune Language Pack (SVE)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/31/2011 10:37:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/28/2011 8:52:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/27/2011 8:55:23 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2572067).
    12/27/2011 7:26:18 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/2/2012 6:33:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Center Scheduler Service service to connect.
    1/2/2012 6:33:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Center Receiver Service service to connect.
    1/2/2012 6:33:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service ehSched with arguments "-Service" in order to run the server: {4B635ECB-0887-4015-8CA6-D621362F98D1}
    1/2/2012 6:33:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service ehRecvr with arguments "-Service" in order to run the server: {F4396DC6-E851-4D3A-8D01-34E6949F3500}
    1/2/2012 6:32:17 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    1/2/2012 6:32:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
    1/2/2012 6:32:06 PM, Error: Service Control Manager [7001] - The Windows Media Center TV Archive Transfer Service service depends on the Windows Media Center Receiver Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    1/2/2012 6:32:06 PM, Error: Service Control Manager [7000] - The McciCMService service failed to start due to the following error: The system cannot find the path specified.
    1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 68.48.240.75:6331. The error status code is contained within the returned data.
    1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.100.11:6331. The error status code is contained within the returned data.
    1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.5:63331. The error status code is contained within the returned data.
    1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.4:63331. The error status code is contained within the returned data.
    1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.3:63331. The error status code is contained within the returned data.
    1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.2:63331. The error status code is contained within the returned data.
    1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.0.8:63331. The error status code is contained within the returned data.
    1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.0.8:6331. The error status code is contained within the returned data.
    1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.0.3:63331. The error status code is contained within the returned data.
    1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.0.2:63331. The error status code is contained within the returned data.
    1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.175.184:63331. The error status code is contained within the returned data.
    1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.132.28:63331. The error status code is contained within the returned data.
    1/2/2012 6:13:28 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    1/2/2012 4:28:40 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    1/2/2012 4:26:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt MpFilter PCLEPCI spldr Wanarpv6
    1/2/2012 4:26:56 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    1/2/2012 4:26:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/2/2012 4:26:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/2/2012 4:26:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    1/2/2012 4:26:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/2/2012 4:26:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/1/2012 7:58:56 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Quicken PDF Printer with shared resource name Quicken PDF Printer. Error 2114. The printer cannot be used by others on the network.
    1/1/2012 7:58:56 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Photosmart 3300 series (USB) with shared resource name HP Photosmart 3300 series (Copy 1). Error 2114. The printer cannot be used by others on the network.
    1/1/2012 6:08:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    1/1/2012 5:35:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    1/1/2012 5:35:18 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  5. res0jh1y2

    res0jh1y2 TS Rookie Topic Starter Posts: 24

    GMER Log part 1 of 3

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-02 22:20:51
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD5000AAKS-00TMA0 rev.12.01C01
    Running: crppjugr.exe; Driver: C:\Users\OWNER\AppData\Local\Temp\kgloafoc.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    ? C:\Users\OWNER\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Camera Assistant Software for ViewSonic\CEC_MAIN.exe[1636] ntdll.dll!DbgBreakPoint 77CC884E 1 Byte [90]
    .text C:\ProgramData\7eGXsUa44RsITX.exe[3952] explorer.exe 04081C52 2 Bytes [3B, 00] {CMP EAX, [EAX]}
    .text C:\ProgramData\7eGXsUa44RsITX.exe[3952] explorer.exe 04081C56 2 Bytes [39, 00] {CMP [EAX], EAX}
    .text C:\ProgramData\7eGXsUa44RsITX.exe[3952] explorer.exe 04081C5A 2 Bytes [3B, 00] {CMP EAX, [EAX]}
    .text C:\ProgramData\7eGXsUa44RsITX.exe[3952] explorer.exe 04081C5E 2 Bytes [39, 00] {CMP [EAX], EAX}
    .text C:\ProgramData\7eGXsUa44RsITX.exe[3952] explorer.exe 04081C62 2 Bytes [39, 00] {CMP [EAX], EAX}
    .text ...

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74B37817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74B8A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74B3BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74B2F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74B375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74B2E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74B68395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74B3DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74B2FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74B2FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74B271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74BBCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74B5C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74B2D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74B26853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74B2687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74B32AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegCloseKey] [77CC7908] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegCreateKeyW] [77CB391E] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegGetValueW] [77CB3EF9] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegOpenKeyExW] [77CC7BA1] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegCreateKeyExW] [77CB41F1] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegSetValueExW] [77CB3D5A] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegQueryValueExW] [77CC765E] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!GetLengthSid] [77CBE2FA] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!GetTokenInformation] [77CC8069] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!OpenProcessToken] [77CC7DDC] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!GetUserNameW] [77CA31D8] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegDeleteValueW] [77CA3FB6] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegEnumKeyExW] [77CC7F52] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegQueryInfoKeyW] [77CB48B4] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegOpenKeyW] [77CBE2B5] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegEnumKeyW] [77CC80C3] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegEnumValueW] [77CA9850] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!CloseServiceHandle] [77CA82A5] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!OpenServiceW] [77CA8354] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!OpenSCManagerW] [77CA7137] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!QueryServiceStatus] [77CA842C] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!CheckTokenMembership] [77CB58A1] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!ConvertStringSecurityDescriptorToSecurityDescriptorW] [77CA4611] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!OpenThreadToken] [77CC779D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!ConvertSidToStringSidW] [77CA9017] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!StartServiceW] [77CA3E0B] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!CreateWellKnownSid] [77CBD263] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetSystemTime] [77DF1840] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetFileAttributesW] [77E3D281] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!FindClose] [77E2F255] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!FindNextFileW] [77E1B79E] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!FindFirstFileW] [77E2F00C] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetLocalTime] [77E3D5F4] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetDateFormatW] [77E32DD8] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetTimeFormatW] [77E3324A] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetLocaleInfoW] [77E1A6E3] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!FlushInstructionCache] [77E0A43F] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!RaiseException] [77E2FB56] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetSystemWindowsDirectoryW] [77E34455] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SetLastError] [77E3A640] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!ReadFile] [77E2F02B] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetFileSize] [77E37148] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CreateFileW] [77E3AECB] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!InterlockedCompareExchange] [77E3943C] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!LoadLibraryA] [77E194DC] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SystemTimeToFileTime] [77E3CB31] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [77E36B51] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GlobalGetAtomNameW] [77E0AD4E] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!MultiByteToWideChar] [77E3CCDB] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetEnvironmentVariableW] [77E198CE] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetCurrentProcessId] [77E3A651] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetModuleHandleW] [77E3A804] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!lstrlenW] [77E39A32] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!OpenEventW] [77E0BF97] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SetEvent] [77E3A6B4] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetBinaryTypeW] [77E421D7] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [77DF18C0] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CompareFileTime] [77E17CC2] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GlobalFree] [77E37E13] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetTickCount] [77E39706] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!MulDiv] [77E39460] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetUserDefaultLangID] [77E105E2] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetPrivateProfileIntW] [77DF9D8A] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetCurrentThread] [77E3D006] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetThreadPriority] [77E103DF] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetCurrentThreadId] [77E399F0] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SetThreadPriority] [77E0F8CA] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CompareStringOrdinal] [77E37C30] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!lstrcmpiW] [77E36FDA] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!HeapSetInformation] [77E1A824] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SetErrorMode] [77E3D300] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CreateMutexW] [77E3D555] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!ReleaseMutex] [77E39782] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetTimeZoneInformation] [77E307B7] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SetFilePointer] [77E2FC1D] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SetProcessShutdownParameters] [77DFE8B1] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetSystemDirectoryW] [77E2FAF9] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CreateEventW] [77E3B65E] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SetTermsrvAppInstallMode] [77E86B17] C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!RegisterApplicationRestart] [77E0BD66] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!ExitProcess] [77E341D8] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetModuleFileNameW] [77E3B27E] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetPrivateProfileStringW] [77E08B0C] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!HeapDestroy] [77E0F67A] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetCurrentProcess] [77E3C905] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetProcessHeap] [77E3B68F] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!QueryPerformanceFrequency] [77E0EECB] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetFileAttributesExW] [77E09B95] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!QueueUserWorkItem] [77E09054] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetLongPathNameW] [77E2F333] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetProcessTimes] [77DFBBCE] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!TerminateThread] [77E341F7] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetProcessId] [77E36D9B] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CreateIoCompletionPort] [77E19CB4] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetQueuedCompletionStatus] [77E3D0F5] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetWindowsDirectoryW] [77E344A6] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!FormatMessageW] [77E113D4] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!QueryFullProcessImageNameW] [77E104FF] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GlobalAlloc] [77E37D34] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!DuplicateHandle] [77E33B3F] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetCurrentDirectoryW] [77E1DC12] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!WideCharToMultiByte] [77E3CBF8] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!WriteFile] [77E3A9C1] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!DeactivateActCtx] [77E0C6E5] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!ActivateActCtx] [77E0C691] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!ReleaseActCtx] [77E34163] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CreateActCtxW] [77E0C721] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!FindResourceExW] [77E369FD] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!LoadResource] [77E36ADB] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!LockResource] [77E368DF] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetUserDefaultUILanguage] [77E30723] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!LoadLibraryW] [77E19362] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetProcAddress] [77E3903B] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!FreeLibrary] [77E33DB4] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!WaitForSingleObject] [77E397E0] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CreateProcessW] [77DF1BF3] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetCommandLineW] [77E19C80] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetStartupInfoW] [77DF1929] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CreateThread] [77E3C90E] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!AssignProcessToJobObject] [77DF50C2] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!ResumeThread] [77E0C2D8] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!Sleep] [77DF1C5D] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!QueryInformationJobObject] [77DF32A8] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!LocalAlloc] [77E3ADF9] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!LocalFree] [77E3AD76] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CloseHandle] [77E3AE8D] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!OpenProcess] [77E37267] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SetPriorityClass] [77E08FC9] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetPriorityClass] [77DFAF31] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CreateJobObjectW] [77DF4907] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SetInformationJobObject] [77DF4874] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetLastError] [77E3A6F9] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!InterlockedDecrement] [77E39414] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!InterlockedIncrement] [77E39400] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!HeapFree] [77E39A12] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!UnhandledExceptionFilter] [77E8FD89] C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!TerminateProcess] [77DF18EF] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!QueryPerformanceCounter] [77E3A660] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetModuleHandleA] [77E392A5] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [77E1A84F] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!InterlockedExchange] [77E39428] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!VirtualAlloc] [77E3AD55] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!VirtualFree] [77E340AA] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!DelayLoadFailureHook] [77EA93BD] C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetStockObject] [77B659F4] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!CombineRgn] [77B6A156] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetLayout] [77B68010] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!CreatePatternBrush] [77B6973F] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!OffsetViewportOrgEx] [77B6E279] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GdiAlphaBlend] [77B68417] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetTextExtentPoint32W] [77B6C01A] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!ExtTextOutW] [77B6872B] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!SetWindowOrgEx] [77B68ECA] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetPixel] [77B6BE90] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!PatBlt] [77B65D09] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!CreateRectRgn] [77B67F07] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetClipRgn] [77B68BBA] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!IntersectClipRect] [77B68B64] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetViewportOrgEx] [77B690AA] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!SetViewportOrgEx] [77B68E27] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!SelectClipRgn] [77B67AF9] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetBkColor] [77B6A71D] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!CreateCompatibleBitmap] [77B66F60] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!OffsetWindowOrgEx] [77B692B8] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!SetBkColor] [77B66D3A] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetTextExtentPointW] [77B69DE5] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetClipBox] [77B69071] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!CreateDIBSection] [77B67461] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!CreateRectRgnIndirect] [77B68194] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!SetTextColor] [77B6666B] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!SetBkMode] [77B66716] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetTextMetricsW] [77B68A81] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!CreateFontIndirectW] [77B696B9] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!CreateSolidBrush] [77B6664F] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetObjectW] [77B67198] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!DeleteObject] [77B65A37] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
     
  6. res0jh1y2

    res0jh1y2 TS Rookie Topic Starter Posts: 24

    GMER Log part 2 of 3

    Part 2 of 3
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-02 22:20:51
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD5000AAKS-00TMA0 rev.12.01C01
    Running: crppjugr.exe; Driver: C:\Users\OWNER\AppData\Local\Temp\kgloafoc.sys

    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!CreateCompatibleDC] [77B66101] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!SelectObject] [77B662A0] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!BitBlt] [77B670A6] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!DeleteDC] [77B668CD] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetDeviceCaps] [77B6617F] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetDlgItem] [77D5D472] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!LoadCursorW] [77D5D9D1] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!RegisterClassW] [77D5E1AB] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IsChild] [77D645C0] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetTimer] [77D70BA2] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!MonitorFromRect] [77D61709] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetWindowTextW] [77D69815] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetClassLongW] [77D56C07] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetClassInfoW] [77D67F13] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetClassLongW] [77D68501] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!KillTimer] [77D70AD9] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetClassInfoExW] [77D67DA7] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IsWindowEnabled] [77D65156] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetShellWindow] [77D62032] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetIconInfo] [77D64435] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetScrollInfo] [77D671D8] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetLastActivePopup] [77D80261] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetSystemMenu] [77D61681] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IsIconic] [77D64207] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IsZoomed] [77D64399] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!EnableMenuItem] [77D56E7F] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IsWindowVisible] [77D6878A] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IsWindow] [77D7067B] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!MonitorFromWindow] [77D688D4] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetMonitorInfoW] [77D67D12] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetWindowInfo] [77D6428E] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!BeginDeferWindowPos] [77D64631] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DeferWindowPos] [77D6467F] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!EndDeferWindowPos] [77D64653] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetFocus] [77D63684] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetForegroundWindow] [77D5B8A6] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!LoadMenuW] [77D61412] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetMenuInfo] [77D55951] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetMenuDefaultItem] [77D56E47] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetSubMenu] [77D5BE73] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!TrackPopupMenuEx] [77D80CE7] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!LoadImageW] [77D5C9E5] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!InsertMenuItemW] [77D56F71] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DestroyIcon] [77D6356B] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DeleteMenu] [77D58165] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetMenuItemInfoW] [77D5F311] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetMenuItemInfoW] [77D61EA5] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CharUpperBuffW] [77D66A3D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!PostQuitMessage] [77D680BA] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!LoadStringW] [77D69CCB] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ShutdownBlockReasonCreate] [77D9B8C1] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetWindowLongA] [77D69994] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetWindowLongW] [77D613B4] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!UnregisterDeviceNotification] [77D56713] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!RegisterDeviceNotificationW] [77D560FE] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!RegisterWindowMessageW] [77D5D6AC] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetWindowPos] [77D635E3] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!RegisterClassExW] [77D5DA30] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetDesktopWindow] [77D62314] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!UpdateWindow] [77D622A7] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!InvalidateRect] [77D69062] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!BeginPaint] [77D6A2A3] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!LoadBitmapW] [77D59C71] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetLayeredWindowAttributes] [77D5BDB9] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!EndPaint] [77D6A28F] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ShowWindow] [77D5CA10] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DefWindowProcW] [77D703B4] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!MoveWindow] [77D5989F] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DestroyWindow] [77D67FB6] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!UnregisterClassW] [77D67FDE] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetProcessDPIAware] [77D5CBFA] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!PeekMessageW] [77D7045A] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CreateWindowExW] [77D61305] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DialogBoxParamW] [77D810B0] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!MsgWaitForMultipleObjects] [77D67F3B] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetKeyboardLayout] [77D699F1] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ActivateKeyboardLayout] [77D6478C] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IsProcessDPIAware] [77D63B93] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!PrintWindow] [77D7FF1E] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetDCEx] [77D64D22] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetPropW] [77D71051] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetNextDlgGroupItem] [77D71C12] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetNextDlgTabItem] [77D7279A] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetDlgCtrlID] [77D63F0F] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ChildWindowFromPointEx] [77D7A133] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetCapture] [77D5A986] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetGUIThreadInfo] [77D671C4] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetWindowLongA] [77D5E7CD] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CharUpperW] [77D66B70] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetWindowDC] [77D63BA7] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!RegisterClipboardFormatW] [77D5D6AC] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!UnhookWinEvent] [77D5C06F] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetWinEventHook] [77D59F3A] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ReleaseCapture] [77D830A2] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetUserObjectInformationW] [77D67A5F] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetProcessWindowStation] [77D5D70C] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!FlashWindowEx] [77D7B7F3] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetForegroundWindow] [77D632C4] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!PostMessageW] [77D6A175] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CreatePopupMenu] [77D57AD7] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetWindowThreadProcessId] [77D68F69] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!MsgWaitForMultipleObjectsEx] [77D70FDA] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CharPrevW] [77D69DCF] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CharNextW] [77D60EA7] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DispatchMessageW] [77D7021C] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!TranslateMessage] [77D701AD] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetMessageW] [77D6FEF7] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!EqualRect] [77D6A1F8] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!UnionRect] [77D6A473] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!MapWindowPoints] [77D6A30D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetClientRect] [77D68F0D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!EnumWindows] [77D682FE] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!EndTask] [77D9AD32] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetThreadDesktop] [77D5D6F8] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetThreadDesktop] [77D67A73] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetMenuItemID] [77D83155] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IsHungAppWindow] [77D8078B] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DrawTextW] [77D697D3] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetSysColor] [77D69BF6] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!TrackPopupMenu] [77D714F3] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SendMessageCallbackW] [77D64570] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DeregisterShellHookWindow] [77D97051] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!EndDialog] [77D8326E] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IsDlgButtonChecked] [77D72715] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!LoadIconW] [77D5DA9F] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetSysColorBrush] [77D5E21C] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CloseDesktop] [77D63557] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!OpenInputDesktop] [77D5BCE6] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetActiveWindow] [77D64EF7] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IsRectEmpty] [77D69D9D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetAsyncKeyState] [77D5863C] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!RegisterShellHookWindow] [77D55980] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!FillRect] [77D69865] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetCursorPos] [77D70B88] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetPropW] [77D63DFC] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CopyRect] [77D70D08] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!LockSetForegroundWindow] [77D80030] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!MonitorFromPoint] [77D59C11] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!InflateRect] [77D68D4F] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetClassNameW] [77D5EF2B] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SubtractRect] [77D5CEAA] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!RedrawWindow] [77D6A2E5] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!EnumDisplayMonitors] [77D6844C] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!OffsetRect] [77D70CDF] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IntersectRect] [77D70D3A] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetWindowRgn] [77D5A221] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetMenuState] [77D833D1] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GhostWindowFromHungWindow] [77D56F5D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!HungWindowFromGhostWindow] [77D64778] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetWindowPlacement] [77D838E3] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!RemovePropW] [77D68726] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SendMessageTimeoutW] [77D6352D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!UnregisterHotKey] [77D5B65E] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!RegisterHotKey] [77D5BDA5] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!InsertMenuW] [77D56C67] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ModifyMenuW] [77D8005A] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ClientToScreen] [77D61769] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ScreenToClient] [77D68C56] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetMenuItemCount] [77D5F138] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetFocus] [77D70B40] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetScrollInfo] [77D5F073] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!InternalGetWindowText] [77D641CB] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetKeyState] [77D68CB1] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ChangeDisplaySettingsW] [77D9AAC2] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetWindowLongW] [77D6F8BF] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!EnumChildWindows] [77D5F9EE] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SendMessageW] [77D70AED] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetWindow] [77D63E3E] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetWindowRect] [77D70E21] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!PtInRect] [77D71020] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetCursor] [77D5D37D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ChildWindowFromPoint] [77D962B2] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetCursorPos] [77D96FB2] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetMessagePos] [77D59071] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!LoadAcceleratorsW] [77D5D050] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!WaitMessage] [77D70733] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!TranslateAcceleratorW] [77D69BAE] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetWindowRgnBox] [77D5EE9D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetActiveWindow] [77D646E3] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!MessageBeep] [77D7E42B] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetWindowPlacement] [77D57963] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetRect] [77D70DBF] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SendNotifyMessageW] [77D593D6] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!UpdateLayeredWindow] [77D57A9E] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetLastInputInfo] [77D689CF] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SendDlgItemMessageW] [77D80E38] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!AllowSetForegroundWindow] [77D59B28] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!RemoveMenu] [77D56C4C] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetParent] [77D5A2AA] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CallWindowProcW] [77D7095E] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!EnableWindow] [77D5CD8B] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetDlgItemInt] [77D79C5D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetDlgItemInt] [77D79B15] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CheckDlgButton] [77D79AE5] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CopyIcon] [77D815DC] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DrawFocusRect]
     
  7. res0jh1y2

    res0jh1y2 TS Rookie Topic Starter Posts: 24

    GMER log Part 3 of 4

    Part 3 of 4
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-02 22:20:51
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD5000AAKS-00TMA0 rev.12.01C01
    Running: crppjugr.exe; Driver: C:\Users\OWNER\AppData\Local\Temp\kgloafoc.sys

    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!NotifyWinEvent] [77D70B4D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ExitWindowsEx] [77D9B7C3] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DrawEdge] [77D83681] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!WindowFromPoint] [77D5884F] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetDoubleClickTime] [77D5CE80] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetCapture] [77D830AF] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!TrackMouseEvent] [77D58F27] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!LockWorkStation] [77D720B5] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!AppendMenuW] [77D61EF4] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetParent] [77D690AA] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetScrollPos] [77D83602] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetRectEmpty] [77D63B73] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!AdjustWindowRectEx] [77D60E4A] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!BringWindowToTop] [77D7E3EA] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CascadeWindows] 77DAA4CD
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetSystemMetrics] [77D69AF1] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SystemParametersInfoW] [77D711D8] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!FindWindowW] [77D6A441] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ReleaseDC] [77D69CED] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetDC] [77D69C31] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DestroyMenu] [77D598C7] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetMenuDefaultItem] [77D56DC7] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!TileWindows] 77DAA771
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetAncestor] [77D640B1] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SwitchToThisWindow] [77D83362] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CheckMenuItem] [77D563F5] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ShowWindowAsync] [77D61FCE] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!memset] 70869860
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_unlock] 70869F69
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_ftol2_sse] 7086B20B
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_except_handler4_common] 70885048
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!__set_app_type] 708717F4
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!memcpy] 70869AC0
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!free] 70869BCA
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!memmove] 7086A048
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!realloc] 7086A509
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!__dllonexit] 7086F8D1
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_lock] 70869F85
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_onexit] 70870D59
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!?terminate@@YAXXZ] 708B2F8E
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_controlfp] 7087097D
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_vsnwprintf] 7086B971
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!malloc] 70869C45
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!__wgetmainargs] 708725BE
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_cexit] 70873D34
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_exit] 708C95EE
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!__p__fmode] 7087179B
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_XcptFilter] 708C3126
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!exit] 70873C08
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_wcmdln] 708FE600
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_initterm] 7086C4E6
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_amsg_exit] 708C961D
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!__setusermatherr] 708F566D
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_adjust_fdiv] 70901880
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!__p__commode] 70871790
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ntdll.dll!NtOpenThreadToken] 77F34CB4
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ntdll.dll!NtOpenProcessToken] 77F34C44
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ntdll.dll!RtlGetProductInfo] 77EFE49F
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ntdll.dll!NtQueryInformationToken] 77F34E74
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ntdll.dll!NtClose] 77F34314
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ntdll.dll!NtQueryInformationProcess] 77F34E54
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ntdll.dll!NtSetInformationProcess] 77F35324
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ntdll.dll!WinSqmAddToStream] 77EEB68D
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ntdll.dll!NtSetSystemInformation] 77F353E4
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathGetDriveNumberW] 6E7C5941
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathRemoveFileSpecW] 6E7C0075
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHRegGetUSValueW] 6E7A4F59
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrDupW] 6E7C5A7C
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathQuoteSpacesW] 6E7CDEC3
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrChrIW] 6E7BE721
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHRegOpenUSKeyW] 6E7A4BEC
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHRegQueryUSValueW] 6E7A4DFF
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrCmpW] 6E7C0642
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!AssocQueryStringW] 6E7BA03D
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!AssocQueryKeyW] 6E7BA31D
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathParseIconLocationW] 6E7B5454
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathIsPrefixW] 6E7BA568
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathRemoveExtensionW] 6E7B2615
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHOpenRegStream2W] 6E7B13B2
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathFileExistsW] 6E7BB359
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathFindExtensionW] 6E7C0727
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHQueryInfoKeyW] 6E7B71E0
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHDeleteKeyW] 6E7A2B73
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathAppendW] 6E7C04F2
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHDeleteValueW] 6E7A749D
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathRemoveArgsW] 6E7A27A8
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathRemoveBlanksW] 6E7B8249
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrCmpNIW] 6E7BEDF9
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathFindFileNameW] 6E7BED97
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHSetValueW] 6E7A873D
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHGetValueW] 6E7BFE7B
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHCreateThreadRef] 6E7A4B23
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHSetThreadRef] 6E7A4AF8
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathCombineW] 6E7BB3FB
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHRegGetValueW] 6E7BF2EA
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrToIntW] 6E7B6396
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathGetArgsW] 6E7A27E2
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrChrW] 6E7BED6E
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHStrDupW] 6E7C5B37
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrRetToBufW] 6E7C5C57
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrRetToStrW] 6E7C10FD
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrStrIW] 6E7BE7A3
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathMatchSpecW] 6E7B6A76
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathIsRootW] 6E7BB6F0
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathIsNetworkPathW] 6E7BB700
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHQueryValueExW] 6E7BFEA5
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!AssocCreate] 6E7BA29A
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrCmpIW] 6E7BE702
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrCmpNW] 6E7C061E
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrPBrkW] 6E7A79FE
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathStripToRootW] 6E7B5024
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathIsDirectoryW] 6E7B632E
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetDesktopFolder] [76965FEB] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHBindToFolderIDListParent] [76939B4B] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetIDListFromObject] [769413A5] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHCreateShellItemArrayFromIDLists] [76943305] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHCreateItemFromIDList] [76979DAB] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHCreateShellItemArrayFromShellItem] [76901B2D] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHBindToFolderIDListParentEx] [76976270] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHChangeNotify] [769370CD] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHAddToRecentDocs] [768F6939] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!DuplicateIcon] [769A5899] C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!ShellExecuteW] [768F9725] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetPathFromIDListA] [768F94B7] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHUpdateRecycleBinIcon] [768EDA64] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetKnownFolderIDList] [76971372] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetFolderPathEx] [769658CD] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHFileOperationW] [769268D0] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetPathFromIDListW] [76979841] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!ExtractIconExW] [76A63F54] C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetSpecialFolderLocation] [7697911F] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHBindToParent] [76976390] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!Shell_NotifyIconW] [76938626] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetFolderPathAndSubDirW] [7691319B] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!Shell_GetCachedImageIndexW] [769573AC] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetFolderPathW] [7695A041] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHEvaluateSystemCommandTemplate] [76934DFF] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHBindToObject] [7696E0FC] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!ShellExecuteExW] [7694C135] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetSpecialFolderPathW] [7692DAB8] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHParseDisplayName] [769661B8] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetFolderLocation] [7697835F] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoTaskMemFree] 72C6AF2E
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoCreateInstance] 72C69EA6
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoRegisterClassObject] 72C27DB6
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoRevokeClassObject] 72C5B099
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoGetClassObject] 72C4FABC
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!OleInitialize] 72C2EE43
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!OleUninitialize] 72C8B87D
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoGetObject] 72CBFCC4
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!StringFromGUID2] 72C69BFA
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoUninitialize] 72C6D271
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoInitialize] 72C5035F
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!RevokeDragDrop] 72C8B99B
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!RegisterDragDrop] 72C2F115
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoRegisterMessageFilter] 72C5278D
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoMarshalInterThreadInterfaceInStream] 72C2F2A5
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoGetInterfaceAndReleaseStream] 72C8AF98
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoTaskMemAlloc] 72C69689
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoCreateFreeThreadedMarshaler] 72C6D076
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!DoDragDrop] 72D02152
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoInitializeEx] 72C6AD63
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CreateBindCtx] 72C6E03E
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoFreeUnusedLibraries] 72C674F5
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!PropVariantClear] 72C6CC5B
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!IsCompositionActive] 6DCE3193
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!IsAppThemed] 6DCE9363
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemeMargins] 6DCE9EF1
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemeRect] 6DCF3105
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!IsThemePartDefined] 6DCEA198
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemeBackgroundRegion] 6DCEE5F0
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!DrawThemeTextEx] 6DCE95A8
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemeFont] 6DCED5AD
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemeColor] 6DCE7BA0
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemeBool] 6DCEB05A
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemeInt] 6DCE7BA0
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!SetWindowTheme] 6DCEDE43
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!DrawThemeText] 6DCE3D2C
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemeTextExtent] 6DCE3281
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!DrawThemeBackground] 6DCE3406
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!CloseThemeData] 6DCE79C0
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!OpenThemeData] 6DCE7CF7
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!DrawThemeParentBackground] 6DCE8DB0
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemePartSize] 6DCE7C2E
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemeMetric] 6DCECCDE
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemeBackgroundContentRect] 6DCE813E
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] 748A7817
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] 748FA86D
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] 748ABB22
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] 7489F695
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] 748A75E9
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] 7489E7CA
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] 748D8395
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] 748ADA60
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] 7489FFFA
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] 7489FF61
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] 748971CF
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] 7492CAE2
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] 748CC8D8
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] 7489D968
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] 74896853
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] 7489687E
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] 748A2AD1
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [RPCRT4.dll!RpcBindingFree] [77BF2357] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [RPCRT4.dll!RpcStringFreeW] [77BE5396] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [RPCRT4.dll!RpcBindingFromStringBindingW] [77BE58D1] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [RPCRT4.dll!NdrClientCall2] [77C60ACA] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [RPCRT4.dll!RpcStringBindingComposeW] [77BE5CB8] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [RPCRT4.dll!I_RpcExceptionFilter] [77BC4488] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [RPCRT4.dll!RpcBindingSetAuthInfoExW] [77BDD915] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [614A9CF2] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [614A9D87] C:\Program Files\Yahoo!\Messenger\yui.dll
     
  8. res0jh1y2

    res0jh1y2 TS Rookie Topic Starter Posts: 24

    GMER log Part 4 of 4

    Part 4 of 4
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-02 22:20:51
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD5000AAKS-00TMA0 rev.12.01C01
    Running: crppjugr.exe; Driver: C:\Users\OWNER\AppData\Local\Temp\kgloafoc.sys
    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

    ---- EOF - GMER 1.0.15 ----
     
  9. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  10. res0jh1y2

    res0jh1y2 TS Rookie Topic Starter Posts: 24

    aswMBR and Combofix Logs

    aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-04 19:02:10
    -----------------------------
    19:02:10.779 OS Version: Windows 6.0.6002 Service Pack 2
    19:02:10.780 Number of processors: 2 586 0xF0B
    19:02:10.782 ComputerName: OWNER-PC-DEN UserName: OWNER
    19:02:37.915 Initialize success
    19:20:12.724 AVAST engine defs: 12010401
    19:30:26.121 The log file has been saved successfully to "C:\Users\OWNER\Documents\aswMBR.txt"


    ComboFix 12-01-04.03 - OWNER 01/04/2012 19:40:15.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1893 [GMT -5:00]
    Running from: c:\users\OWNER\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Microsoft
    c:\microsoft\Internet Explorer\Quick Launch\Verizon Yahoo! Messenger.lnk
    c:\program files\Common Files\Uninstall
    c:\program files\Common Files\Uninstall\PAV\Uninstall.lnk
    c:\program files\UNWISE.EXE
    c:\programdata\~7eGXsUa44RsITX
    c:\programdata\~7eGXsUa44RsITXr
    c:\programdata\7eGXsUa44RsITX
    c:\users\OWNER\AppData\Local\assembly\tmp
    c:\users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
    c:\users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
    c:\users\OWNER\Desktop\Search.lnk
    c:\users\OWNER\Desktop\System Check.lnk
    c:\users\OWNER\g2mdlhlpx.exe
    c:\windows\MailSwitch.ocx
    c:\windows\system32\drivers\etc\hosts.ics
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-05 00:48 . 2012-01-05 00:48 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-05 00:08 . 2012-01-05 00:08 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3755F1A-139B-4FEF-85E0-CD61AB28968C}\MpKsl60434771.sys
    2012-01-05 00:08 . 2012-01-05 00:08 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3755F1A-139B-4FEF-85E0-CD61AB28968C}\offreg.dll
    2012-01-05 00:08 . 2011-11-21 07:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3755F1A-139B-4FEF-85E0-CD61AB28968C}\mpengine.dll
    2012-01-02 21:34 . 2012-01-02 21:34 -------- d--h--w- c:\users\OWNER\AppData\Roaming\Malwarebytes
    2012-01-02 21:34 . 2012-01-02 21:34 -------- d--h--w- c:\programdata\Malwarebytes
    2012-01-02 21:34 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-02 21:34 . 2012-01-02 21:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-01 23:08 . 2012-01-01 23:08 -------- d--h--w- c:\programdata\WindowsSearch
    2011-12-30 13:20 . 2011-10-15 08:53 919872 ----a-w- c:\windows\system32\nvdispco32.dll
    2011-12-30 13:20 . 2011-10-15 08:53 877376 ----a-w- c:\windows\system32\nvgenco32.dll
    2011-12-30 13:20 . 2011-10-15 08:53 61248 ----a-w- c:\windows\system32\OpenCL.dll
    2011-12-30 13:20 . 2011-10-15 08:53 18871616 ----a-w- c:\windows\system32\nvoglv32.dll
    2011-12-30 13:20 . 2011-10-15 08:53 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-12-30 13:20 . 2011-10-15 08:53 5578560 ----a-w- c:\windows\system32\nvcuda.dll
    2011-12-30 13:20 . 2011-10-15 08:53 2401088 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-12-30 13:20 . 2011-10-15 08:53 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-12-30 13:20 . 2011-10-15 08:53 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-12-29 01:54 . 2012-01-01 22:57 -------- d-----w- c:\users\UpdatusUser
    2011-12-29 01:54 . 2011-05-21 11:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
    2011-12-29 01:54 . 2011-10-15 08:53 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
    2011-12-29 01:48 . 2011-12-29 01:48 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL
    2011-12-29 01:48 . 2011-12-29 01:48 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT
    2011-12-29 01:48 . 2011-12-29 01:48 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE
    2011-12-29 01:48 . 2011-12-29 01:48 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR
    2011-12-29 01:48 . 2011-12-29 01:48 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES
    2011-12-17 22:45 . 2011-12-17 22:45 -------- d-----w- c:\program files\iPod
    2011-12-17 22:45 . 2011-12-17 22:46 -------- d-----w- c:\program files\iTunes
    2011-12-17 11:38 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-17 11:38 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-12-17 11:38 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-17 11:38 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-12-17 11:38 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-12-17 11:38 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-17 11:37 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-21 07:47 . 2010-08-30 22:19 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-15 08:53 . 2010-10-08 05:57 203072 ----a-w- c:\windows\system32\nvmctray.dll
    2011-10-15 08:53 . 2010-10-08 05:57 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-10-15 08:53 . 2010-10-08 05:57 6350144 ----a-w- c:\windows\system32\nvcpl.dll
    2011-10-15 08:53 . 2010-10-08 05:57 3840320 ----a-w- c:\windows\system32\nvsvc.dll
    2011-10-15 08:53 . 2010-04-04 02:55 7041856 ----a-w- c:\windows\system32\nvwgf2um.dll
    2011-10-15 08:53 . 2010-04-03 22:27 123712 ----a-w- c:\windows\system32\nvshext.dll
    2011-10-15 08:53 . 2007-04-26 08:17 2458432 ----a-w- c:\windows\system32\nvapi.dll
    2011-10-15 08:53 . 2007-04-26 08:17 13205312 ----a-w- c:\windows\system32\nvd3dum.dll
    2011-10-15 05:54 . 2011-10-15 05:54 321856 ----a-w- c:\windows\system32\nvStreaming.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{e413a417-d00b-4a3b-9c17-19048046f1ce}"= "c:\program files\johnqtv1\tbjohn.dll" [2007-12-19 1514520]
    .
    [HKEY_CLASSES_ROOT\clsid\{e413a417-d00b-4a3b-9c17-19048046f1ce}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e413a417-d00b-4a3b-9c17-19048046f1ce}]
    2007-12-19 20:53 1514520 ----a-w- c:\program files\johnqtv1\tbjohn.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{e413a417-d00b-4a3b-9c17-19048046f1ce}"= "c:\program files\johnqtv1\tbjohn.dll" [2007-12-19 1514520]
    .
    [HKEY_CLASSES_ROOT\clsid\{e413a417-d00b-4a3b-9c17-19048046f1ce}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{E413A417-D00B-4A3B-9C17-19048046F1CE}"= "c:\program files\johnqtv1\tbjohn.dll" [2007-12-19 1514520]
    .
    [HKEY_CLASSES_ROOT\clsid\{e413a417-d00b-4a3b-9c17-19048046f1ce}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "MoneyInsights"="c:\program files\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe" [2008-02-19 502800]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-15 39408]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "MusicManager"="c:\users\OWNER\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-11-30 13223936]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-06-15 4435968]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
    "Camera Assistant Software"="c:\program files\Camera Assistant Software for ViewSonic\traybar.exe" [2007-08-20 774144]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
    "USB2Check"="c:\windows\system32\PCLECoInst.dll" [2007-02-20 81920]
    "USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-06-23 244208]
    "DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2008-06-12 113136]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
    "VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2011-01-10 4318520]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Event Planner Reminder 2009.lnk - c:\windows\Installer\{7B1FF9C5-ABDE-4D1B-BE70-DF6A4A546131}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe [2009-11-22 243024]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
    Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2009-12-27 603504]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - MPKSL60434771
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-01 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-06 11:42]
    .
    2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 19:23]
    .
    2012-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 19:23]
    .
    2011-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4021511835-731674042-3818716740-1000Core.job
    - c:\users\OWNER\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-10 19:23]
    .
    2012-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4021511835-731674042-3818716740-1000UA.job
    - c:\users\OWNER\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-10 19:23]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.washingtonpost.com/
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
    DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-04 19:48
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2012-01-04 19:53:32
    ComboFix-quarantined-files.txt 2012-01-05 00:53
    .
    Pre-Run: 79,543,185,408 bytes free
    Post-Run: 80,382,103,552 bytes free
    .
    - - End Of File - - 58CBD99114DC16D32237B70936D9A53D
     
  11. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
     
  12. res0jh1y2

    res0jh1y2 TS Rookie Topic Starter Posts: 24

    Status of PC after running aswMBR and Combofix

    Again, thanks for your continued help.

    Here is the status after running aswMBR and Combofix. See logs in prior post. My PC restarts with a black screen, no desktop showing only sidebar widgets and bottom task bar. Running aswMBR and Combofix stopped the System Check pop ups with the errors and the "System Check Report" pop up. A System Check shortcut box in Quick Launch area says "Problem with shortcut. The item '7eGXsUa44RsITX.exe' that this shortcut refers to has been changed or moved so this shortcut is no longer working properly, Do you want to delete this shortcut? YES/No
     
  13. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Yes.
     
  14. res0jh1y2

    res0jh1y2 TS Rookie Topic Starter Posts: 24

    Bootkit Remover log

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    Thank-you for your continued help. I deleted the shortcut per your post and ran Bootkit Remover and have posted the data below.

    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  15. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Let's see, if we can recover your missing features.
    Download and run UnHide
    Let me know, if it worked.

    ==========================================================

    Re-run aswMBR one more time.
     
  16. res0jh1y2

    res0jh1y2 TS Rookie Topic Starter Posts: 24

    Results of Unhide and aswMBR re-run

    I ran UNHIDE. The Start Menu items and Quick Launch items are still missing and the Desktop screen is black with only widgets showing and Thumbnails in task bar. Unhide said to run again with anti-virus which I did.

    Results of aswMBR_run2_01052012.txt posted below

    aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-05 20:58:45
    -----------------------------
    20:58:45.158 OS Version: Windows 6.0.6002 Service Pack 2
    20:58:45.158 Number of processors: 2 586 0xF0B
    20:58:45.160 ComputerName: OWNER-PC-DEN UserName: OWNER
    20:59:10.475 Initialize success
    21:00:02.793 AVAST engine defs: 12010501
    21:06:11.952 The log file has been saved successfully to "C:\Users\OWNER\Documents\aswMBR_run2_01052012.txt"
     
  17. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

    • Double click on downloaded file to run it.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log (FRST.txt) on your desktop.
    • Please copy and paste it to your reply.
     
  18. res0jh1y2

    res0jh1y2 TS Rookie Topic Starter Posts: 24

    Results of FRST scan

    Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2
    Ran by OWNER at 2012-01-05 21:18:18
    Running from C:\Users\OWNER\Downloads
    Service Pack 2 (X86) OS Language: English(US)
    Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

    ========================== Registry (Whitelisted) =============

    HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
    HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
    HKLM\...\Winlogon: [Userinit] [x]
    HKLM\...\Winlogon: [Shell]

    ================================ Services (Whitelisted) ==================


    ========================== Drivers (Whitelisted) =============


    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============

    2012-01-05 21:17 - 2012-01-05 21:17 - 0858734 ____A C:\Users\OWNER\Downloads\FRST.exe
    2012-01-05 21:06 - 2012-01-05 21:06 - 0000492 ____A C:\Users\OWNER\Documents\aswMBR_run2_01052012.txt
    2012-01-05 20:39 - 2012-01-05 20:39 - 0684297 ____A C:\Users\OWNER\Downloads\unhide.exe
    2012-01-05 20:13 - 2012-01-05 20:13 - 0000514 ____A C:\Users\OWNER\Documents\Bootkit Remover.txt
    2012-01-05 20:11 - 2012-01-05 20:12 - 0000000 ____D C:\Users\OWNER\Downloads\bootkit_remover
    2012-01-05 20:09 - 2012-01-05 20:09 - 0044607 ____A C:\Users\OWNER\Downloads\bootkit_remover.zip
    2012-01-04 20:04 - 2012-01-05 20:23 - 0000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
    2012-01-04 19:54 - 2012-01-04 19:54 - 0013558 ____A C:\Users\OWNER\Documents\combofix.txt
    2012-01-04 19:53 - 2012-01-04 19:53 - 0013558 ____A C:\ComboFix.txt
    2012-01-04 19:53 - 2012-01-04 19:53 - 0000000 __SHD C:\$RECYCLE.BIN
    2012-01-04 19:38 - 2012-01-04 19:53 - 0000000 ____D C:\Qoobox
    2012-01-04 19:38 - 2012-01-04 19:49 - 0000000 ____D C:\Windows\ERDNT
    2012-01-04 19:38 - 2011-06-26 01:45 - 0256000 ____A C:\Windows\PEV.exe
    2012-01-04 19:38 - 2010-11-07 12:20 - 0208896 ____A C:\Windows\MBR.exe
    2012-01-04 19:38 - 2009-04-19 23:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-01-04 19:38 - 2000-08-30 19:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-01-04 19:38 - 2000-08-30 19:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-01-04 19:38 - 2000-08-30 19:00 - 0098816 ____A C:\Windows\sed.exe
    2012-01-04 19:38 - 2000-08-30 19:00 - 0080412 ____A C:\Windows\grep.exe
    2012-01-04 19:38 - 2000-08-30 19:00 - 0068096 ____A C:\Windows\zip.exe
    2012-01-04 19:31 - 2012-01-04 19:31 - 4370643 ____R (Swearware) C:\Users\OWNER\Downloads\ComboFix.exe
    2012-01-04 19:30 - 2012-01-04 19:30 - 0000478 ____A C:\Users\OWNER\Documents\aswMBR.txt
    2012-01-04 18:58 - 2012-01-04 19:02 - 4704768 ____A (AVAST Software) C:\Users\OWNER\Downloads\aswMBR.exe
    2012-01-02 22:23 - 2012-01-02 22:23 - 0138716 ____A C:\Users\OWNER\Documents\GMER log.txt
    2012-01-02 22:20 - 2012-01-02 22:20 - 0138716 ____A C:\Users\OWNER\Documents\GMAR.log
    2012-01-02 19:49 - 2012-01-02 19:49 - 0025633 ____A C:\Users\OWNER\Documents\DDS.txt
    2012-01-02 19:48 - 2012-01-02 19:48 - 0018830 ____A C:\Users\OWNER\Documents\Attach.txt
    2012-01-02 19:41 - 2012-01-02 19:41 - 0607017 ____A (Swearware) C:\Users\OWNER\Downloads\dds.pif
    2012-01-02 19:16 - 2012-01-02 19:16 - 0302592 ____A C:\Users\OWNER\Downloads\crppjugr.exe
    2012-01-02 18:09 - 2012-01-02 18:09 - 0000000 ____D C:\Users\OWNER\AppData\Local\{7298B8D8-C1FB-4AF3-B595-D9CF9287E74D}
    2012-01-02 18:09 - 2012-01-02 18:09 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3DDB63DB-EB9A-4F01-B115-78E2C88F20A3}
    2012-01-02 18:07 - 2012-01-05 20:23 - 3485249536 __ASH C:\hiberfil.sys
    2012-01-02 16:34 - 2012-01-02 16:34 - 0000000 ____D C:\Users\OWNER\AppData\Roaming\Malwarebytes
    2012-01-02 16:34 - 2012-01-02 16:34 - 0000000 ____D C:\Users\All Users\Malwarebytes
    2012-01-02 16:34 - 2012-01-02 16:34 - 0000000 ____D C:\ProgramData\Malwarebytes
    2012-01-02 16:34 - 2012-01-02 16:34 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2012-01-02 16:34 - 2011-12-10 15:24 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-01-02 16:26 - 2012-01-02 16:26 - 0049200 ____A C:\Windows\ntbtlog.txt
    2012-01-01 20:01 - 2012-01-01 20:01 - 0000000 ____D C:\Users\OWNER\AppData\Local\{B7FFD582-75BF-4597-A6F2-4EEB04D6451E}
    2012-01-01 20:01 - 2012-01-01 20:01 - 0000000 ____D C:\Users\OWNER\AppData\Local\{418E58D4-1348-4FAE-B094-9468DCCF0E5E}
    2012-01-01 18:08 - 2012-01-01 18:08 - 0000000 ____D C:\Users\All Users\WindowsSearch
    2012-01-01 18:08 - 2012-01-01 18:08 - 0000000 ____D C:\ProgramData\WindowsSearch
    2012-01-01 08:00 - 2012-01-01 08:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\{F0F78033-C146-405C-9F9D-A89066AD9605}
    2012-01-01 08:00 - 2012-01-01 08:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3799A976-DD16-4697-AAFB-E6AF0CE27E56}
    2011-12-31 17:54 - 2011-12-31 17:54 - 0517728 ____A C:\Users\OWNER\Documents\NewYearWish2012.pdf
    2011-12-31 17:54 - 2011-12-31 17:54 - 0368640 ____A C:\Users\OWNER\Documents\NewYearWish2012.pdf.pra
    2011-12-31 11:02 - 2011-12-31 11:02 - 0029182 ____A C:\Users\OWNER\Downloads\Download.csv
    2011-12-31 10:38 - 2011-12-31 10:38 - 0000000 ____D C:\Users\OWNER\AppData\Local\{CB731A8F-7714-42A8-91BE-D1EE7C943516}
    2011-12-31 10:37 - 2011-12-31 10:38 - 0000000 ____D C:\Users\OWNER\AppData\Local\{D17A7992-834E-4D0A-A026-7FCA624949DC}
    2011-12-30 19:45 - 2011-12-30 19:45 - 0000000 ____D C:\Users\OWNER\AppData\Local\{0E15062F-3981-40A8-8AD9-A02FC52BB1B1}
    2011-12-30 19:45 - 2011-12-30 19:45 - 0000000 ____D C:\Users\OWNER\AppData\Local\{04CDFF29-AC6B-40BE-9C28-13AE5CE57F1F}
    2011-12-30 09:32 - 2011-12-30 11:02 - 0015456 ____A C:\Users\OWNER\Documents\leadership.docx
    2011-12-30 08:20 - 2011-10-15 03:53 - 5578560 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2011-12-30 08:20 - 2011-10-15 03:53 - 2401088 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2011-12-30 08:20 - 2011-10-15 03:53 - 2099520 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2011-12-30 08:20 - 2011-10-15 03:53 - 18871616 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
    2011-12-30 08:20 - 2011-10-15 03:53 - 17248576 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2011-12-30 08:20 - 2011-10-15 03:53 - 10327360 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2011-12-30 08:20 - 2011-10-15 03:53 - 0919872 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
    2011-12-30 08:20 - 2011-10-15 03:53 - 0877376 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
    2011-12-30 08:20 - 2011-10-15 03:53 - 0061248 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
    2011-12-30 07:44 - 2011-12-30 07:44 - 0000000 ____D C:\Users\OWNER\AppData\Local\{8B3DD721-61BF-4C9A-9154-7702642CE903}
    2011-12-30 07:44 - 2011-12-30 07:44 - 0000000 ____D C:\Users\OWNER\AppData\Local\{008C5F84-D810-4062-BB93-E2E3D6EA94C4}
    2011-12-29 13:17 - 2011-12-29 13:18 - 0000000 ____D C:\Users\OWNER\Documents\Allstate
    2011-12-29 11:18 - 2011-12-28 10:52 - 2236845 ____A C:\Users\OWNER\Documents\DSC00012.JPG
    2011-12-29 11:18 - 2011-12-28 10:52 - 2205667 ____A C:\Users\OWNER\Documents\DSC00011.JPG
    2011-12-29 11:18 - 2011-12-28 10:51 - 1901949 ____A C:\Users\OWNER\Documents\DSC00010.JPG
    2011-12-29 11:18 - 2011-12-28 10:50 - 2354554 ____A C:\Users\OWNER\Documents\DSC00007.JPG
    2011-12-29 11:18 - 2011-12-28 10:50 - 2089400 ____A C:\Users\OWNER\Documents\DSC00008.JPG
    2011-12-29 11:18 - 2011-12-28 10:50 - 1850996 ____A C:\Users\OWNER\Documents\DSC00009.JPG
    2011-12-29 11:18 - 2011-12-28 10:49 - 2299025 ____A C:\Users\OWNER\Documents\DSC00006.JPG
    2011-12-29 11:13 - 2012-01-01 10:52 - 0000000 ____D C:\Users\OWNER\Documents\Hall Bath
    2011-12-29 10:07 - 2011-12-29 10:08 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3C309ADD-8A53-4547-A842-2AFD25B103EA}
    2011-12-29 10:07 - 2011-12-29 10:07 - 0000000 ____D C:\Users\OWNER\AppData\Local\{2F8E11C8-D6E2-4B3F-92F0-5BCE7AEE3694}
    2011-12-28 20:54 - 2012-01-01 17:57 - 0000000 ____D C:\users\UpdatusUser
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\Templates
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\Start Menu
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\PrintHood
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\NetHood
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\My Documents
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Videos
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Pictures
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Music
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\History
    2011-12-28 20:54 - 2011-10-15 03:53 - 0602432 ____A (NVIDIA Corporation) C:\Windows\System32\easyupdatusapiu.dll
    2011-12-28 20:54 - 2011-05-21 06:01 - 2560616 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
    2011-12-28 20:54 - 2009-12-31 14:24 - 0000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Macromedia
    2011-12-28 20:54 - 2007-10-05 22:26 - 0000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help
    2011-12-28 20:54 - 2006-11-02 07:37 - 0000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Media Center Programs
    2011-12-28 19:29 - 2011-12-28 19:29 - 0003120 ____A C:\Windows\System32\ALLFSAF8a.ocx
    2011-12-28 09:35 - 2011-12-28 09:35 - 0000000 ____D C:\Users\OWNER\AppData\Local\{EFC84986-05D8-4D1F-A9AD-D89F26DC3E9B}
    2011-12-28 09:35 - 2011-12-28 09:35 - 0000000 ____D C:\Users\OWNER\AppData\Local\{7F7F0E3E-7D31-41F5-9C67-62177DF216BF}
    2011-12-27 19:27 - 2011-12-27 19:27 - 0000000 ____D C:\Users\OWNER\AppData\Local\{6ABA2B91-8FC8-496B-A1DD-2CFCD6667657}
    2011-12-27 19:27 - 2011-12-27 19:27 - 0000000 ____D C:\Users\OWNER\AppData\Local\{2D99B19E-9AF2-4EB9-8B4C-372C3756AAD4}
    2011-12-27 07:26 - 2011-12-27 07:27 - 0000000 ____D C:\Users\OWNER\AppData\Local\{E0082879-7A31-4211-87B5-70FB68931B3E}
    2011-12-27 07:26 - 2011-12-27 07:26 - 0000000 ____D C:\Users\OWNER\AppData\Local\{E8793C07-5B7A-4BE8-A314-AE7429B6816D}
    2011-12-26 16:12 - 2011-12-26 16:12 - 0000000 ____D C:\Users\OWNER\AppData\Local\{9607B1CC-472C-4E23-8B18-CF7F6934314E}
    2011-12-26 16:12 - 2011-12-26 16:12 - 0000000 ____D C:\Users\OWNER\AppData\Local\{15AAF5A9-F8B3-4757-B0D1-8D0FAA8CABCF}
    2011-12-23 08:45 - 2011-12-23 08:45 - 0000000 ____D C:\Users\OWNER\AppData\Local\{C2536868-B2E9-4A5B-BD59-D009E562A8B9}
    2011-12-23 08:45 - 2011-12-23 08:45 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3A082929-01A2-4F19-BE6D-62013731A2F1}
    2011-12-22 17:39 - 2011-12-22 17:40 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3C2FD598-EF72-49E9-ADA7-D0A4DD06B84C}
    2011-12-22 17:39 - 2011-12-22 17:39 - 0000000 ____D C:\Users\OWNER\AppData\Local\{20BA3FC1-F841-412C-8D2F-A76CA6E6A8D9}
    2011-12-21 18:11 - 2011-12-21 18:12 - 0000000 ____D C:\Users\OWNER\AppData\Local\{7AF92889-7DD8-4E9A-AAAD-71E69F84E710}
    2011-12-21 18:11 - 2011-12-21 18:11 - 0000000 ____D C:\Users\OWNER\AppData\Local\{B5AA8C0F-E017-4728-812E-CD0E426593B9}
    2011-12-21 06:11 - 2011-12-21 06:11 - 0000000 ____D C:\Users\OWNER\AppData\Local\{90F8E8DF-E2CE-44FE-A1E1-980B3B710C04}
    2011-12-21 06:10 - 2011-12-21 06:10 - 0000000 ____D C:\Users\OWNER\AppData\Local\{4026FEBA-291A-4C51-AFA2-49C41C4ED3C1}
    2011-12-19 10:16 - 2011-12-19 10:17 - 0000000 ____D C:\Users\OWNER\AppData\Local\{76548B33-D73A-494C-B6F7-E8AA68B05BA4}
    2011-12-19 10:16 - 2011-12-19 10:16 - 0000000 ____D C:\Users\OWNER\AppData\Local\{CC925330-7BFA-421B-9816-4B4F9D748AAC}
    2011-12-18 17:15 - 2011-12-18 17:16 - 0000000 ____D C:\Users\OWNER\AppData\Local\{65615064-A1EB-400A-9664-F0FAFB1AA476}
    2011-12-18 17:15 - 2011-12-18 17:15 - 0000000 ____D C:\Users\OWNER\AppData\Local\{85C4E1B8-1F3D-43F9-A9B3-F3797DF82074}
    2011-12-17 18:29 - 2011-11-03 18:02 - 12279808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2011-12-17 18:29 - 2011-11-03 17:47 - 1798144 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2011-12-17 18:29 - 2011-11-03 17:46 - 9705472 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2011-12-17 18:29 - 2011-11-03 17:40 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2011-12-17 18:29 - 2011-11-03 17:40 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2011-12-17 18:29 - 2011-11-03 17:39 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2011-12-17 18:29 - 2011-11-03 17:38 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2011-12-17 18:29 - 2011-11-03 17:37 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2011-12-17 18:29 - 2011-11-03 17:34 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2011-12-17 18:29 - 2011-11-03 17:32 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2011-12-17 18:29 - 2011-11-03 17:32 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2011-12-17 18:29 - 2011-11-03 17:31 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2011-12-17 18:29 - 2011-11-03 17:28 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2011-12-17 17:45 - 2011-12-17 17:46 - 0000000 ____D C:\Program Files\iTunes
    2011-12-17 17:45 - 2011-12-17 17:45 - 0000000 ____D C:\Program Files\iPod
    2011-12-17 09:20 - 2011-12-17 09:24 - 0330034 ____A C:\Users\OWNER\Documents\Daniela_12_Birthday2011.pdf
    2011-12-17 08:41 - 2011-12-17 08:41 - 0131735 ____A C:\Users\OWNER\Downloads\RAV4_driver_side_windshiel_trim.jpg
    2011-12-17 06:38 - 2011-11-23 08:37 - 2043904 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2011-12-17 06:38 - 2011-10-27 03:01 - 3602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2011-12-17 06:38 - 2011-10-27 03:01 - 3550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2011-12-17 06:38 - 2011-10-25 10:56 - 0049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2011-12-17 06:38 - 2011-10-14 11:02 - 0429056 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2011-12-17 06:37 - 2011-11-08 09:42 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2011-12-17 06:31 - 2011-12-17 06:31 - 0000000 ____D C:\Users\OWNER\AppData\Local\{77E37575-15D1-4DE6-AEB3-C32E983FB55C}
    2011-12-17 06:31 - 2011-12-17 06:31 - 0000000 ____D C:\Users\OWNER\AppData\Local\{0BCDEFBC-4B83-450C-AE1E-76D3B1B4ECF1}
    2011-12-11 10:00 - 2011-12-11 10:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\{108E2AE0-100C-48FF-B71F-10EB24388C35}
    2011-12-11 10:00 - 2011-12-11 10:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\{0D3C7A68-D8C3-4946-B311-4A6525A98379}


    ============ 3 Months Modified Files and Folders ===============

    2012-01-05 21:18 - 2012-01-05 21:18 - 0000000 ____D C:\FRST
    2012-01-05 21:17 - 2012-01-05 21:17 - 0858734 ____A C:\Users\OWNER\Downloads\FRST.exe
    2012-01-05 21:10 - 2009-12-31 14:23 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-01-05 21:06 - 2012-01-05 21:06 - 0000492 ____A C:\Users\OWNER\Documents\aswMBR_run2_01052012.txt
    2012-01-05 20:41 - 2010-02-09 21:22 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4021511835-731674042-3818716740-1000UA.job
    2012-01-05 20:39 - 2012-01-05 20:39 - 0684297 ____A C:\Users\OWNER\Downloads\unhide.exe
    2012-01-05 20:33 - 2008-06-01 10:31 - 0000000 ____D C:\Users\OWNER\Audio Books
    2012-01-05 20:29 - 2006-11-02 05:33 - 0719248 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-01-05 20:27 - 2006-11-02 07:52 - 1883082 ____A C:\Windows\WindowsUpdate.log
    2012-01-05 20:23 - 2012-01-04 20:04 - 0000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
    2012-01-05 20:23 - 2012-01-02 18:07 - 3485249536 __ASH C:\hiberfil.sys
    2012-01-05 20:23 - 2009-12-31 14:23 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-01-05 20:23 - 2007-09-29 07:58 - 0000000 ____D C:\Users\All Users\NVIDIA
    2012-01-05 20:23 - 2007-09-29 07:58 - 0000000 ____D C:\ProgramData\NVIDIA
    2012-01-05 20:23 - 2006-11-02 08:01 - 0000006 ____A C:\Windows\Tasks\SA.DAT
    2012-01-05 20:23 - 2006-11-02 07:47 - 0004176 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-01-05 20:23 - 2006-11-02 07:47 - 0004176 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-01-05 20:20 - 2006-11-02 08:01 - 0032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-01-05 20:13 - 2012-01-05 20:13 - 0000514 ____A C:\Users\OWNER\Documents\Bootkit Remover.txt
    2012-01-05 20:12 - 2012-01-05 20:11 - 0000000 ____D C:\Users\OWNER\Downloads\bootkit_remover
    2012-01-05 20:09 - 2012-01-05 20:09 - 0044607 ____A C:\Users\OWNER\Downloads\bootkit_remover.zip
    2012-01-04 20:03 - 2007-09-29 07:58 - 0076410 ____A C:\Windows\PFRO.log
    2012-01-04 19:54 - 2012-01-04 19:54 - 0013558 ____A C:\Users\OWNER\Documents\combofix.txt
    2012-01-04 19:53 - 2012-01-04 19:53 - 0013558 ____A C:\ComboFix.txt
    2012-01-04 19:53 - 2012-01-04 19:53 - 0000000 __SHD C:\$RECYCLE.BIN
    2012-01-04 19:53 - 2012-01-04 19:38 - 0000000 ____D C:\Qoobox
    2012-01-04 19:53 - 2006-11-02 06:18 - 0000000 ___RD C:\users\Public
    2012-01-04 19:53 - 2006-11-02 06:18 - 0000000 ___RD C:\users\Default
    2012-01-04 19:49 - 2012-01-04 19:38 - 0000000 ____D C:\Windows\ERDNT
    2012-01-04 19:48 - 2006-11-02 05:23 - 0000215 ____A C:\Windows\system.ini
    2012-01-04 19:48 - 2006-11-02 05:23 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
    2012-01-04 19:47 - 2007-09-28 17:31 - 0000000 ____D C:\users\OWNER
    2012-01-04 19:31 - 2012-01-04 19:31 - 4370643 ____R (Swearware) C:\Users\OWNER\Downloads\ComboFix.exe
    2012-01-04 19:30 - 2012-01-04 19:30 - 0000478 ____A C:\Users\OWNER\Documents\aswMBR.txt
    2012-01-04 19:02 - 2012-01-04 18:58 - 4704768 ____A (AVAST Software) C:\Users\OWNER\Downloads\aswMBR.exe
    2012-01-04 18:51 - 2008-12-12 19:04 - 0000000 ____D C:\Users\OWNER\Tracing
    2012-01-02 22:23 - 2012-01-02 22:23 - 0138716 ____A C:\Users\OWNER\Documents\GMER log.txt
    2012-01-02 22:20 - 2012-01-02 22:20 - 0138716 ____A C:\Users\OWNER\Documents\GMAR.log
    2012-01-02 19:49 - 2012-01-02 19:49 - 0025633 ____A C:\Users\OWNER\Documents\DDS.txt
    2012-01-02 19:48 - 2012-01-02 19:48 - 0018830 ____A C:\Users\OWNER\Documents\Attach.txt
    2012-01-02 19:41 - 2012-01-02 19:41 - 0607017 ____A (Swearware) C:\Users\OWNER\Downloads\dds.pif
    2012-01-02 19:16 - 2012-01-02 19:16 - 0302592 ____A C:\Users\OWNER\Downloads\crppjugr.exe
    2012-01-02 18:09 - 2012-01-02 18:09 - 0000000 ____D C:\Users\OWNER\AppData\Local\{7298B8D8-C1FB-4AF3-B595-D9CF9287E74D}
    2012-01-02 18:09 - 2012-01-02 18:09 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3DDB63DB-EB9A-4F01-B115-78E2C88F20A3}
    2012-01-02 18:09 - 2010-10-24 07:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\Windows Live
    2012-01-02 18:05 - 2011-01-01 11:41 - 0000000 ____D C:\Users\OWNER\AppData\Roaming\Apple Computer
    2012-01-02 16:34 - 2012-01-02 16:34 - 0000000 ____D C:\Users\OWNER\AppData\Roaming\Malwarebytes
    2012-01-02 16:34 - 2012-01-02 16:34 - 0000000 ____D C:\Users\All Users\Malwarebytes
    2012-01-02 16:34 - 2012-01-02 16:34 - 0000000 ____D C:\ProgramData\Malwarebytes
    2012-01-02 16:34 - 2012-01-02 16:34 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2012-01-02 16:31 - 2007-09-28 17:31 - 0002032 ____A C:\Users\OWNER\AppData\Local\d3d9caps.dat
    2012-01-02 16:26 - 2012-01-02 16:26 - 0049200 ____A C:\Windows\ntbtlog.txt
    2012-01-01 20:01 - 2012-01-01 20:01 - 0000000 ____D C:\Users\OWNER\AppData\Local\{B7FFD582-75BF-4597-A6F2-4EEB04D6451E}
    2012-01-01 20:01 - 2012-01-01 20:01 - 0000000 ____D C:\Users\OWNER\AppData\Local\{418E58D4-1348-4FAE-B094-9468DCCF0E5E}
    2012-01-01 18:42 - 2009-03-28 07:59 - 0000868 ____A C:\Windows\Tasks\Google Software Updater.job
    2012-01-01 18:08 - 2012-01-01 18:08 - 0000000 ____D C:\Users\All Users\WindowsSearch
    2012-01-01 18:08 - 2012-01-01 18:08 - 0000000 ____D C:\ProgramData\WindowsSearch
    2012-01-01 18:04 - 2006-11-02 06:18 - 0000000 ____D C:\Windows\System32\config\TxR
    2012-01-01 17:59 - 2006-11-02 06:18 - 0000000 ____D C:\Windows\System32\Msdtc
    2012-01-01 17:57 - 2011-12-28 20:54 - 0000000 ____D C:\users\UpdatusUser
    2012-01-01 17:57 - 2006-11-02 06:18 - 0000000 ____D C:\Windows\System32\spool
    2012-01-01 17:57 - 2006-11-02 06:18 - 0000000 ____D C:\Windows\registration
    2012-01-01 17:57 - 2006-11-02 05:22 - 62652416 ____A C:\Windows\System32\config\software_previous
    2012-01-01 17:57 - 2006-11-02 05:22 - 40370176 ____A C:\Windows\System32\config\components_previous
    2012-01-01 17:57 - 2006-11-02 05:22 - 22020096 ____A C:\Windows\System32\config\system_previous
    2012-01-01 17:57 - 2006-11-02 05:22 - 0524288 ____A C:\Windows\System32\config\default_previous
    2012-01-01 17:57 - 2006-11-02 05:22 - 0262144 ____A C:\Windows\System32\config\security_previous
    2012-01-01 17:57 - 2006-11-02 05:22 - 0262144 ____A C:\Windows\System32\config\sam_previous
    2012-01-01 10:52 - 2011-12-29 11:13 - 0000000 ____D C:\Users\OWNER\Documents\Hall Bath
    2012-01-01 08:00 - 2012-01-01 08:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\{F0F78033-C146-405C-9F9D-A89066AD9605}
    2012-01-01 08:00 - 2012-01-01 08:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3799A976-DD16-4697-AAFB-E6AF0CE27E56}
    2011-12-31 20:09 - 2009-12-29 07:51 - 0000000 ____D C:\Users\OWNER\Documents\Financial
    2011-12-31 17:54 - 2011-12-31 17:54 - 0517728 ____A C:\Users\OWNER\Documents\NewYearWish2012.pdf
    2011-12-31 17:54 - 2011-12-31 17:54 - 0368640 ____A C:\Users\OWNER\Documents\NewYearWish2012.pdf.pra
    2011-12-31 11:02 - 2011-12-31 11:02 - 0029182 ____A C:\Users\OWNER\Downloads\Download.csv
    2011-12-31 10:38 - 2011-12-31 10:38 - 0000000 ____D C:\Users\OWNER\AppData\Local\{CB731A8F-7714-42A8-91BE-D1EE7C943516}
    2011-12-31 10:38 - 2011-12-31 10:37 - 0000000 ____D C:\Users\OWNER\AppData\Local\{D17A7992-834E-4D0A-A026-7FCA624949DC}
    2011-12-30 19:45 - 2011-12-30 19:45 - 0000000 ____D C:\Users\OWNER\AppData\Local\{0E15062F-3981-40A8-8AD9-A02FC52BB1B1}
    2011-12-30 19:45 - 2011-12-30 19:45 - 0000000 ____D C:\Users\OWNER\AppData\Local\{04CDFF29-AC6B-40BE-9C28-13AE5CE57F1F}
    2011-12-30 11:02 - 2011-12-30 09:32 - 0015456 ____A C:\Users\OWNER\Documents\leadership.docx
    2011-12-30 08:22 - 2007-09-29 08:01 - 0000000 ____D C:\Program Files\NVIDIA Corporation
    2011-12-30 07:44 - 2011-12-30 07:44 - 0000000 ____D C:\Users\OWNER\AppData\Local\{8B3DD721-61BF-4C9A-9154-7702642CE903}
    2011-12-30 07:44 - 2011-12-30 07:44 - 0000000 ____D C:\Users\OWNER\AppData\Local\{008C5F84-D810-4062-BB93-E2E3D6EA94C4}
    2011-12-29 13:18 - 2011-12-29 13:17 - 0000000 ____D C:\Users\OWNER\Documents\Allstate
    2011-12-29 10:13 - 2006-11-02 06:18 - 0000000 ____D C:\Windows\Microsoft.NET
    2011-12-29 10:08 - 2011-12-29 10:07 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3C309ADD-8A53-4547-A842-2AFD25B103EA}
    2011-12-29 10:07 - 2011-12-29 10:07 - 0000000 ____D C:\Users\OWNER\AppData\Local\{2F8E11C8-D6E2-4B3F-92F0-5BCE7AEE3694}
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\Templates
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\Start Menu
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\PrintHood
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\NetHood
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\My Documents
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Videos
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Pictures
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Music
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files
    2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\History
    2011-12-28 20:52 - 2007-09-29 08:07 - 0000000 ____D C:\Users\All Users\Microsoft Help
    2011-12-28 20:52 - 2007-09-29 08:07 - 0000000 ____D C:\ProgramData\Microsoft Help
    2011-12-28 20:51 - 2006-11-02 06:18 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
    2011-12-28 20:49 - 2007-11-18 11:55 - 0000000 ____D C:\Program Files\Zune
    2011-12-28 20:48 - 2006-11-02 07:52 - 0113299 ____A C:\Windows\setupact.log
    2011-12-28 19:29 - 2011-12-28 19:29 - 0003120 ____A C:\Windows\System32\ALLFSAF8a.ocx
    2011-12-28 19:28 - 2007-10-05 21:25 - 0000000 ____D C:\Users\All Users\Google
    2011-12-28 19:28 - 2007-10-05 21:25 - 0000000 ____D C:\ProgramData\Google
    2011-12-28 19:28 - 2007-10-05 21:25 - 0000000 ____D C:\Program Files\Google
    2011-12-28 10:52 - 2011-12-29 11:18 - 2236845 ____A C:\Users\OWNER\Documents\DSC00012.JPG
    2011-12-28 10:52 - 2011-12-29 11:18 - 2205667 ____A C:\Users\OWNER\Documents\DSC00011.JPG
    2011-12-28 10:51 - 2011-12-29 11:18 - 1901949 ____A C:\Users\OWNER\Documents\DSC00010.JPG
    2011-12-28 10:50 - 2011-12-29 11:18 - 2354554 ____A C:\Users\OWNER\Documents\DSC00007.JPG
    2011-12-28 10:50 - 2011-12-29 11:18 - 2089400 ____A C:\Users\OWNER\Documents\DSC00008.JPG
    2011-12-28 10:50 - 2011-12-29 11:18 - 1850996 ____A C:\Users\OWNER\Documents\DSC00009.JPG
    2011-12-28 10:49 - 2011-12-29 11:18 - 2299025 ____A C:\Users\OWNER\Documents\DSC00006.JPG
    2011-12-28 09:35 - 2011-12-28 09:35 - 0000000 ____D C:\Users\OWNER\AppData\Local\{EFC84986-05D8-4D1F-A9AD-D89F26DC3E9B}
    2011-12-28 09:35 - 2011-12-28 09:35 - 0000000 ____D C:\Users\OWNER\AppData\Local\{7F7F0E3E-7D31-41F5-9C67-62177DF216BF}
    2011-12-27 19:27 - 2011-12-27 19:27 - 0000000 ____D C:\Users\OWNER\AppData\Local\{6ABA2B91-8FC8-496B-A1DD-2CFCD6667657}
    2011-12-27 19:27 - 2011-12-27 19:27 - 0000000 ____D C:\Users\OWNER\AppData\Local\{2D99B19E-9AF2-4EB9-8B4C-372C3756AAD4}
    2011-12-27 11:49 - 2008-02-17 17:29 - 0000000 ____D C:\Users\OWNER\Documents\Aetna
    2011-12-27 07:41 - 2010-02-09 21:21 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4021511835-731674042-3818716740-1000Core.job
    2011-12-27 07:27 - 2011-12-27 07:26 - 0000000 ____D C:\Users\OWNER\AppData\Local\{E0082879-7A31-4211-87B5-70FB68931B3E}
    2011-12-27 07:26 - 2011-12-27 07:26 - 0000000 ____D C:\Users\OWNER\AppData\Local\{E8793C07-5B7A-4BE8-A314-AE7429B6816D}
    2011-12-26 16:29 - 2007-10-06 07:27 - 0121344 ____A C:\Users\OWNER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-12-26 16:12 - 2011-12-26 16:12 - 0000000 ____D C:\Users\OWNER\AppData\Local\{9607B1CC-472C-4E23-8B18-CF7F6934314E}
    2011-12-26 16:12 - 2011-12-26 16:12 - 0000000 ____D C:\Users\OWNER\AppData\Local\{15AAF5A9-F8B3-4757-B0D1-8D0FAA8CABCF}
    2011-12-23 08:47 - 2009-12-27 12:48 - 0000000 ____D C:\Users\OWNER\Documents\Recipes
    2011-12-23 08:45 - 2011-12-23 08:45 - 0000000 ____D C:\Users\OWNER\AppData\Local\{C2536868-B2E9-4A5B-BD59-D009E562A8B9}
    2011-12-23 08:45 - 2011-12-23 08:45 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3A082929-01A2-4F19-BE6D-62013731A2F1}
    2011-12-22 17:40 - 2011-12-22 17:39 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3C2FD598-EF72-49E9-ADA7-D0A4DD06B84C}
    2011-12-22 17:39 - 2011-12-22 17:39 - 0000000 ____D C:\Users\OWNER\AppData\Local\{20BA3FC1-F841-412C-8D2F-A76CA6E6A8D9}
    2011-12-21 18:12 - 2011-12-21 18:11 - 0000000 ____D C:\Users\OWNER\AppData\Local\{7AF92889-7DD8-4E9A-AAAD-71E69F84E710}
    2011-12-21 18:11 - 2011-12-21 18:11 - 0000000 ____D C:\Users\OWNER\AppData\Local\{B5AA8C0F-E017-4728-812E-CD0E426593B9}
    2011-12-21 06:11 - 2011-12-21 06:11 - 0000000 ____D C:\Users\OWNER\AppData\Local\{90F8E8DF-E2CE-44FE-A1E1-980B3B710C04}
    2011-12-21 06:10 - 2011-12-21 06:10 - 0000000 ____D C:\Users\OWNER\AppData\Local\{4026FEBA-291A-4C51-AFA2-49C41C4ED3C1}
    2011-12-19 17:16 - 2009-12-13 17:03 - 0205408 ____A C:\Users\OWNER\Documents\ChristmasCardList.docx
    2011-12-19 10:17 - 2011-12-19 10:16 - 0000000 ____D C:\Users\OWNER\AppData\Local\{76548B33-D73A-494C-B6F7-E8AA68B05BA4}
    2011-12-19 10:16 - 2011-12-19 10:16 - 0000000 ____D C:\Users\OWNER\AppData\Local\{CC925330-7BFA-421B-9816-4B4F9D748AAC}
    2011-12-18 18:05 - 2006-11-02 06:18 - 0000000 ___SD C:\Windows\Downloaded Program Files
    2011-12-18 17:32 - 2006-11-02 06:18 - 0000000 ____D C:\Windows\rescache
    2011-12-18 17:16 - 2011-12-18 17:15 - 0000000 ____D C:\Users\OWNER\AppData\Local\{65615064-A1EB-400A-9664-F0FAFB1AA476}
    2011-12-18 17:15 - 2011-12-18 17:15 - 0000000 ____D C:\Users\OWNER\AppData\Local\{85C4E1B8-1F3D-43F9-A9B3-F3797DF82074}
    2011-12-18 17:12 - 2006-11-02 07:47 - 0513032 ____A C:\Windows\System32\FNTCACHE.DAT
    2011-12-17 17:46 - 2011-12-17 17:45 - 0000000 ____D C:\Program Files\iTunes
    2011-12-17 17:45 - 2011-12-17 17:45 - 0000000 ____D C:\Program Files\iPod
    2011-12-17 17:45 - 2010-06-09 19:36 - 0000000 ____D C:\Program Files\Common Files\Apple
    2011-12-17 09:24 - 2011-12-17 09:20 - 0330034 ____A C:\Users\OWNER\Documents\Daniela_12_Birthday2011.pdf
    2011-12-17 09:14 - 2009-11-23 14:39 - 0000054 ____A C:\Users\OWNER\Documents\Hallmark Card Studio Trial Edition 2009.txt
    2011-12-17 08:41 - 2011-12-17 08:41 - 0131735 ____A C:\Users\OWNER\Downloads\RAV4_driver_side_windshiel_trim.jpg
    2011-12-17 06:52 - 2007-10-05 21:53 - 0000000 ____D C:\Users\OWNER\AppData\Local\Google
    2011-12-17 06:31 - 2011-12-17 06:31 - 0000000 ____D C:\Users\OWNER\AppData\Local\{77E37575-15D1-4DE6-AEB3-C32E983FB55C}
    2011-12-17 06:31 - 2011-12-17 06:31 - 0000000 ____D C:\Users\OWNER\AppData\Local\{0BCDEFBC-4B83-450C-AE1E-76D3B1B4ECF1}
    2011-12-11 10:00 - 2011-12-11 10:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\{108E2AE0-100C-48FF-B71F-10EB24388C35}
    2011-12-11 10:00 - 2011-12-11 10:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\{0D3C7A68-D8C3-4946-B311-4A6525A98379}
    2011-12-10 15:24 - 2012-01-02 16:34 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2011-12-07 11:44 - 2006-11-02 05:24 - 52988224 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2011-12-04 15:33 - 2011-12-04 15:33 - 0606528 ____A (Google Inc.) C:\Users\OWNER\Downloads\musicmanagerinstaller.exe
    2011-12-04 12:49 - 2011-12-04 12:48 - 0000000 ____D C:\Users\OWNER\AppData\Local\{F58FF0C0-AB62-4B1E-9931-28FDE618A3E4}
    2011-12-04 12:48 - 2011-12-04 12:48 - 0000000 ____D C:\Users\OWNER\AppData\Local\{EFD557A4-C050-489E-9329-5DD59461EC13}
    2011-12-03 12:46 - 2007-09-29 08:07 - 0000000 ____D C:\Users\OWNER\AppData\Local\Microsoft Help
    2011-12-03 12:26 - 2011-01-30 18:01 - 0001245 ____A C:\Windows\System32\mapisvc.inf
    2011-12-03 12:26 - 2011-01-30 18:01 - 0000000 ____D C:\Program Files\Safari
    2011-12-03 11:39 - 2011-12-03 11:39 - 0000000 ____D C:\Users\OWNER\AppData\Local\{360F0CF9-5860-4649-9C7A-9F00C898A0A2}
    2011-12-03 11:39 - 2011-12-03 11:39 - 0000000 ____D C:\Users\OWNER\AppData\Local\{0521DC3B-384B-4EFD-ADF6-311DC2BFEC05}
    2011-12-01 21:17 - 2009-12-29 09:13 - 0000000 ____D C:\Program Files\Garmin
    2011-12-01 21:17 - 2007-10-20 06:44 - 0000000 ____D C:\Garmin
    2011-12-01 19:46 - 2009-12-29 09:40 - 0000000 ____D C:\Users\All Users\GARMIN
    2011-12-01 19:46 - 2009-12-29 09:40 - 0000000 ____D C:\ProgramData\GARMIN
    2011-12-01 19:44 - 2009-12-29 08:47 - 0000000 ____D C:\Users\OWNER\AppData\Roaming\GARMIN
    2011-12-01 19:22 - 2011-12-01 19:22 - 0123851 ____A C:\Users\OWNER\Downloads\securedoc (2).html
    2011-12-01 19:11 - 2011-12-01 19:11 - 0000000 ____D C:\Users\OWNER\AppData\Local\{E4F1D8BF-127B-40F2-A3DB-62CBF920A3B1}
    2011-12-01 19:11 - 2011-12-01 19:11 - 0000000 ____D C:\Users\OWNER\AppData\Local\{A6994259-4978-41A0-9DB3-255A3812A0BF}
    2011-11-30 19:59 - 2011-11-30 19:59 - 0000000 ____D C:\Users\OWNER\AppData\Local\{E650752F-0E1E-4E39-B486-B081C693140D}
    2011-11-30 19:59 - 2011-11-30 19:58 - 0000000 ____D C:\Users\OWNER\AppData\Local\{16D2F6A8-8A66-4944-AB19-7D9C6374EFB2}
    2011-11-27 16:18 - 2011-11-27 16:18 - 0054726 ____A C:\Users\OWNER\Downloads\cuisinart grinder.amr
    2011-11-27 16:00 - 2011-11-27 16:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\{AB8675E1-F4A2-4630-9EDF-7BED8C01FF6A}
    2011-11-27 16:00 - 2011-11-27 16:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\{604BB66D-6D26-4879-96F5-69E84DA9490A}
    2011-11-26 09:28 - 2011-11-26 09:28 - 0000000 ____D C:\Users\OWNER\AppData\Local\{C5C3EF2C-1404-4C42-AC02-40117659859A}
    2011-11-26 09:27 - 2011-11-26 09:27 - 0000000 ____D C:\Users\OWNER\AppData\Local\{DE8413CF-1B07-472F-AF3B-8B03481E349F}
    2011-11-24 09:52 - 2011-11-24 09:52 - 0000000 ____D C:\Users\OWNER\AppData\Local\{A40462D8-3754-42E5-8E79-337880DD262A}
    2011-11-24 09:52 - 2011-11-23 09:51 - 0000000 ____D C:\Users\OWNER\AppData\Local\{F4B707E9-13EA-406B-B53C-3477C908DA77}
    2011-11-23 21:52 - 2011-11-23 21:52 - 0000000 ____D C:\Users\OWNER\AppData\Local\{675AF5BE-F8D8-4676-8BFF-322D92CC471F}
    2011-11-23 16:40 - 2011-11-23 16:40 - 0100193 ____A C:\Users\OWNER\Downloads\securedoc (1).html
    2011-11-23 15:41 - 2011-11-23 15:41 - 0000000 ____D C:\Users\OWNER\AppData\Roaming\Mozilla
    2011-11-23 10:07 - 2011-01-10 20:13 - 0000000 ____D C:\Users\OWNER\Documents\FSA Spending Account
    2011-11-23 10:07 - 2007-11-06 20:41 - 0000000 ____D C:\Users\OWNER\Documents\My Scans
    2011-11-23 09:51 - 2011-11-23 09:51 - 0000000 ____D C:\Users\OWNER\AppData\Local\{C0F3642F-3A88-4BC9-B985-B21CCFBA5664}
    2011-11-23 08:37 - 2011-12-17 06:38 - 2043904 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2011-11-22 17:43 - 2011-11-22 17:43 - 0000000 ____D C:\Users\OWNER\AppData\Local\{7D446AEF-826B-4A45-B3D2-252C32CDA359}
    2011-11-22 17:43 - 2011-11-21 17:41 - 0000000 ____D C:\Users\OWNER\AppData\Local\{F6D99392-D194-4CC7-A2B4-A12566055402}
    2011-11-22 05:43 - 2011-11-22 05:43 - 0000000 ____D C:\Users\OWNER\AppData\Local\{F093790F-B0A8-4DD7-A94E-C1A7372C0674}
    2011-11-21 17:42 - 2011-11-21 17:42 - 0000000 ____D C:\Users\OWNER\AppData\Local\{2FC192B8-78B1-4601-8A0A-E7734F0A3902}
    2011-11-20 18:02 - 2011-01-18 19:16 - 0000000 ____D C:\Users\OWNER\Documents\My Digital Editions
    2011-11-20 16:25 - 2011-11-20 16:24 - 0000000 ____D C:\Users\OWNER\AppData\Local\{FE396A6C-9B59-4223-A795-A5E523C0C295}
    2011-11-20 16:24 - 2011-11-20 16:24 - 0000000 ____D C:\Users\OWNER\AppData\Local\{6ABDD2AA-C6BE-4B82-8004-D16EF3DFFCD7}
    2011-11-15 16:12 - 2011-11-15 16:12 - 0000000 ____D C:\Users\OWNER\AppData\Local\{EBE07D16-2250-4346-B148-CB0C1F0A2D7A}
    2011-11-15 16:12 - 2011-11-15 16:12 - 0000000 ____D C:\Users\OWNER\AppData\Local\{9A7C05AF-0D1B-4361-BE0C-6E57F8BDD3ED}
    2011-11-13 14:54 - 2011-11-13 14:54 - 0000000 ____D C:\Users\OWNER\AppData\Local\{DF4AA70F-1E97-4AA4-8AA6-D5CAE14B0A2F}
    2011-11-13 14:54 - 2011-11-13 14:53 - 0000000 ____D C:\Users\OWNER\AppData\Local\{C485905D-7D03-41D8-BC04-46F095E5D98B}
    2011-11-11 19:39 - 2006-11-02 06:18 - 0000000 ____D C:\Program Files\Common Files\System
    2011-11-11 18:51 - 2011-11-11 18:51 - 0000000 ____D C:\Users\OWNER\AppData\Local\{BF439D29-EE22-4798-81CF-77CA74CD990A}
    2011-11-11 18:51 - 2011-11-11 06:50 - 0000000 ____D C:\Users\OWNER\AppData\Local\{09A662D2-DBF4-46D1-B2B0-DD614C01FD60}
    2011-11-11 06:51 - 2011-11-11 06:51 - 0000000 ____D C:\Users\OWNER\AppData\Local\{767D78D0-24CF-4D20-9738-F1CE89E68D33}
    2011-11-08 09:42 - 2011-12-17 06:37 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2011-11-06 16:45 - 2011-11-06 16:45 - 0000000 ____D C:\Users\OWNER\AppData\Local\{BA0CC566-C570-4095-9AB2-77CEDABA48A6}
    2011-11-06 16:45 - 2011-11-06 04:44 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3FF241EF-7D11-42E7-BEAE-B4222E1D94AF}
    2011-11-06 04:44 - 2011-11-06 04:44 - 0000000 ____D C:\Users\OWNER\AppData\Local\{44CB45F3-899F-49EE-9DF6-94369A590E62}
    2011-11-03 18:02 - 2011-12-17 18:29 - 12279808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2011-11-03 17:47 - 2011-12-17 18:29 - 1798144 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2011-11-03 17:46 - 2011-12-17 18:29 - 9705472 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2011-11-03 17:40 - 2011-12-17 18:29 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2011-11-03 17:40 - 2011-12-17 18:29 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2011-11-03 17:39 - 2011-12-17 18:29 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2011-11-03 17:38 - 2011-12-17 18:29 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2011-11-03 17:37 - 2011-12-17 18:29 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2011-11-03 17:34 - 2011-12-17 18:29 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2011-11-03 17:32 - 2011-12-17 18:29 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2011-11-03 17:32 - 2011-12-17 18:29 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2011-11-03 17:31 - 2011-12-17 18:29 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2011-11-03 17:28 - 2011-12-17 18:29 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2011-10-31 06:16 - 2011-10-31 06:16 - 0000000 ____D C:\Users\OWNER\AppData\Local\{F4D81C3E-A5EF-4341-A13C-589963D4D904}
    2011-10-31 06:16 - 2011-10-31 06:15 - 0000000 ____D C:\Users\OWNER\AppData\Local\{67E3475D-76E5-47C2-9070-BA76055B0519}
    2011-10-28 08:17 - 2011-10-28 08:17 - 0000000 ____D C:\Program Files\QuickTime
    2011-10-28 05:58 - 2011-10-28 05:57 - 0000000 ____D C:\Users\OWNER\AppData\Local\{6FC48DD7-EC27-477F-BF91-784BDCA37E3E}
    2011-10-28 05:57 - 2011-10-28 05:57 - 0000000 ____D C:\Users\OWNER\AppData\Local\{0926CFA0-7E28-445D-9868-4380DB4601F0}
    2011-10-27 03:01 - 2011-12-17 06:38 - 3602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2011-10-27 03:01 - 2011-12-17 06:38 - 3550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2011-10-25 10:56 - 2011-12-17 06:38 - 0049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2011-10-24 13:29 - 2011-10-24 13:29 - 0094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx
    2011-10-24 13:29 - 2011-10-24 13:29 - 0069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts
    2011-10-18 18:02 - 2011-10-18 18:02 - 0000000 ____D C:\Users\OWNER\AppData\Local\{BEE043A9-3B7E-4583-A798-0BF5B7C1167A}
    2011-10-18 18:02 - 2011-10-18 18:02 - 0000000 ____D C:\Users\OWNER\AppData\Local\{138C5FEA-CEAA-4729-96F8-998367286F8C}
    2011-10-18 17:58 - 2008-08-11 18:17 - 0000000 ____D C:\Program Files\Microsoft Silverlight
    2011-10-16 13:12 - 2011-10-16 13:12 - 0000000 ____D C:\Program Files\Bonjour
    2011-10-16 07:22 - 2011-10-16 07:22 - 0000000 ____D C:\Users\OWNER\AppData\Local\{34373BF8-F952-4536-ABB1-21E0B96C16AF}
    2011-10-16 07:22 - 2011-10-16 07:22 - 0000000 ____D C:\Users\OWNER\AppData\Local\{0FF3491D-C445-41A9-8FE6-100997667F51}
    2011-10-15 03:53 - 2011-12-30 08:20 - 5578560 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2011-10-15 03:53 - 2011-12-30 08:20 - 2401088 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2011-10-15 03:53 - 2011-12-30 08:20 - 2099520 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2011-10-15 03:53 - 2011-12-30 08:20 - 18871616 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
    2011-10-15 03:53 - 2011-12-30 08:20 - 17248576 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2011-10-15 03:53 - 2011-12-30 08:20 - 10327360 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2011-10-15 03:53 - 2011-12-30 08:20 - 0919872 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
    2011-10-15 03:53 - 2011-12-30 08:20 - 0877376 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
    2011-10-15 03:53 - 2011-12-30 08:20 - 0061248 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
    2011-10-15 03:53 - 2011-12-28 20:54 - 0602432 ____A (NVIDIA Corporation) C:\Windows\System32\easyupdatusapiu.dll
    2011-10-15 03:53 - 2010-10-08 00:57 - 6350144 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
    2011-10-15 03:53 - 2010-10-08 00:57 - 3840320 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc.dll
    2011-10-15 03:53 - 2010-10-08 00:57 - 1136448 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    2011-10-15 03:53 - 2010-10-08 00:57 - 0203072 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
    2011-10-15 03:53 - 2010-04-03 21:55 - 7041856 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2um.dll
    2011-10-15 03:53 - 2010-04-03 21:55 - 0004359 ____A C:\Windows\System32\nvinfo.pb
    2011-10-15 03:53 - 2010-04-03 17:27 - 0123712 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
    2011-10-15 03:53 - 2007-04-26 03:17 - 2458432 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
    2011-10-15 03:53 - 2007-04-26 03:17 - 13205312 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dum.dll
    2011-10-15 00:54 - 2011-10-15 00:54 - 0321856 ____A C:\Windows\System32\nvStreaming.exe
    2011-10-14 11:02 - 2011-12-17 06:38 - 0429056 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2011-10-09 12:50 - 2011-10-09 12:50 - 0002725 ____A C:\Users\OWNER\Downloads\pharmacy_claim.csv
    2011-10-09 06:41 - 2011-10-09 06:41 - 0000000 ____D C:\Users\OWNER\AppData\Local\{10FA69C6-0FFA-4751-B587-CC2BCD04E52E}
    2011-10-09 06:41 - 2011-10-09 06:40 - 0000000 ____D C:\Users\OWNER\AppData\Local\{88761325-5FE2-488B-B06B-C56F2D183FE4}

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit

    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\wininit.exe => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ========================= Memory info ======================

    Percentage of memory in use: 51%
    Total physical RAM: 3324.86 MB
    Available physical RAM: 1599.89 MB
    Total Pagefile: 8247.9 MB
    Available Pagefile: 6590.18 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1946.98 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:465.76 GB) (Free:72.8 GB) NTFS ==>[Drive with boot components]

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 466 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 466 GB 1024 KB

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 466 GB Healthy System

    Partitions of Disk 1:
    ===============

    There are no partitions on this disk to show.

    Disk: 1
    The arguments specified for this command are not valid.
    For more information on the command type: HELP SELECT PARTITION

    There is no partition selected.

    Partitions of Disk 2:
    ===============

    There are no partitions on this disk to show.

    Disk: 2
    The arguments specified for this command are not valid.
    For more information on the command type: HELP SELECT PARTITION

    There is no partition selected.

    Partitions of Disk 3:
    ===============

    There are no partitions on this disk to show.

    Disk: 3
    The arguments specified for this command are not valid.
    For more information on the command type: HELP SELECT PARTITION

    There is no partition selected.

    Partitions of Disk 4:
    ===============

    There are no partitions on this disk to show.

    Disk: 4
    The arguments specified for this command are not valid.
    For more information on the command type: HELP SELECT PARTITION

    There is no partition selected.


    ==========================================================

    Last Boot: 2012-01-05 20:31

    ======================= End Of Log ==========================
     
  19. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    All looks clean.

    You'll have to restore all missing items manually.
    See if you can change desktop background manually.
    Recreate desktop shortcuts manually.
    As for Start menu see here: http://www.smartestcomputing.us.com...tart-menu-and-files-hiddendeleted-by-a-virus/
    Scroll down to "Method 3 - manual".

    Any other issues?

    Whenever ready....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  20. res0jh1y2

    res0jh1y2 TS Rookie Topic Starter Posts: 24

    Manual fix and OTL log

    Thanks, I went through the manual process and got my desktop, shortcuts and start menu back. Below is part 1 of 2 for the OTL Log results. I had to do it in two due to number of characters. I will separately post the Extras Log.


    OTL logfile created on: 1/5/2012 10:46:58 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\OWNER\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 56.79% Memory free
    8.05 Gb Paging File | 6.57 Gb Available in Paging File | 81.59% Paging File free
    Paging file location(s): c:\pagefile.sys 5000 6000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 465.76 Gb Total Space | 74.74 Gb Free Space | 16.05% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC-DEN | User Name: OWNER | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/05 21:36:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\OWNER\Desktop\OTL.exe
    PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/11/29 20:06:54 | 013,223,936 | ---- | M] (Google Inc.) -- C:\Users\OWNER\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    PRC - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/10/15 03:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2011/10/15 03:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/10/03 09:14:06 | 001,409,384 | ---- | M] (Garmin) -- C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
    PRC - [2011/08/05 12:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
    PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/01/10 12:28:54 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSConnector.exe
    PRC - [2011/01/10 12:28:52 | 000,603,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSTrayApp.exe
    PRC - [2011/01/10 12:28:52 | 000,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\esClient.exe
    PRC - [2011/01/10 11:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
    PRC - [2011/01/10 11:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
    PRC - [2011/01/10 11:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
    PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2009/09/01 14:49:58 | 000,257,888 | ---- | M] (Creative Home) -- C:\Program Files\Creative Home\Hallmark Card Studio Trial Edition 2009\Planner\PLNRnote.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/06/12 09:00:48 | 000,113,136 | ---- | M] () -- C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
    PRC - [2008/02/19 12:07:04 | 000,502,800 | ---- | M] (Microsoft(R) Corporation) -- C:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe
    PRC - [2007/08/20 10:47:54 | 000,774,144 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for ViewSonic\traybar.exe
    PRC - [2007/08/17 15:37:16 | 002,567,680 | ---- | M] () -- C:\Program Files\Camera Assistant Software for ViewSonic\CEC_MAIN.exe
    PRC - [2007/06/14 23:02:55 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2007/03/09 10:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/29 19:57:12 | 000,344,064 | ---- | M] () -- C:\Users\OWNER\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
    MOD - [2011/11/29 19:57:02 | 000,346,624 | ---- | M] () -- C:\Users\OWNER\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
    MOD - [2011/11/29 19:56:16 | 000,363,520 | ---- | M] () -- C:\Users\OWNER\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
    MOD - [2011/11/29 19:56:06 | 000,198,656 | ---- | M] () -- C:\Users\OWNER\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
    MOD - [2011/10/18 18:10:31 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\bd729791a7504ef9ecb4ad6ebfd94935\System.Xml.Linq.ni.dll
    MOD - [2011/10/18 18:10:30 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll
    MOD - [2011/10/18 18:07:13 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b67478ec034fdf811a748f1b6b5b1c95\Microsoft.VisualBasic.ni.dll
    MOD - [2011/10/18 18:06:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
    MOD - [2011/10/18 18:02:55 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
    MOD - [2011/10/18 18:01:18 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
    MOD - [2011/10/18 18:01:10 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
    MOD - [2011/10/16 18:01:22 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\813a0913bea1269e48613509609e72b4\PresentationFramework.ni.dll
    MOD - [2011/10/16 18:01:09 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8244412387a82c0acd3d63622e22cef5\PresentationCore.ni.dll
    MOD - [2011/10/16 18:01:04 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2de8b7360d6a58fa7fd1b451fa88dde6\System.Windows.Forms.ni.dll
    MOD - [2011/10/16 18:01:01 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9dacf8a5033dfbcb435be166d2f42cdf\WindowsBase.ni.dll
    MOD - [2011/10/16 18:00:58 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9211f2faac02f0082b201a95731736c4\PresentationFramework.Aero.ni.dll
    MOD - [2011/10/16 18:00:56 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll
    MOD - [2011/10/16 18:00:54 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll
    MOD - [2011/10/16 18:00:52 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll
    MOD - [2011/10/16 18:00:49 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4844dd28e0611d1ebd1e449fe822c2a5\System.Configuration.ni.dll
    MOD - [2011/10/16 18:00:47 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll
    MOD - [2011/10/16 18:00:40 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/01/10 11:47:40 | 000,158,208 | ---- | M] () -- C:\Program Files\Verizon\VSP\Windows7Features.dll
    MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
    MOD - [2008/12/20 00:26:06 | 002,625,536 | ---- | M] () -- C:\Program Files\Cucusoft\zune-converter\Filter\ffdshow.ax
    MOD - [2008/06/12 09:00:48 | 000,113,136 | ---- | M] () -- C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
    MOD - [2008/02/19 12:05:31 | 000,250,896 | ---- | M] () -- C:\Program Files\Microsoft Money Plus\MNYCoreFiles\myuni08.dll
    MOD - [2007/08/17 15:37:16 | 002,567,680 | ---- | M] () -- C:\Program Files\Camera Assistant Software for ViewSonic\CEC_MAIN.exe
    MOD - [2006/12/10 20:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
    MOD - [2006/12/10 20:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
    SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
    SRV - File not found [Auto | Stopped] -- -- (McciCMService)
    SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
    SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2011/01/10 12:29:24 | 000,239,472 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
    SRV - [2011/01/10 12:28:54 | 000,376,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
    SRV - [2011/01/10 12:28:52 | 000,097,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\esClient.exe -- (esClient)
    SRV - [2011/01/10 11:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
    SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/06/23 09:08:34 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
    SRV - [2008/06/23 09:08:28 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
    SRV - [2008/06/23 09:06:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
    SRV - [2008/06/23 09:06:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
    SRV - [2008/06/23 09:05:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - [2012/01/05 22:01:25 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B58F7EE1-E390-42AB-9304-A9F09BF0E979}\MpKsl23834a70.sys -- (MpKsl23834a70)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/10/15 03:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2010/03/23 02:17:06 | 001,170,464 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
    DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
    DRV - [2008/06/23 10:11:24 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
    DRV - [2007/09/06 18:53:00 | 000,046,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BackupReader.sys -- (BackupReader)
    DRV - [2007/08/21 00:13:04 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
    DRV - [2007/06/14 23:07:39 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2007/05/09 08:37:54 | 000,434,176 | ---- | M] (Pinnacle a division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinAVS.sys -- (PinnacleMarvinAVS)
    DRV - [2007/03/13 12:05:30 | 000,044,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
    DRV - [2006/09/22 11:11:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
    DRV - [2006/05/08 23:27:22 | 000,426,624 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinUsb.sys -- (PinnacleMarvinUSB)
    DRV - [2005/07/13 15:55:22 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
    DRV - [2005/07/07 02:01:12 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2005/02/09 11:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)
    DRV - [2005/01/20 22:38:04 | 000,073,344 | ---- | M] (LSI Logic Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DVxplore.sys -- (DVxplore)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    IE - HKLM\..\URLSearchHook: {69224684-5682-419b-9fe4-ef7946ee3319} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.washingtonpost.com/
    IE - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 EE FF A1 B7 6B CA 01 [binary data]
    IE - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..\URLSearchHook: {69224684-5682-419b-9fe4-ef7946ee3319} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)
    IE - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..\URLSearchHook: {e413a417-d00b-4a3b-9c17-19048046f1ce} - C:\Program Files\johnqtv1\tbjohn.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ [2008/10/23 18:23:10 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2008/10/23 18:23:10 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\OWNER\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\OWNER\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\OWNER\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\OWNER\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/26 20:12:46 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
    CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\OWNER\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\OWNER\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
    CHR - plugin: Verizon Servicepoint (Enabled) = C:\Program Files\Verizon\VSP\nprpspa.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Hulu Desktop (Enabled) = C:\Users\OWNER\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
    CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\OWNER\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Google Translate = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
    CHR - Extension: Entanglement = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
    CHR - Extension: Default = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
    CHR - Extension: Poppit = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

    O1 HOSTS File: ([2012/01/04 19:48:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AOL Radio Toolbar Loader) - {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)
    O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (johnqtv1 Toolbar) - {e413a417-d00b-4a3b-9c17-19048046f1ce} - C:\Program Files\johnqtv1\tbjohn.dll (Conduit Ltd.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (AOL Radio Toolbar) - {9167da98-6f9b-46f1-991d-826cae46cab6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)
    O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (johnqtv1 Toolbar) - {e413a417-d00b-4a3b-9c17-19048046f1ce} - C:\Program Files\johnqtv1\tbjohn.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
    O3 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..\Toolbar\WebBrowser: (AOL Radio Toolbar) - {9167DA98-6F9B-46F1-991D-826CAE46CAB6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)
    O3 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..\Toolbar\WebBrowser: (johnqtv1 Toolbar) - {E413A417-D00B-4A3B-9C17-19048046F1CE} - C:\Program Files\johnqtv1\tbjohn.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for ViewSonic\traybar.exe (Chicony)
    O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe ()
    O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.dll (Pinnacle Systems)
    O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
    O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
    O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000..\Run: [MoneyInsights] C:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe (Microsoft(R) Corporation)
    O4 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000..\Run: [MusicManager] C:\Users\OWNER\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
    O4 - HKU\S-1-5-21-4021511835-731674042-3818716740-1010..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-4021511835-731674042-3818716740-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
    O15 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
    O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81920D7E-5609-4616-BCCD-A2BA500F3AA1}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/10/07 09:38:18 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.i420 - vdrcodec.dll File not found
    Drivers32: VIDC.MJPG - C:\Windows\System32\pvmjpg30.dll (Pegasus Imaging Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/05 21:36:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\OWNER\Desktop\OTL.exe
    [2012/01/05 21:18:06 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/01/05 21:18:06 | 000,000,000 | ---D | C] -- \FRST
    [2012/01/04 19:53:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/01/04 19:53:35 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
    [2012/01/04 19:38:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/01/04 19:38:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/01/04 19:38:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/01/04 19:38:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/01/04 19:38:05 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/04 19:38:05 | 000,000,000 | ---D | C] -- \Qoobox
    [2012/01/02 18:09:28 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{7298B8D8-C1FB-4AF3-B595-D9CF9287E74D}
    [2012/01/02 18:09:04 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{3DDB63DB-EB9A-4F01-B115-78E2C88F20A3}
    [2012/01/02 16:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/02 16:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/01/02 16:34:21 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/01/02 16:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/01/01 20:01:34 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{418E58D4-1348-4FAE-B094-9468DCCF0E5E}
    [2012/01/01 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{B7FFD582-75BF-4597-A6F2-4EEB04D6451E}
    [2012/01/01 18:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
    [2012/01/01 13:29:06 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    [2012/01/01 08:00:43 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{3799A976-DD16-4697-AAFB-E6AF0CE27E56}
    [2012/01/01 08:00:21 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{F0F78033-C146-405C-9F9D-A89066AD9605}
    [2011/12/31 10:38:20 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{CB731A8F-7714-42A8-91BE-D1EE7C943516}
    [2011/12/31 10:37:52 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{D17A7992-834E-4D0A-A026-7FCA624949DC}
    [2011/12/30 19:45:26 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{0E15062F-3981-40A8-8AD9-A02FC52BB1B1}
    [2011/12/30 19:45:04 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{04CDFF29-AC6B-40BE-9C28-13AE5CE57F1F}
    [2011/12/30 08:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [2011/12/30 08:20:05 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
    [2011/12/30 07:44:40 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{008C5F84-D810-4062-BB93-E2E3D6EA94C4}
    [2011/12/30 07:44:30 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{8B3DD721-61BF-4C9A-9154-7702642CE903}
    [2011/12/29 13:17:37 | 000,000,000 | ---D | C] -- C:\Users\OWNER\Documents\Allstate
    [2011/12/29 11:13:53 | 000,000,000 | ---D | C] -- C:\Users\OWNER\Documents\Hall Bath
    [2011/12/29 10:07:57 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{3C309ADD-8A53-4547-A842-2AFD25B103EA}
    [2011/12/29 10:07:38 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{2F8E11C8-D6E2-4B3F-92F0-5BCE7AEE3694}
    [2011/12/28 20:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
    [2011/12/28 19:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
    [2011/12/28 09:35:47 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{7F7F0E3E-7D31-41F5-9C67-62177DF216BF}
    [2011/12/28 09:35:26 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{EFC84986-05D8-4D1F-A9AD-D89F26DC3E9B}
    [2011/12/27 19:27:34 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{6ABA2B91-8FC8-496B-A1DD-2CFCD6667657}
    [2011/12/27 19:27:13 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{2D99B19E-9AF2-4EB9-8B4C-372C3756AAD4}
    [2011/12/27 07:26:59 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{E0082879-7A31-4211-87B5-70FB68931B3E}
    [2011/12/27 07:26:34 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{E8793C07-5B7A-4BE8-A314-AE7429B6816D}
    [2011/12/26 16:12:25 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{9607B1CC-472C-4E23-8B18-CF7F6934314E}
    [2011/12/26 16:12:09 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{15AAF5A9-F8B3-4757-B0D1-8D0FAA8CABCF}
    [2011/12/23 08:45:43 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{3A082929-01A2-4F19-BE6D-62013731A2F1}
    [2011/12/23 08:45:19 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{C2536868-B2E9-4A5B-BD59-D009E562A8B9}
    [2011/12/22 17:39:55 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{3C2FD598-EF72-49E9-ADA7-D0A4DD06B84C}
    [2011/12/22 17:39:41 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{20BA3FC1-F841-412C-8D2F-A76CA6E6A8D9}
    [2011/12/21 18:11:51 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{7AF92889-7DD8-4E9A-AAAD-71E69F84E710}
    [2011/12/21 18:11:29 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{B5AA8C0F-E017-4728-812E-CD0E426593B9}
    [2011/12/21 06:11:01 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{90F8E8DF-E2CE-44FE-A1E1-980B3B710C04}
    [2011/12/21 06:10:43 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{4026FEBA-291A-4C51-AFA2-49C41C4ED3C1}
    [2011/12/19 10:16:54 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{76548B33-D73A-494C-B6F7-E8AA68B05BA4}
    [2011/12/19 10:16:41 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{CC925330-7BFA-421B-9816-4B4F9D748AAC}
    [2011/12/18 17:15:53 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{65615064-A1EB-400A-9664-F0FAFB1AA476}
    [2011/12/18 17:15:39 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{85C4E1B8-1F3D-43F9-A9B3-F3797DF82074}
    [2011/12/17 17:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/12/17 17:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/12/17 17:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/12/17 06:31:32 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{0BCDEFBC-4B83-450C-AE1E-76D3B1B4ECF1}
    [2011/12/17 06:31:20 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{77E37575-15D1-4DE6-AEB3-C32E983FB55C}
    [2011/12/11 10:00:33 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{0D3C7A68-D8C3-4946-B311-4A6525A98379}
    [2011/12/11 10:00:06 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{108E2AE0-100C-48FF-B71F-10EB24388C35}
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
  21. res0jh1y2

    res0jh1y2 TS Rookie Topic Starter Posts: 24

    OTL Log part 2 of 2

    ========== Files - Modified Within 30 Days ==========

    [2012/01/05 22:41:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4021511835-731674042-3818716740-1000UA.job
    [2012/01/05 22:36:41 | 000,002,305 | ---- | M] () -- C:\Users\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
    [2012/01/05 22:35:19 | 000,001,989 | ---- | M] () -- C:\Users\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/01/05 22:34:51 | 000,000,949 | ---- | M] () -- C:\Users\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
    [2012/01/05 22:10:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/01/05 22:07:08 | 000,614,692 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/01/05 22:07:08 | 000,108,654 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/01/05 22:01:42 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
    [2012/01/05 22:01:24 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/01/05 22:01:23 | 000,004,176 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/05 22:01:23 | 000,004,176 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/05 22:01:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/05 22:01:12 | 3487,309,824 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/05 21:36:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\OWNER\Desktop\OTL.exe
    [2012/01/04 19:48:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/01/02 16:31:26 | 000,002,032 | ---- | M] () -- C:\Users\OWNER\AppData\Local\d3d9caps.dat
    [2012/01/01 18:42:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2011/12/31 17:54:39 | 000,517,728 | ---- | M] () -- C:\Users\OWNER\Documents\NewYearWish2012.pdf
    [2011/12/31 17:54:06 | 000,368,640 | ---- | M] () -- C:\Users\OWNER\Documents\NewYearWish2012.pdf.pra
    [2011/12/28 19:29:06 | 000,003,120 | ---- | M] () -- C:\Windows\System32\ALLFSAF8a.ocx
    [2011/12/28 10:52:24 | 002,236,845 | ---- | M] () -- C:\Users\OWNER\Documents\DSC00012.JPG
    [2011/12/28 10:52:02 | 002,205,667 | ---- | M] () -- C:\Users\OWNER\Documents\DSC00011.JPG
    [2011/12/28 10:51:10 | 001,901,949 | ---- | M] () -- C:\Users\OWNER\Documents\DSC00010.JPG
    [2011/12/28 10:50:58 | 001,850,996 | ---- | M] () -- C:\Users\OWNER\Documents\DSC00009.JPG
    [2011/12/28 10:50:24 | 002,089,400 | ---- | M] () -- C:\Users\OWNER\Documents\DSC00008.JPG
    [2011/12/28 10:50:10 | 002,354,554 | ---- | M] () -- C:\Users\OWNER\Documents\DSC00007.JPG
    [2011/12/28 10:49:44 | 002,299,025 | ---- | M] () -- C:\Users\OWNER\Documents\DSC00006.JPG
    [2011/12/27 07:41:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4021511835-731674042-3818716740-1000Core.job
    [2011/12/26 16:29:41 | 000,121,344 | ---- | M] () -- C:\Users\OWNER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/12/18 17:12:51 | 000,513,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/12/17 09:24:16 | 000,330,034 | ---- | M] () -- C:\Users\OWNER\Documents\Daniela_12_Birthday2011.pdf
    [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/01/05 22:35:19 | 000,001,989 | ---- | C] () -- C:\Users\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/01/05 22:35:03 | 000,002,305 | ---- | C] () -- C:\Users\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
    [2012/01/05 22:34:51 | 000,000,949 | ---- | C] () -- C:\Users\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
    [2012/01/05 21:57:55 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
    [2012/01/05 21:57:55 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2012/01/05 21:57:55 | 000,001,589 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    [2012/01/05 21:57:55 | 000,000,944 | ---- | C] () -- C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2012/01/05 21:57:55 | 000,000,915 | ---- | C] () -- C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
    [2012/01/05 21:57:55 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
    [2012/01/04 19:38:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/01/04 19:38:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/01/04 19:38:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/01/04 19:38:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/01/04 19:38:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/02 18:07:13 | 3487,309,824 | -HS- | C] () -- C:\hiberfil.sys
    [2012/01/02 18:07:13 | 3487,309,824 | -HS- | C] () -- \hiberfil.sys
    [2011/12/31 17:54:37 | 000,517,728 | ---- | C] () -- C:\Users\OWNER\Documents\NewYearWish2012.pdf
    [2011/12/31 17:54:06 | 000,368,640 | ---- | C] () -- C:\Users\OWNER\Documents\NewYearWish2012.pdf.pra
    [2011/12/29 11:18:43 | 002,354,554 | ---- | C] () -- C:\Users\OWNER\Documents\DSC00007.JPG
    [2011/12/29 11:18:43 | 002,299,025 | ---- | C] () -- C:\Users\OWNER\Documents\DSC00006.JPG
    [2011/12/29 11:18:43 | 002,236,845 | ---- | C] () -- C:\Users\OWNER\Documents\DSC00012.JPG
    [2011/12/29 11:18:43 | 002,205,667 | ---- | C] () -- C:\Users\OWNER\Documents\DSC00011.JPG
    [2011/12/29 11:18:43 | 002,089,400 | ---- | C] () -- C:\Users\OWNER\Documents\DSC00008.JPG
    [2011/12/29 11:18:43 | 001,901,949 | ---- | C] () -- C:\Users\OWNER\Documents\DSC00010.JPG
    [2011/12/29 11:18:43 | 001,850,996 | ---- | C] () -- C:\Users\OWNER\Documents\DSC00009.JPG
    [2011/12/28 19:29:06 | 000,003,120 | ---- | C] () -- C:\Windows\System32\ALLFSAF8a.ocx
    [2011/12/17 09:20:08 | 000,330,034 | ---- | C] () -- C:\Users\OWNER\Documents\Daniela_12_Birthday2011.pdf
    [2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
    [2010/12/30 20:11:35 | 000,504,108 | ---- | C] () -- C:\Users\OWNER\AppData\Local\rx_image32.Cache
    [2010/12/19 21:42:23 | 000,000,106 | ---- | C] () -- C:\Windows\VaultMediaClient.INI
    [2010/08/29 14:26:20 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/05/19 19:47:37 | 000,139,264 | ---- | C] () -- C:\Windows\System32\gswin32c.exe
    [2009/12/29 19:56:57 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2009/11/17 20:21:04 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2009/11/15 07:54:10 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009/11/13 11:42:54 | 000,000,094 | ---- | C] () -- C:\Windows\biblesuite1.ini
    [2009/11/13 11:42:54 | 000,000,088 | ---- | C] () -- C:\Windows\bibsuitesavers.ini
    [2009/11/13 11:42:54 | 000,000,031 | ---- | C] () -- C:\Windows\bibaudiosuite.ini
    [2009/10/17 06:32:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/10/17 06:32:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/04/26 16:08:24 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
    [2008/12/04 19:37:52 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2008/09/25 15:01:54 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
    [2008/09/25 15:01:54 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
    [2008/08/21 20:30:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/06/16 13:47:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2008/04/23 19:21:52 | 000,074,608 | ---- | C] () -- C:\Windows\TrueInstall.exe
    [2008/03/26 18:56:36 | 000,096,577 | ---- | C] () -- C:\Windows\hpqins16.dat
    [2008/03/10 18:20:16 | 000,002,026 | ---- | C] () -- C:\Windows\TLTitleData.ini
    [2008/03/10 18:19:46 | 000,086,870 | ---- | C] () -- C:\Windows\System32\BerlitzSCR.dat
    [2008/03/02 15:02:51 | 000,004,735 | ---- | C] () -- C:\Users\OWNER\AppData\Local\Tescan002.rtf
    [2008/01/26 21:21:40 | 000,000,093 | ---- | C] () -- C:\Users\OWNER\AppData\Local\fusioncache.dat
    [2007/12/31 23:41:45 | 018,082,864 | ---- | C] () -- C:\Users\OWNER\AppData\Local\rx_image.Cache
    [2007/12/31 23:41:45 | 001,359,660 | ---- | C] () -- C:\Users\OWNER\AppData\Local\rx_audio.Cache
    [2007/10/14 14:11:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2007/10/07 11:28:33 | 000,993,216 | ---- | C] () -- C:\Windows\System32\DVC.EXE
    [2007/10/07 11:28:33 | 000,167,424 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
    [2007/10/07 11:28:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\DVResampleru.dll
    [2007/10/07 08:20:08 | 000,194,248 | ---- | C] () -- C:\Windows\System32\LTRFD13n.DLL
    [2007/10/07 08:14:54 | 000,196,096 | ---- | C] () -- C:\Windows\System32\macd32.dll
    [2007/10/07 08:14:54 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
    [2007/10/07 08:14:54 | 000,136,192 | ---- | C] () -- C:\Windows\System32\mamc32.dll
    [2007/10/07 08:14:54 | 000,057,856 | ---- | C] () -- C:\Windows\System32\masd32.dll
    [2007/10/07 08:14:54 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
    [2007/10/06 15:50:45 | 000,348,160 | ---- | C] () -- C:\Windows\System32\cdga.dll
    [2007/10/06 12:48:22 | 000,148,935 | ---- | C] () -- C:\Windows\hpoins19.dat
    [2007/10/06 12:46:42 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
    [2007/10/06 11:41:10 | 000,404,480 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
    [2007/10/06 11:41:10 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
    [2007/10/06 11:41:10 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
    [2007/10/06 07:27:01 | 000,121,344 | ---- | C] () -- C:\Users\OWNER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/10/05 22:00:24 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
    [2007/10/05 22:00:24 | 000,000,000 | RHS- | C] () -- \IO.SYS
    [2007/10/05 21:59:06 | 000,000,011 | ---- | C] () -- C:\Windows\VSWizard.ini
    [2007/09/29 09:08:05 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
    [2007/09/29 09:08:04 | 000,333,257 | RHS- | C] () -- \bootmgr
    [2007/09/29 08:01:51 | 000,024,576 | ---- | C] () -- C:\Windows\System32\LSIReg.dll
    [2007/09/28 17:31:20 | 000,002,032 | ---- | C] () -- C:\Users\OWNER\AppData\Local\d3d9caps.dat
    [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:47:37 | 000,513,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:33:01 | 000,614,692 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 05:33:01 | 000,108,654 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 05:23:09 | 000,000,121 | ---- | C] () -- \AUTOEXEC.BAT
    [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/11/02 01:25:08 | 000,000,010 | ---- | C] () -- \config.sys
    [2003/05/31 19:43:00 | 000,005,632 | ---- | C] () -- C:\Windows\TrueProcess.exe

    ========== LOP Check ==========

    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
    [2007/12/31 15:18:07 | 000,000,000 | ---D | M] -- C:\Users\All Users\eSellerate
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
    [2011/12/01 19:46:43 | 000,000,000 | ---D | M] -- C:\Users\All Users\GARMIN
    [2009/10/21 06:14:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\Kiwee Toolbar2
    [2009/01/18 18:16:18 | 000,000,000 | ---D | M] -- C:\Users\All Users\Nova Development
    [2010/05/19 19:47:57 | 000,000,000 | ---D | M] -- C:\Users\All Users\OCRTemp
    [2007/10/07 09:31:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\Pinnacle
    [2007/10/07 09:31:38 | 000,000,000 | ---D | M] -- C:\Users\All Users\Pinnacle Studio
    [2011/03/10 11:34:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Radialpoint
    [2008/01/26 21:21:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\SmartSound Software Inc
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
    [2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
    [2010/12/30 19:58:18 | 000,000,000 | ---D | M] -- C:\Users\All Users\Uninstall
    [2008/03/15 08:18:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\Windows Home Server
    [2012/01/01 18:08:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\WindowsSearch
    [2011/01/01 11:40:59 | 000,000,000 | ---D | M] -- C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2006/11/02 06:18:34 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
    [2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
    [2006/11/02 08:02:03 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
    [2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
    [2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
    [2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
    [2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
    [2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
    [2006/11/02 05:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
    [2007/10/07 08:16:30 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
    [2008/03/03 19:53:28 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData
    [2007/09/28 17:31:20 | 000,000,000 | -HSD | M] -- C:\Users\OWNER\Application Data
    [2012/01/05 22:31:19 | 000,000,000 | ---D | M] -- C:\Users\OWNER\Audio Books
    [2010/10/12 19:45:19 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Contacts
    [2007/09/28 17:31:20 | 000,000,000 | -HSD | M] -- C:\Users\OWNER\Cookies
    [2012/01/05 22:44:28 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Desktop
    [2012/01/05 22:46:01 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Documents
    [2012/01/05 22:44:28 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Downloads
    [2011/02/13 08:43:15 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Favorites
    [2007/10/05 20:02:56 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Links
    [2007/09/28 17:31:20 | 000,000,000 | -HSD | M] -- C:\Users\OWNER\Local Settings
    [2011/01/16 09:38:10 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Music
    [2007/09/28 17:31:20 | 000,000,000 | -HSD | M] -- C:\Users\OWNER\My Documents
    [2007/09/28 17:31:20 | 000,000,000 | -HSD | M] -- C:\Users\OWNER\NetHood
    [2011/12/29 11:19:53 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Pictures
    [2007/09/28 17:31:20 | 000,000,000 | -HSD | M] -- C:\Users\OWNER\PrintHood
    [2007/09/28 17:31:20 | 000,000,000 | -HSD | M] -- C:\Users\OWNER\Recent
    [2009/11/15 08:33:48 | 000,000,000 | ---D | M] -- C:\Users\OWNER\Ringtones
    [2007/10/06 14:36:24 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Saved Games
    [2007/10/05 20:02:56 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Searches
    [2007/09/28 17:31:20 | 000,000,000 | -HSD | M] -- C:\Users\OWNER\SendTo
    [2007/09/28 17:31:20 | 000,000,000 | -HSD | M] -- C:\Users\OWNER\Start Menu
    [2007/09/28 17:31:20 | 000,000,000 | -HSD | M] -- C:\Users\OWNER\Templates
    [2012/01/04 18:51:51 | 000,000,000 | ---D | M] -- C:\Users\OWNER\Tracing
    [2011/11/22 08:00:29 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Videos
    [2012/01/04 19:53:33 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData
    [2012/01/02 18:09:12 | 000,000,000 | R--D | M] -- C:\Users\Public\Desktop
    [2007/11/18 14:43:44 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
    [2006/11/02 07:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
    [2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\Public\Favorites
    [2007/11/18 11:55:54 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
    [2007/10/07 08:16:30 | 000,000,000 | ---D | M] -- C:\Users\Public\My Documents
    [2010/10/24 19:54:23 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
    [2010/08/16 18:07:09 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
    [2007/10/07 08:16:30 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
    [2006/11/02 06:18:34 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData
    [2011/12/28 20:54:36 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Application Data
    [2011/12/28 20:54:37 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\Contacts
    [2011/12/28 20:54:36 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Cookies
    [2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Desktop
    [2011/12/28 20:54:36 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Documents
    [2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Downloads
    [2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Favorites
    [2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Links
    [2011/12/28 20:54:36 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Local Settings
    [2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Music
    [2011/12/28 20:54:36 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\My Documents
    [2011/12/28 20:54:36 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\NetHood
    [2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Pictures
    [2011/12/28 20:54:36 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\PrintHood
    [2011/12/28 20:54:36 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Recent
    [2006/11/02 05:23:35 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\Saved Games
    [2011/12/28 20:54:37 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\Searches
    [2011/12/28 20:54:36 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\SendTo
    [2011/12/28 20:54:36 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Start Menu
    [2011/12/28 20:54:36 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Templates
    [2007/10/07 08:16:30 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Videos
    [2012/01/05 21:58:58 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2007/10/07 09:38:18 | 000,000,121 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2007/09/29 09:08:05 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2012/01/04 19:53:32 | 000,013,558 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2009/11/15 07:53:52 | 000,087,497 | ---- | M] () -- C:\Cucu_Video_log.txt
    [2012/01/05 22:01:12 | 3487,309,824 | -HS- | M] () -- C:\hiberfil.sys
    [2007/10/05 22:00:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/03/04 20:41:08 | 000,015,215 | ---- | M] () -- C:\mombi.log
    [2007/10/05 22:00:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2009/11/24 15:33:05 | 000,000,549 | ---- | M] () -- C:\NTDClient.log
    [2012/01/05 22:01:11 | 947,912,703 | -HS- | M] () -- C:\pagefile.sys
    [2008/12/06 10:33:36 | 000,000,000 | ---- | M] () -- C:\plx_proxy.log
    [2007/09/28 17:58:06 | 000,000,206 | ---- | M] () -- C:\realtek.log
    [2007/09/28 17:58:06 | 000,000,420 | ---- | M] () -- C:\RHDSetup.log
    [2007/10/05 22:27:49 | 000,916,162 | ---- | M] () -- C:\TB.log

    < %systemroot%\Fonts\*.com >
    [2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/10/17 07:04:01 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/01/19 02:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2005/02/24 16:21:54 | 000,757,760 | ---- | M] (Frontier Groove Inc.) -- C:\Windows\AZVENA.scr
    [2011/05/13 14:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/04/02 16:05:52 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >
    [2007/09/13 16:26:26 | 000,641,024 | ---- | M] () -- C:\Windows\system32\NEROINSTAEC43759.DB

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/01/05 22:34:51 | 000,000,082 | -HS- | M] () -- C:\Users\OWNER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/01/05 21:36:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\OWNER\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/12/30 08:23:04 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/12/30 08:22:34 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2008/04/02 16:04:39 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2008/04/02 16:04:39 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/12/30 08:22:34 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/12/30 19:56:03 | 000,000,402 | -HS- | M] () -- C:\Users\OWNER\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/05/04 19:51:04 | 000,004,211 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2009/11/17 20:21:04 | 000,000,133 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2010/08/29 14:26:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Tosci Slideshow.dmss:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Tosci 04162009.dmss:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Slideshow2.dmsm:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Slideshow1.dmsm:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Slideshow0.dmsm:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Slideshow.dmsm:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Silvesto E Giuseppa.jwl:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Path of Daggers 261.wma:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Andrea Del Principe Kylee kate Sargant - Buonanotte Amore.jwl:Roxio EMC Stream

    < End of report >
     
  22. res0jh1y2

    res0jh1y2 TS Rookie Topic Starter Posts: 24

    Extras Log part 1 of 2

    OTL Extras logfile created on: 1/5/2012 10:46:58 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\OWNER\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 56.79% Memory free
    8.05 Gb Paging File | 6.57 Gb Available in Paging File | 81.59% Paging File free
    Paging file location(s): c:\pagefile.sys 5000 6000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 465.76 Gb Total Space | 74.74 Gb Free Space | 16.05% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC-DEN | User Name: OWNER | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0130B062-96C3-4C33-A11C-2F2F177838ED}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
    "{057748BD-99E8-4A37-8803-DDD317307AF7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{0626BB58-F604-4F34-9859-A6E1380B26A2}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
    "{0E9EF908-ECAD-42F3-8A6D-8CE7C8CB51D5}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{128696C8-B7CD-47A3-9B65-34F20388A45D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{1D1F75DD-92DC-456E-9A5B-8F781F8B6A47}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{1F4B6381-AB3F-4C12-8C37-F7EAF4D02EF2}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{20AF259C-BCD2-40A4-BE7D-BF6964C46775}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{22B221DA-3F02-4082-BEDD-684E9D45AEA6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{2A77E1E3-69D2-499F-9CB5-C2C75EC895FC}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{3071B60A-784C-4C07-9992-0831648085D8}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
    "{335ABFBD-AD42-45A7-AC0B-E37A7055F175}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{37FCDC00-F019-4BC4-BB4F-A5AC4E475D24}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{3934E592-AD2E-405D-9AC9-F47BDECDACC4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3D3F49FB-5403-47C5-AE6A-0090869D0E99}" = lport=6331 | protocol=6 | dir=in | name=windows live onecare |
    "{417F9C36-291A-4F49-B398-2078EC27D7F9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{41EC1B85-B455-4F3B-8EC1-9355E9C5E191}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{45EF26A4-CDAA-4032-84F1-CCE5E5DD683A}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{48C7FBB6-0E2E-4550-A884-2B1C5F60E961}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{4901E274-F86C-4043-A71D-BDD222D9F8AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{52235340-A264-4493-8B56-1682EE64D55F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{5570ED42-21D8-4413-A966-DF5BDB47CF62}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{59ABA3D9-98E5-42DB-A4EA-34F7B22D603E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{5ABE6C3F-F853-407B-8F9F-20BCEE8F36FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{615787A2-AD6C-46CF-80DC-EB1C22D1E289}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{64E54819-DB66-43E2-93BD-A6DF59C2F3A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{76A37A82-5744-4695-8C19-6B658EA094D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{7949A94D-FE1F-4AF7-B55D-BE78BA7F8863}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{7ABC3DF2-827C-404E-BC7F-8520AA039224}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7BA1D2B3-D6EA-4381-84CD-A79B0E3A33FF}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{7C230B74-2851-41FC-99F0-9B001B7FCEFD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{7D868EBE-3E1E-48AF-88E4-BD3B433E049D}" = lport=1900 | protocol=17 | dir=in | app=%programfiles%\zune\zune.exe |
    "{7F76ED14-4EFC-40F0-9F61-731E0AEA1B94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8AFA080E-27AD-430E-849A-E88548B96CDD}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{8D5C65E3-DF75-459E-9BAF-CFEA7076BF95}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{8E04088E-2514-4915-AEF1-9CF2F550AE00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8FF1D550-81D8-4943-A41B-5349CFA76B32}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{9A615BB6-0069-4070-83B3-B1B8C4AE717F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9B40FC5C-A1BE-4471-B9A3-CF2E95B216D1}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{9C9F59C2-C58C-4379-9D40-5773E172D7C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{A1FAD785-2B6D-4ED9-861D-40357C903874}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A242BAA8-9FDE-4BA0-A608-8C5FA88634F4}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{A3AE8197-CD29-4620-964A-E9396EBCC4D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{A737CFB2-AAE9-4461-8625-39952AB722AE}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{A7473AE4-5ABB-4A52-A934-0BB43E7E02F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C6A6838B-6275-46E3-978D-2F661C6FF228}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C9ACA28E-DDE7-4A00-9843-1CD5BCD5C66C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{CC3B5DFE-FE42-47F0-BD63-507928729D60}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{CD27DEF1-B01D-4F5B-881A-6CC9DEC0836D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CF95D667-0C63-4B72-8856-50C1298F3BF5}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{D04FC068-4882-4640-A78F-9C14D3706895}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DE1D34C9-DE61-4AF7-89E0-CEC5C2A7EF03}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E19309FA-D981-4BFA-9E02-DE4F46EAA846}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{E62A2600-2962-4814-BB2E-87D5C86DA525}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{E7AF5B55-8248-4132-96FA-A5FF0D8FC9E7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E7D24B76-375C-4146-9E52-C8E85644F0EF}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{EADA1C34-B58A-4F88-9B69-8336FCC67DC4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EB13796E-AC28-4236-80AB-B02EEE4A7F40}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F0759104-98C8-48BB-8A4B-324072320741}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F726BD60-5376-4F97-BDE1-2B1D0BADECB3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{FC94A511-89CF-48A6-936C-001A76A5490E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03FD5E72-273A-488F-B353-9E95BF2FF0E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{0BC37EB9-5AC3-436A-90D8-5CCB0984ABA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{0BFE5EE7-CFB4-4E4C-AD9C-1490E7BECE54}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{0D7723B6-6CD9-4E1B-ACC8-0068771FDF53}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{1343B8B6-58B0-41D7-BF72-A40785D9A271}" = protocol=17 | dir=in | app=c:\program files\roxio\digital home 10\roxioupnpservice10.exe |
    "{1CCF2786-842A-4D18-8E56-309170B95073}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{1DAF1323-2995-4752-A8A0-A0E7ACF98620}" = protocol=17 | dir=in | app=c:\program files\roxio\digital home 10\roxioupnpservice10.exe |
    "{1FDA763F-5382-4D50-AD1F-290B05D927B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{23FEC879-11D2-491E-86FF-A2F9AF0D49E2}" = protocol=17 | dir=in | app=c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe |
    "{2C7A9DE5-56D5-4137-81AF-FEC139C57BA4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{2CB98344-FD69-42F8-AEA4-95B021377ADB}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
    "{2D41B30C-A44B-442D-88F9-22A5DCAC5ABE}" = protocol=6 | dir=in | app=c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe |
    "{2ECCC785-DD8F-474D-8EDC-7B308A339A42}" = protocol=17 | dir=in | app=c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe |
    "{379F6392-5C37-43D4-9E25-F5579C4246C2}" = protocol=17 | dir=in | app=c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe |
    "{3A8CB746-421E-4809-8A94-6CF14551BD36}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{41C1B19C-3643-4F09-831E-3FE496C689BC}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 10\programs\pmsregisterfile.exe |
    "{43C3DAA5-AC9D-428B-AB56-75793849DCBE}" = protocol=6 | dir=out | app=system |
    "{456F0066-CEF6-4F55-BFA4-7834C91712D6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{46374AA3-A5A0-4E60-B608-25B22997DE70}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{467AA821-A178-446F-907B-AA6AE8D3346A}" = protocol=6 | dir=out | app=system |
    "{49458302-4415-4FB7-B488-00FF4E1B3D27}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{499FE795-653A-404B-B77B-9F4EAD2EBFF1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{4B83154C-0682-4F0B-A45B-1F18F7B33CE0}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{51A4B50A-05FD-40D2-85C6-F1E1905E50B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{51D4BC83-DA09-4BB9-A752-D59A182E81F6}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
    "{53BF4EE2-D3F0-460E-BF57-22D47BD4503B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{53EB8557-CA0C-4AA4-9AF5-76E9C576939A}" = protocol=17 | dir=in | app=c:\program files\roxio\digital home 10\roxioupnprenderer10.exe |
    "{5996B4E7-57F2-4445-9B59-640B050D22B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5AA25C1A-9F84-4797-88FB-2D808FC17AF3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{5E4155F6-5B82-45A5-B1D4-7E13D6CCEEC7}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
    "{6A16F458-D3FD-40FE-AECE-B6542CD8D93C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 10\programs\umi.exe |
    "{6C472D7B-C1A0-4A8B-AC6C-E7CB7BCB0556}" = protocol=17 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |
    "{6E4F7BC8-1332-44C8-935C-D32362B516D8}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.dll |
    "{6ED4D756-212C-4778-9D14-25E1E8BF958B}" = protocol=6 | dir=in | app=c:\program files\roxio\digital home 10\roxioupnprenderer10.exe |
    "{6F9D34B2-B502-4EAC-B166-4D233DFFAD88}" = protocol=6 | dir=out | app=system |
    "{7051913A-4D23-47D8-BDE5-41A8589100C5}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
    "{739F8EB0-B636-4C30-95A1-9308FE50A62F}" = protocol=6 | dir=in | app=c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe |
    "{78A76EF1-C003-4C16-9BCC-B5700400C978}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 10\programs\rm.exe |
    "{82C5E88B-F181-4417-82C5-8618AA3199D5}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
    "{84210697-4E81-4759-A293-F7002635B926}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{84FC653C-E5BB-4D58-9170-1DCD9FF3ECD9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{85050E8B-5FF1-4E20-A4BF-9D494BC66C1B}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
    "{868A98C4-8010-4A23-AB49-BCCAB4AFA7F8}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.dll |
    "{8701DFE1-45C5-44A1-A6E1-72CA01FDF247}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{87B0DAB8-25DA-43AB-BFC3-646F413AED77}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
    "{907025F9-4076-48B1-A1C6-70D089A05397}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
    "{91A0D92E-AC56-43CB-BB16-AFC590F3F765}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{93ECBCC1-BA9C-4202-AE2E-B6BAFB02B384}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
    "{953156DA-4440-41AF-8608-C4937EDCA99D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{9AC3E7E2-ECD9-4A02-9EDC-96E58DA48C27}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{9AE4B073-E05F-4E7A-8DA0-0E3381E27C70}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{9EF3DB9E-F0A8-4B58-9E6C-D4A6DF8A9EF3}" = protocol=6 | dir=in | app=c:\program files\roxio\digital home 10\roxioupnprenderer10.exe |
    "{A466014A-860E-4803-868B-9266D87D2A23}" = protocol=6 | dir=in | app=c:\program files\roxio\digital home 10\roxioupnpservice10.exe |
    "{A4CF2F54-E0A9-467E-A10F-E390DF5C4594}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 10\programs\studio.exe |
    "{A5972EC6-F28C-4C98-9582-E9A3CE6C8C2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A86F6848-732D-4AAF-9B2C-8FE0AA5B8662}" = protocol=6 | dir=out | app=system |
    "{AFA92881-DF1C-45CD-8FF1-6CF6FFF6EBDB}" = protocol=17 | dir=in | app=c:\program files\roxio\digital home 10\roxioupnpservice10.exe |
    "{B3B6F03B-7229-4752-B0C5-7D78890AC461}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
    "{B4D31F3C-238E-4A5B-A2E8-5C7E7A829750}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{B6EF933F-4758-4614-9949-FFB0CE935FB2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{BA47B61B-6A4C-43DB-8E7A-3F9E8FD4F466}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
    "{BE513763-ADA8-4166-9259-1D0D76B5178B}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 10\programs\rm.exe |
    "{BED40899-41AE-454D-A934-6685D183002C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
    "{BFEB84FC-083E-4B51-89C9-AAD4CFB8F128}" = protocol=6 | dir=out | app=system |
    "{C06E8A8C-24FA-438D-BCF8-458FC89DE157}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{C25DB5EF-54E9-4D94-B91C-FA575363D5CA}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 10\programs\studio.exe |
    "{CD283F75-5102-45F3-8F60-95649BFACDAF}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{D02194BA-ABED-43B7-A8D5-A8E72F47FE97}" = protocol=6 | dir=in | app=c:\program files\roxio\digital home 10\roxioupnpservice10.exe |
    "{D140EBF0-1341-4C65-998D-087BBFB8CE0A}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
    "{D1F1B65C-D4F7-4040-A23E-20FB83F67762}" = protocol=6 | dir=out | app=system |
    "{D5E997FD-C2B6-4C87-ACDB-5F29E6251D18}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{DCA1D227-5DF6-4348-B836-CF760C235B77}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
    "{E5804615-1199-4B6A-9EE3-FDC142D722AE}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
    "{F1AF71A8-5DBD-4E6D-A648-E89A673E719C}" = protocol=6 | dir=in | app=c:\program files\roxio\digital home 10\roxioupnpservice10.exe |
    "{F2A69896-3318-4198-AA97-C8A71CE4DE2C}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
    "{F3C39E36-E7F4-495F-B902-0EA471EECDF2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{F40A6641-1B3E-4744-9161-A15005D5FDF6}" = protocol=17 | dir=in | app=c:\program files\roxio\digital home 10\roxioupnprenderer10.exe |
    "{F801EF96-448E-46CC-9EBC-917D609D6A63}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{F829267D-F445-4F24-A666-0DCC783BB52C}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 10\programs\pmsregisterfile.exe |
    "{F8A24608-45B3-4E68-B986-DEC3591B2808}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
    "{F8F05C24-B33C-4E94-ACA1-66EBB487B9E0}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 10\programs\umi.exe |
    "{FCCBF37A-1CFA-4B11-927F-35183BB212C5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{FCF53428-82B3-4973-95DC-3761E9CC43F2}" = protocol=6 | dir=in | app=c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe |
    "{FD791C01-09FB-40F9-A205-AF58C55FE78F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{FDB38BF3-432B-40C0-A00D-CDD5027181C2}" = protocol=6 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |
    "{FECC87AB-65C4-4E7C-9870-A4C89E35220E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "TCP Query User{47979139-70A4-4A39-BAFE-8BA0F854E1E3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{4C515785-C349-40E4-8660-D4462D5AF4A3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "TCP Query User{5383F590-75A1-4866-B4FB-175385430595}C:\program files\pinnacle\studio 10\programs\studio.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 10\programs\studio.exe |
    "TCP Query User{97F28B83-26E9-4542-8E5B-DA6778E8C80D}C:\program files\verizon\verizon media manager\release\verizon media manager.exe" = protocol=6 | dir=in | app=c:\program files\verizon\verizon media manager\release\verizon media manager.exe |
    "UDP Query User{3437124A-267A-4551-9F60-0FDDC223DFA9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{96A4CCF4-EDBA-4DB0-94AE-5A6751BE9380}C:\program files\verizon\verizon media manager\release\verizon media manager.exe" = protocol=17 | dir=in | app=c:\program files\verizon\verizon media manager\release\verizon media manager.exe |
    "UDP Query User{E72A0FC3-52F2-48A2-8752-2E3EC234506E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "UDP Query User{F9582E48-0A31-4900-A825-045033E76D27}C:\program files\pinnacle\studio 10\programs\studio.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 10\programs\studio.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA ForceWare Multimedia
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
    "{0F052922-4BCE-4763-A540-00857554336D}" = Redist
    "{12A3AF78-CBB5-484B-AE87-927C4DE6B9A8}" = Garmin City Navigator North America NT 2011.10 Update
    "{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
    "{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
    "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
    "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1AAE4354-EE96-4414-B5A5-726162E60700}" = Berlitz Learning System - Italian
    "{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20CFBF87-73BD-4EC5-80B4-9C894126BD14}" = TurboTax 2008 wvaiper
    "{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server Connector
    "{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
    "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{311C9C43-C4E2-442C-BCB4-D86DB2BF81D1}" = MemoriesOnTV
    "{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
    "{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
    "{3D29DFC0-EAA2-012B-AED3-000000000000}" = TurboTax 2009 wvaiper
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{3E67A8DA-FE7B-4160-8465-F5571EA18753}" = Roxio Disc Gallery
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
    "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
    "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator
    "{53CDAAAB-6D41-4A36-BAA4-90261DE31B13}" = NetZero For Cosmi
    "{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
    "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
    "{59716973-C123-4B46-B44B-36FCD9CEB8A3}" = Print Artist 22 Platinum
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
    "{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69EB5C18-1222-41F1-8C75-69B5F55F4321}" = Garmin Lifetime Updater
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
    "{6F50C41C-6CFB-49E1-AF91-E1AACDE24FBA}" = Garmin City Navigator North America NT 2012.30 Update
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{71DFAA65-77FA-41F3-A748-013B5A8524A3}" = Garmin City Navigator North America NT 2010.30
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
    "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
    "{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
    "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
    "{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
    "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{789FC4C2-7DEE-4dc0-9E12-9A013AE80C8E}" = 3300
    "{78AE804E-C0CD-4E81-8C3B-63061742800D}" = Multimedia Bible and Christian References
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
    "{7B1FF9C5-ABDE-4D1B-BE70-DF6A4A546131}" = Hallmark Card Studio Trial Edition 2009
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
    "{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
    "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
    "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
    "{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
    "{964D07BE-460C-4862-B59C-49575B8F46DC}" = Google SketchUp Pro 8
    "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
    "{9A9A1828-31D1-4590-A99F-022B7237AFAE}" = Roxio MediaShare
    "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
    "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
    "{A0724A7E-F4E7-498e-B3F9-6FB2B909E56E}" = 3100_3200_3300_Help
    "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
    "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
    "{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
    "{A6A9D7C4-1E5B-42FD-98F5-E067A942AEE1}" = AQUAZONE "Virtual Aquarium Collection"
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{A9FE08B0-7804-43FF-8B90-04EEC285FFF6}" = Microsoft Office Live Add-in Patches
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
    "{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
    "{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
    "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
    "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
    "{B986E497-3E38-4361-9F35-3FEC4F7FF771}" = Berlitz Before You Know It Flash Cards
    "{BB830F9E-53B3-492F-B39C-2DF615D1C9E1}" = TurboTax 2010 wvaiper
    "{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
    "{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}" = Roxio Easy Media Creator 10 Suite
    "{C33F3EF6-3625-4FE5-BCBA-41361C99AF1D}" = Camera Assistant Software for ViewSonic
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
    "{C716522C-3731-4667-8579-40B098294500}" = Toolbox
    "{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
    "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater
    "{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D5B3C1B7-37C2-47B0-B6DD-EC53D3FB3B01}" = HP MediaSmart Server
    "{D6F2C4FD-149A-4BA0-A95D-2A80F10EE751}" = OverDrive Media Console
    "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
    "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0A43EF2-46A5-4de2-916A-C515D8AA1618}" = 3100_3200_3300trb
    "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
    "{E5538179-A892-499A-B7AA-8D7074EB203B}" = Vz In Home Agent
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
    "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
    "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
    "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
    "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F19F7B24-AAD4-4236-8475-5335483DA676}" = Avery Wizard 3.1
    "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
    "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows Vista Signed Files
    "{FCC3BD6A-F118-475D-8748-7EE08EA0AF56}" = HDView for Internet Explorer
    "{FD727056-F0C4-4811-9688-9EBF450D22C4}" = AXIS Media Control Embedded Installer
    "{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
    "{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
    "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
    "{FF1482CF-D19B-44DD-B887-9698CB51DFD5}" = Studio 10.8 Patch
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "Adobe Acrobat 4.0" = Adobe Acrobat 4.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
    "AOL Radio Toolbar" = AOL Radio Toolbar
    "Audit Support Center" = Audit Support Center 1.0
    "AXIS Media Control Embedded" = AXIS Media Control Embedded
    "Cucusoft DVD to Zune + Zune Video Converter Suite_is1" = Cucusoft DVD to Zune + Zune Video Converter Suite 8.2.8.2
    "Digital Editions" = Adobe Digital Editions
    "Google Chrome" = Google Chrome
    "Google Updater" = Google Updater
    "HECI" = Intel(R) Management Engine Interface
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Imaging Device Functions" = HP Imaging Device Functions 8.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
    "HPExtendedCapabilities" = HP Customer Participation Program 8.0
    "HPOCR" = HP OCR Software 8.0
    "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "InstallShield_{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Wizard 3.1
    "johnqtv1 Toolbar" = johnqtv1 Toolbar
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Money2008b" = Microsoft Money Plus
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "PDF-File Converter" = PDF-File Converter
    "PROSetDX" = Intel(R) PRO Network Connections 12.1.12.0
    "Quicken WillMaker Plus 2007" = Quicken WillMaker Plus 2007
    "RadialpointClientGateway_is1" = Verizon Servicepoint 3.7.44
    "Shop for HP Supplies" = Shop for HP Supplies
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "SystemRequirementsLab" = System Requirements Lab
    "TurboTax 2008" = TurboTax 2008
    "TurboTax 2009" = TurboTax 2009
    "TurboTax 2010" = TurboTax 2010
    "TurboTax Deluxe 2007" = TurboTax Deluxe 2007
    "Verizon FiOS Activation_is1" = Verizon FiOS Activation
    "Verizon Media Manager" = Verizon Media Manager
    "WinLiveSuite" = Windows Live Essentials
    "Yahoo! Applications" = Verizon Yahoo! Applications
    "Yahoo! Software Update" = Yahoo! Software Update
    "Zune" = Zune
     
  23. res0jh1y2

    res0jh1y2 TS Rookie Topic Starter Posts: 24

    Extras Log part 2 of 2

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4021511835-731674042-3818716740-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "AOL Radio Toolbar" = AOL Radio Toolbar
    "GoToMeeting" = GoToMeeting 4.5.0.457
    "HuluDesktop" = Hulu Desktop
    "MusicManager" = Music Manager
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/27/2011 9:55:22 PM | Computer Name = OWNER-PC-Den | Source = MsiInstaller | ID = 1023
    Description =

    Error - 12/29/2011 8:04:28 PM | Computer Name = OWNER-PC-Den | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
    0x4d76255d, faulting module Flash10w.ocx, version 10.3.183.7, time stamp 0x4e52e8e0,
    exception code 0xc0000005, fault offset 0x000ba050, process id 0xb04, application
    start time 0x01ccc63ca0159b1b.

    Error - 12/30/2011 9:37:30 AM | Computer Name = OWNER-PC-Den | Source = Application Error | ID = 1000
    Description = Faulting application msnmsgr.exe, version 15.4.3538.513, time stamp
    0x4dcdb2b3, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
    exception code 0xc0000374, fault offset 0x000b06fc, process id 0xb5c, application
    start time 0x01ccc6f09f64755b.

    Error - 1/1/2012 6:43:23 PM | Computer Name = OWNER-PC-Den | Source = Application Error | ID = 1000
    Description = Faulting application nvcplui.exe, version 3.9.731.0, time stamp 0x4e991d0e,
    faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
    0xc0000005, fault offset 0x0062fb28, process id 0xee8, application start time 0x01ccc8d6af2a8f60.

    Error - 1/1/2012 8:07:38 PM | Computer Name = OWNER-PC-Den | Source = ESENT | ID = 488
    Description = wlcomm (5796) C:\Users\OWNER\AppData\Local\Microsoft\Windows Live\Contacts\matthew_carpenter6@msn.com\15.4\:
    An attempt to create the file "C:\Users\OWNER\AppData\Local\Microsoft\Windows Live\Contacts\matthew_carpenter6@msn.com\15.4\DBStore\contacts.pat"
    failed with system error 5 (0x00000005): "Access is denied. ". The create file
    operation will fail with error -1032 (0xfffffbf8).

    Error - 1/1/2012 8:07:38 PM | Computer Name = OWNER-PC-Den | Source = ESENT | ID = 217
    Description = wlcomm (5796) C:\Users\OWNER\AppData\Local\Microsoft\Windows Live\Contacts\matthew_carpenter6@msn.com\15.4\:
    Error (-1032) during backup of a database (file C:\Users\OWNER\AppData\Local\Microsoft\Windows
    Live\Contacts\matthew_carpenter6@msn.com\15.4\DBStore\contacts.edb). The database
    will be unable to restore.

    Error - 1/1/2012 8:07:38 PM | Computer Name = OWNER-PC-Den | Source = ESENT | ID = 215
    Description = wlcomm (5796) C:\Users\OWNER\AppData\Local\Microsoft\Windows Live\Contacts\matthew_carpenter6@msn.com\15.4\:
    The backup has been stopped because it was halted by the client or the connection
    with the client failed.

    Error - 1/2/2012 5:26:46 PM | Computer Name = OWNER-PC-Den | Source = EventSystem | ID = 4609
    Description =

    Error - 1/2/2012 8:20:40 PM | Computer Name = OWNER-PC-Den | Source = Application Error | ID = 1000
    Description = Faulting application crppjugr.exe, version 1.0.15.15641, time stamp
    0x4e21f2b1, faulting module crppjugr.exe, version 1.0.15.15641, time stamp 0x4e21f2b1,
    exception code 0xc0000005, fault offset 0x0000c676, process id 0x127c, application
    start time 0x01ccc9ad11fbc952.

    Error - 1/2/2012 8:57:44 PM | Computer Name = OWNER-PC-Den | Source = Perflib | ID = 1010
    Description =

    [ Media Center Events ]
    Error - 4/24/2010 1:01:49 PM | Computer Name = OWNER-PC-Den | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 4/30/2010 3:50:05 PM | Computer Name = OWNER-PC-Den | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 5/1/2010 5:47:36 PM | Computer Name = OWNER-PC-Den | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 5/24/2010 3:11:09 PM | Computer Name = OWNER-PC-Den | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 5/24/2010 4:17:10 PM | Computer Name = OWNER-PC-Den | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 5/28/2010 6:15:24 AM | Computer Name = OWNER-PC-Den | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 5/29/2010 12:11:22 PM | Computer Name = OWNER-PC-Den | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 6/6/2010 12:09:57 PM | Computer Name = OWNER-PC-Den | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 6/12/2010 12:00:24 PM | Computer Name = OWNER-PC-Den | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 8/1/2010 2:27:35 PM | Computer Name = OWNER-PC-Den | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
    try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
    Process: DefaultDomain Object Name: Media Center Guide

    [ System Events ]
    Error - 1/5/2012 11:01:50 PM | Computer Name = OWNER-PC-Den | Source = Service Control Manager | ID = 7009
    Description =

    Error - 1/5/2012 11:01:50 PM | Computer Name = OWNER-PC-Den | Source = Service Control Manager | ID = 7009
    Description =

    Error - 1/5/2012 11:01:50 PM | Computer Name = OWNER-PC-Den | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/5/2012 11:01:50 PM | Computer Name = OWNER-PC-Den | Source = Service Control Manager | ID = 7001
    Description =

    Error - 1/5/2012 11:01:50 PM | Computer Name = OWNER-PC-Den | Source = Service Control Manager | ID = 7026
    Description =

    Error - 1/5/2012 11:02:08 PM | Computer Name = OWNER-PC-Den | Source = ipnathlp | ID = 31004
    Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
    may indicate that the system is low on virtual memory, or that the memory manager
    has encountered an internal error.

    Error - 1/5/2012 11:03:40 PM | Computer Name = OWNER-PC-Den | Source = DCOM | ID = 10005
    Description =

    Error - 1/5/2012 11:03:40 PM | Computer Name = OWNER-PC-Den | Source = Service Control Manager | ID = 7009
    Description =

    Error - 1/5/2012 11:03:40 PM | Computer Name = OWNER-PC-Den | Source = DCOM | ID = 10005
    Description =

    Error - 1/5/2012 11:03:40 PM | Computer Name = OWNER-PC-Den | Source = Service Control Manager | ID = 7009
    Description =


    < End of report >
     
  24. res0jh1y2

    res0jh1y2 TS Rookie Topic Starter Posts: 24

    Clean up and thanks

    Thanks for your help with removing this virus. I assume I can delete the downloaded programs and logs created through this process, correct? Let me know if there is anything else I need to do to clean up my PC.
     
  25. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Any current issues?

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
      SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
      SRV - File not found [Auto | Stopped] -- -- (McciCMService)
      O15 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
      O15 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      O15 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
      O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedopt...zTCPConfig.CAB (Reg Error: Key error.)
      @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Tosci Slideshow.dmss:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Tosci 04162009.dmss:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Slideshow2.dmsm:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Slideshow1.dmsm:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Slideshow0.dmsm:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Slideshow.dmsm:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Silvesto E Giuseppa.jwl:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Path of Daggers 261.wma:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Andrea Del Principe Kylee kate Sargant - Buonanotte Amore.jwl:Roxio EMC Stream
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.