Solved Need help removing System-Check malware virus

res0jh1y2

Posts: 24   +0
Some where my PC became infected with the System-Check malware virus that is giving me false hard drive and RAM hardware failure errors. I takes over my screen with a blank screen and locks out using Task Manager. I am running Vista with Microsoft Essentials security which is up to date but does not find the malware when I do a full scan. I have used the Microsoft malware remover and Malwarebytes' Anti-Malware (ran in Safe mode) which found infections which I removed but they have not removed this System-Check malware virus. I am new to Techspot, below is my log. My GMER and DDS logs were too long to include here.


Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.02.05

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
OWNER :: OWNER-PC-DEN [administrator]

Protection: Disabled

1/2/2012 4:35:51 PM
mbam-log-2012-01-02 (16-35-51).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 434790
Time elapsed: 1 hour(s), 8 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\OWNER\Desktop\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Windows\System32\winexplorer.dll.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.02.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
OWNER :: OWNER-PC-DEN [administrator]

Protection: Enabled

1/2/2012 6:14:04 PM
mbam-log-2012-01-02 (18-14-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215118
Time elapsed: 10 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Logs

1. GMER Log attached, too big to paste.

2. DDS log

3. DDS Attach
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by OWNER at 19:43:29 on 2012-01-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1629 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Camera Assistant Software for ViewSonic\traybar.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\OWNER\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\ProgramData\rojcXnmSQnPTbrc.exe
C:\Program Files\Creative Home\Hallmark Card Studio Trial Edition 2009\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Home Server\esClient.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files\Camera Assistant Software for ViewSonic\CEC_MAIN.exe
C:\Windows\system32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\ProgramData\7eGXsUa44RsITX.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.washingtonpost.com/
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AOL Radio Toolbar Search Class: {69224684-5682-419b-9fe4-ef7946ee3319} - c:\program files\aol radio toolbar\aolradiotb.dll
uURLSearchHooks: johnqtv1 Toolbar: {e413a417-d00b-4a3b-9c17-19048046f1ce} - c:\program files\johnqtv1\tbjohn.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
mURLSearchHooks: AOL Radio Toolbar Search Class: {69224684-5682-419b-9fe4-ef7946ee3319} - c:\program files\aol radio toolbar\aolradiotb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AOL Radio Toolbar Loader: {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - c:\program files\aol radio toolbar\aolradiotb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: johnqtv1 Toolbar: {e413a417-d00b-4a3b-9c17-19048046f1ce} - c:\program files\johnqtv1\tbjohn.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: johnqtv1 Toolbar: {e413a417-d00b-4a3b-9c17-19048046f1ce} - c:\program files\johnqtv1\tbjohn.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: AOL Radio Toolbar: {9167da98-6f9b-46f1-991d-826cae46cab6} - c:\program files\aol radio toolbar\aolradiotb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [MoneyInsights] "c:\program files\microsoft money plus\mnycorefiles\mnyinsit.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MusicManager] "c:\users\owner\appdata\local\programs\google\musicmanager\MusicManager.exe"
uRun: [rojcXnmSQnPTbrc.exe] c:\programdata\rojcXnmSQnPTbrc.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for viewsonic\traybar.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventp~1.lnk - c:\windows\installer\{7b1ff9c5-abde-4d1b-be70-df6a4a546131}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{81920D7E-5609-4616-BCCD-A2BA500F3AA1} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R1 MpKslcea74710;MpKslcea74710;c:\programdata\microsoft\microsoft antimalware\definition updates\{d433473d-0f65-406f-9b60-f8e3dd4b80a2}\MpKslcea74710.sys [2012-1-2 29904]
R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2011-1-10 97136]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-2 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-2 652872]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-12-28 2253120]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2011-3-10 689464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]
R3 DVxplore;NVTV;c:\windows\system32\drivers\DVxplore.sys [2007-9-29 73344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-2 20464]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2010-3-23 1170464]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 239472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-31 135664]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2008-6-23 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-6-23 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-6-23 166384]
S3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2007-9-6 46368]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-24 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-31 135664]
S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\drivers\MarvinAVS.sys [2007-5-9 434176]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2008-6-23 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-6-23 1120752]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
.
=============== Created Last 30 ================
.
2012-01-02 23:36:19 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d433473d-0f65-406f-9b60-f8e3dd4b80a2}\MpKslcea74710.sys
2012-01-02 23:35:57 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d433473d-0f65-406f-9b60-f8e3dd4b80a2}\offreg.dll
2012-01-02 23:35:53 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d433473d-0f65-406f-9b60-f8e3dd4b80a2}\mpengine.dll
2012-01-02 23:09:28 -------- d--h--w- c:\users\owner\appdata\local\{7298B8D8-C1FB-4AF3-B595-D9CF9287E74D}
2012-01-02 23:09:04 -------- d--h--w- c:\users\owner\appdata\local\{3DDB63DB-EB9A-4F01-B115-78E2C88F20A3}
2012-01-02 21:34:37 -------- d--h--w- c:\users\owner\appdata\roaming\Malwarebytes
2012-01-02 21:34:22 -------- d--h--w- c:\programdata\Malwarebytes
2012-01-02 21:34:21 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-02 21:34:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-02 01:01:34 -------- d--h--w- c:\users\owner\appdata\local\{418E58D4-1348-4FAE-B094-9468DCCF0E5E}
2012-01-02 01:01:13 -------- d--h--w- c:\users\owner\appdata\local\{B7FFD582-75BF-4597-A6F2-4EEB04D6451E}
2012-01-01 18:28:55 366462 ---ha-w- c:\programdata\7eGXsUa44RsITX.exe
2012-01-01 15:52:03 458622 ---ha-w- c:\programdata\rojcXnmSQnPTbrc.exe
2012-01-01 13:00:43 -------- d--h--w- c:\users\owner\appdata\local\{3799A976-DD16-4697-AAFB-E6AF0CE27E56}
2012-01-01 13:00:21 -------- d--h--w- c:\users\owner\appdata\local\{F0F78033-C146-405C-9F9D-A89066AD9605}
2011-12-31 15:38:20 -------- d--h--w- c:\users\owner\appdata\local\{CB731A8F-7714-42A8-91BE-D1EE7C943516}
2011-12-31 15:37:52 -------- d--h--w- c:\users\owner\appdata\local\{D17A7992-834E-4D0A-A026-7FCA624949DC}
2011-12-31 00:45:26 -------- d--h--w- c:\users\owner\appdata\local\{0E15062F-3981-40A8-8AD9-A02FC52BB1B1}
2011-12-31 00:45:04 -------- d--h--w- c:\users\owner\appdata\local\{04CDFF29-AC6B-40BE-9C28-13AE5CE57F1F}
2011-12-30 13:20:05 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-12-30 13:20:05 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-12-30 13:20:05 61248 ----a-w- c:\windows\system32\OpenCL.dll
2011-12-30 13:20:05 18871616 ----a-w- c:\windows\system32\nvoglv32.dll
2011-12-30 13:20:05 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-12-30 13:20:04 5578560 ----a-w- c:\windows\system32\nvcuda.dll
2011-12-30 13:20:04 2401088 ----a-w- c:\windows\system32\nvcuvid.dll
2011-12-30 13:20:04 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-12-30 13:20:04 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-12-30 12:44:40 -------- d--h--w- c:\users\owner\appdata\local\{008C5F84-D810-4062-BB93-E2E3D6EA94C4}
2011-12-30 12:44:30 -------- d--h--w- c:\users\owner\appdata\local\{8B3DD721-61BF-4C9A-9154-7702642CE903}
2011-12-29 15:07:57 -------- d--h--w- c:\users\owner\appdata\local\{3C309ADD-8A53-4547-A842-2AFD25B103EA}
2011-12-29 15:07:38 -------- d--h--w- c:\users\owner\appdata\local\{2F8E11C8-D6E2-4B3F-92F0-5BCE7AEE3694}
2011-12-29 01:54:20 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-12-29 01:54:18 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-12-29 01:48:59 -------- d-----w- c:\windows\system32\drivers\umdf\nl-NL
2011-12-29 01:48:55 -------- d-----w- c:\windows\system32\drivers\umdf\it-IT
2011-12-29 01:48:52 -------- d-----w- c:\windows\system32\drivers\umdf\de-DE
2011-12-29 01:48:48 -------- d-----w- c:\windows\system32\drivers\umdf\fr-FR
2011-12-29 01:48:44 -------- d-----w- c:\windows\system32\drivers\umdf\es-ES
2011-12-28 14:35:47 -------- d--h--w- c:\users\owner\appdata\local\{7F7F0E3E-7D31-41F5-9C67-62177DF216BF}
2011-12-28 14:35:26 -------- d--h--w- c:\users\owner\appdata\local\{EFC84986-05D8-4D1F-A9AD-D89F26DC3E9B}
2011-12-28 00:27:34 -------- d--h--w- c:\users\owner\appdata\local\{6ABA2B91-8FC8-496B-A1DD-2CFCD6667657}
2011-12-28 00:27:13 -------- d--h--w- c:\users\owner\appdata\local\{2D99B19E-9AF2-4EB9-8B4C-372C3756AAD4}
2011-12-27 12:26:59 -------- d--h--w- c:\users\owner\appdata\local\{E0082879-7A31-4211-87B5-70FB68931B3E}
2011-12-27 12:26:34 -------- d--h--w- c:\users\owner\appdata\local\{E8793C07-5B7A-4BE8-A314-AE7429B6816D}
2011-12-26 21:12:25 -------- d--h--w- c:\users\owner\appdata\local\{9607B1CC-472C-4E23-8B18-CF7F6934314E}
2011-12-26 21:12:09 -------- d--h--w- c:\users\owner\appdata\local\{15AAF5A9-F8B3-4757-B0D1-8D0FAA8CABCF}
2011-12-23 13:45:43 -------- d--h--w- c:\users\owner\appdata\local\{3A082929-01A2-4F19-BE6D-62013731A2F1}
2011-12-23 13:45:19 -------- d--h--w- c:\users\owner\appdata\local\{C2536868-B2E9-4A5B-BD59-D009E562A8B9}
2011-12-22 22:39:55 -------- d--h--w- c:\users\owner\appdata\local\{3C2FD598-EF72-49E9-ADA7-D0A4DD06B84C}
2011-12-22 22:39:41 -------- d--h--w- c:\users\owner\appdata\local\{20BA3FC1-F841-412C-8D2F-A76CA6E6A8D9}
2011-12-21 23:11:51 -------- d--h--w- c:\users\owner\appdata\local\{7AF92889-7DD8-4E9A-AAAD-71E69F84E710}
2011-12-21 23:11:29 -------- d--h--w- c:\users\owner\appdata\local\{B5AA8C0F-E017-4728-812E-CD0E426593B9}
2011-12-21 11:11:01 -------- d--h--w- c:\users\owner\appdata\local\{90F8E8DF-E2CE-44FE-A1E1-980B3B710C04}
2011-12-21 11:10:43 -------- d--h--w- c:\users\owner\appdata\local\{4026FEBA-291A-4C51-AFA2-49C41C4ED3C1}
2011-12-19 15:16:54 -------- d--h--w- c:\users\owner\appdata\local\{76548B33-D73A-494C-B6F7-E8AA68B05BA4}
2011-12-19 15:16:41 -------- d--h--w- c:\users\owner\appdata\local\{CC925330-7BFA-421B-9816-4B4F9D748AAC}
2011-12-18 22:15:53 -------- d--h--w- c:\users\owner\appdata\local\{65615064-A1EB-400A-9664-F0FAFB1AA476}
2011-12-18 22:15:39 -------- d--h--w- c:\users\owner\appdata\local\{85C4E1B8-1F3D-43F9-A9B3-F3797DF82074}
2011-12-17 22:45:18 -------- d-----w- c:\program files\iPod
2011-12-17 22:45:15 -------- d-----w- c:\program files\iTunes
2011-12-17 11:38:07 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-17 11:38:07 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-17 11:38:06 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-17 11:38:05 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 11:38:03 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-17 11:38:01 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-17 11:37:53 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-17 11:31:32 -------- d--h--w- c:\users\owner\appdata\local\{0BCDEFBC-4B83-450C-AE1E-76D3B1B4ECF1}
2011-12-17 11:31:20 -------- d--h--w- c:\users\owner\appdata\local\{77E37575-15D1-4DE6-AEB3-C32E983FB55C}
2011-12-11 15:00:33 -------- d--h--w- c:\users\owner\appdata\local\{0D3C7A68-D8C3-4946-B311-4A6525A98379}
2011-12-11 15:00:06 -------- d--h--w- c:\users\owner\appdata\local\{108E2AE0-100C-48FF-B71F-10EB24388C35}
2011-12-04 20:38:31 -------- d--h--w- c:\users\owner\appdata\local\Programs
2011-12-04 17:48:57 -------- d--h--w- c:\users\owner\appdata\local\{F58FF0C0-AB62-4B1E-9931-28FDE618A3E4}
2011-12-04 17:48:32 -------- d--h--w- c:\users\owner\appdata\local\{EFD557A4-C050-489E-9329-5DD59461EC13}
.
==================== Find3M ====================
.
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-15 08:53:00 7041856 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-10-15 08:53:00 6350144 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53:00 3840320 ----a-w- c:\windows\system32\nvsvc.dll
2011-10-15 08:53:00 2458432 ----a-w- c:\windows\system32\nvapi.dll
2011-10-15 08:53:00 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53:00 13205312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-10-15 08:53:00 123712 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53:00 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 05:54:52 321856 ----a-w- c:\windows\system32\nvStreaming.exe
2002-07-26 23:02:06 153088 ----a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 19:44:01.00 ===============
 

Attachments

  • DDS.txt
    25 KB · Views: 4
  • Attach.txt
    18.4 KB · Views: 1
  • GMER log.txt
    135.5 KB · Views: 1
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================================

As out forum rules say...
All logs have to be pasted.
Split longer logs between several replies if needed.
 
Attach Log

Thank-you for your help. Here is the Attach Log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/29/2007 9:11:54 AM
System Uptime: 1/2/2012 6:30:47 PM (1 hours ago)
.
Motherboard: Intel Corporation | | DG33BU
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | J1PR | 2664/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 60.666 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart 3300 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart 3300 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
3100_3200_3300_Help
3100_3200_3300trb
32 Bit HP CIO Components Installer
3300
Adobe Acrobat 4.0
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Reader 8.3.1
Adobe® Photoshop® Album Starter Edition 3.2
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AOL Radio Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AQUAZONE "Virtual Aquarium Collection"
Audit Support Center 1.0
Avery Wizard 3.1
AXIS Media Control Embedded
AXIS Media Control Embedded Installer
Berlitz Before You Know It Flash Cards
Berlitz Learning System - Italian
Bing Bar
Bing Rewards Client Installer
Bonjour
BufferChm
Camera Assistant Software for ViewSonic
Chinese Simplified Fonts Support For Adobe Reader 8
Copy
Cucusoft DVD to Zune + Zune Video Converter Suite 8.2.8.2
CustomerResearchQFolder
D3DX10
Destinations
DeviceManagementQFolder
DirectXInstallService
DivX Content Uploader
DivX Web Player
DocProc
DocProcQFolder
Download Updater (AOL LLC)
EMC 10 Content
eSupportQFolder
Fax
Form Fill (Windows Live Toolbar)
Garmin City Navigator North America NT 2010.30
Garmin City Navigator North America NT 2011.10 Update
Garmin City Navigator North America NT 2012.30 Update
Garmin Communicator Plugin
Garmin Lifetime Updater
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth
Google SketchUp Pro 8
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToMeeting 4.5.0.457
Hallmark Card Studio Trial Edition 2009
HDView for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP MediaSmart Server
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Product Assistant
HP Product Detection
HP Solution Center 8.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Hulu Desktop
iCloud
Intel(R) Management Engine Interface
Intel(R) PRO Network Connections 12.1.12.0
iTunes
Japanese Fonts Support For Adobe Reader 8
Java(TM) 6 Update 20
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
johnqtv1 Toolbar
Junk Mail filter update
LightScribe 1.4.124.1
Malwarebytes Anti-Malware version 1.60.0.1800
Map Button (Windows Live Toolbar)
MarketResearch
MemoriesOnTV
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft IntelliPoint 6.2
Microsoft IntelliType Pro 6.1
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Live Add-in Patches
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser (KB973685)
Multimedia Bible and Christian References
Music Manager
neroxml
NetDeviceManager
NetZero For Cosmi
NVIDIA 3D Vision Controller Driver 285.62
NVIDIA 3D Vision Driver 285.62
NVIDIA Control Panel 285.62
NVIDIA ForceWare Multimedia
NVIDIA Graphics Driver 285.62
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.5.20
NVIDIA Update Components
OGA Notifier 2.0.0048.0
OverDrive Media Console
PDF-File Converter
Print Artist 22 Platinum
PVSonyDll
Quicken 2010
Quicken WillMaker Plus 2007
QuickTime
Realtek High Definition Audio Driver
Redist
Rhapsody Player Engine
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Disc Gallery
Roxio Easy Media Creator
Roxio Easy Media Creator 10 Suite
Roxio File Backup
Roxio MediaShare
Roxio Update Manager
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Segoe UI
Shipping Assistant 3.6
Shop for HP Supplies
Skype Toolbars
Skype™ 5.1
Smart Menus (Windows Live Toolbar)
SmartSound Quicktracks Plugin
SolutionCenter
Status
Studio 10
Studio 10.8 Patch
System Requirements Lab
Toolbox
TrayApp
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2008 wvaiper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2009 wvaiper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2010 wvaiper
TurboTax Deluxe 2007
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon FiOS Activation
Verizon Media Manager
Verizon Servicepoint 3.7.44
Verizon Yahoo! Applications
ViewSonic Windows Vista Signed Files
Virtual Earth 3D (Beta)
Vz In Home Agent
WebReg
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Home Server Connector
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Updater Component
Yahoo! BrowserPlus 2.9.8
Yahoo! Software Update
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
12/31/2011 10:37:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/28/2011 8:52:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/27/2011 8:55:23 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2572067).
12/27/2011 7:26:18 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/2/2012 6:33:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Center Scheduler Service service to connect.
1/2/2012 6:33:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Center Receiver Service service to connect.
1/2/2012 6:33:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service ehSched with arguments "-Service" in order to run the server: {4B635ECB-0887-4015-8CA6-D621362F98D1}
1/2/2012 6:33:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service ehRecvr with arguments "-Service" in order to run the server: {F4396DC6-E851-4D3A-8D01-34E6949F3500}
1/2/2012 6:32:17 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
1/2/2012 6:32:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
1/2/2012 6:32:06 PM, Error: Service Control Manager [7001] - The Windows Media Center TV Archive Transfer Service service depends on the Windows Media Center Receiver Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
1/2/2012 6:32:06 PM, Error: Service Control Manager [7000] - The McciCMService service failed to start due to the following error: The system cannot find the path specified.
1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 68.48.240.75:6331. The error status code is contained within the returned data.
1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.100.11:6331. The error status code is contained within the returned data.
1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.5:63331. The error status code is contained within the returned data.
1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.4:63331. The error status code is contained within the returned data.
1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.3:63331. The error status code is contained within the returned data.
1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.2:63331. The error status code is contained within the returned data.
1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.0.8:63331. The error status code is contained within the returned data.
1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.0.8:6331. The error status code is contained within the returned data.
1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.0.3:63331. The error status code is contained within the returned data.
1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.0.2:63331. The error status code is contained within the returned data.
1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.175.184:63331. The error status code is contained within the returned data.
1/2/2012 6:31:31 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.132.28:63331. The error status code is contained within the returned data.
1/2/2012 6:13:28 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/2/2012 4:28:40 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2012 4:26:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt MpFilter PCLEPCI spldr Wanarpv6
1/2/2012 4:26:56 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2012 4:26:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/2/2012 4:26:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/2/2012 4:26:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/2/2012 4:26:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/2/2012 4:26:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/1/2012 7:58:56 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Quicken PDF Printer with shared resource name Quicken PDF Printer. Error 2114. The printer cannot be used by others on the network.
1/1/2012 7:58:56 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Photosmart 3300 series (USB) with shared resource name HP Photosmart 3300 series (Copy 1). Error 2114. The printer cannot be used by others on the network.
1/1/2012 6:08:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/1/2012 5:35:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
1/1/2012 5:35:18 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
GMER Log part 1 of 3

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-02 22:20:51
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD5000AAKS-00TMA0 rev.12.01C01
Running: crppjugr.exe; Driver: C:\Users\OWNER\AppData\Local\Temp\kgloafoc.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\OWNER\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Camera Assistant Software for ViewSonic\CEC_MAIN.exe[1636] ntdll.dll!DbgBreakPoint 77CC884E 1 Byte [90]
.text C:\ProgramData\7eGXsUa44RsITX.exe[3952] explorer.exe 04081C52 2 Bytes [3B, 00] {CMP EAX, [EAX]}
.text C:\ProgramData\7eGXsUa44RsITX.exe[3952] explorer.exe 04081C56 2 Bytes [39, 00] {CMP [EAX], EAX}
.text C:\ProgramData\7eGXsUa44RsITX.exe[3952] explorer.exe 04081C5A 2 Bytes [3B, 00] {CMP EAX, [EAX]}
.text C:\ProgramData\7eGXsUa44RsITX.exe[3952] explorer.exe 04081C5E 2 Bytes [39, 00] {CMP [EAX], EAX}
.text C:\ProgramData\7eGXsUa44RsITX.exe[3952] explorer.exe 04081C62 2 Bytes [39, 00] {CMP [EAX], EAX}
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74B37817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74B8A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74B3BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74B2F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74B375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74B2E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74B68395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74B3DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74B2FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74B2FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74B271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74BBCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74B5C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74B2D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74B26853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74B2687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74B32AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegCloseKey] [77CC7908] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegCreateKeyW] [77CB391E] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegGetValueW] [77CB3EF9] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegOpenKeyExW] [77CC7BA1] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegCreateKeyExW] [77CB41F1] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegSetValueExW] [77CB3D5A] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegQueryValueExW] [77CC765E] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!GetLengthSid] [77CBE2FA] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!GetTokenInformation] [77CC8069] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!OpenProcessToken] [77CC7DDC] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!GetUserNameW] [77CA31D8] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegDeleteValueW] [77CA3FB6] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegEnumKeyExW] [77CC7F52] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegQueryInfoKeyW] [77CB48B4] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegOpenKeyW] [77CBE2B5] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegEnumKeyW] [77CC80C3] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!RegEnumValueW] [77CA9850] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!CloseServiceHandle] [77CA82A5] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!OpenServiceW] [77CA8354] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!OpenSCManagerW] [77CA7137] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!QueryServiceStatus] [77CA842C] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!CheckTokenMembership] [77CB58A1] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!ConvertStringSecurityDescriptorToSecurityDescriptorW] [77CA4611] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!OpenThreadToken] [77CC779D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!ConvertSidToStringSidW] [77CA9017] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!StartServiceW] [77CA3E0B] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ADVAPI32.dll!CreateWellKnownSid] [77CBD263] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetSystemTime] [77DF1840] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetFileAttributesW] [77E3D281] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!FindClose] [77E2F255] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!FindNextFileW] [77E1B79E] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!FindFirstFileW] [77E2F00C] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetLocalTime] [77E3D5F4] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetDateFormatW] [77E32DD8] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetTimeFormatW] [77E3324A] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetLocaleInfoW] [77E1A6E3] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!FlushInstructionCache] [77E0A43F] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!RaiseException] [77E2FB56] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetSystemWindowsDirectoryW] [77E34455] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SetLastError] [77E3A640] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!ReadFile] [77E2F02B] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetFileSize] [77E37148] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CreateFileW] [77E3AECB] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!InterlockedCompareExchange] [77E3943C] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!LoadLibraryA] [77E194DC] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SystemTimeToFileTime] [77E3CB31] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [77E36B51] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GlobalGetAtomNameW] [77E0AD4E] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!MultiByteToWideChar] [77E3CCDB] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetEnvironmentVariableW] [77E198CE] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetCurrentProcessId] [77E3A651] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetModuleHandleW] [77E3A804] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!lstrlenW] [77E39A32] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!OpenEventW] [77E0BF97] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SetEvent] [77E3A6B4] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetBinaryTypeW] [77E421D7] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [77DF18C0] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CompareFileTime] [77E17CC2] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GlobalFree] [77E37E13] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetTickCount] [77E39706] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!MulDiv] [77E39460] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetUserDefaultLangID] [77E105E2] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetPrivateProfileIntW] [77DF9D8A] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetCurrentThread] [77E3D006] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetThreadPriority] [77E103DF] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetCurrentThreadId] [77E399F0] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SetThreadPriority] [77E0F8CA] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CompareStringOrdinal] [77E37C30] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!lstrcmpiW] [77E36FDA] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!HeapSetInformation] [77E1A824] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SetErrorMode] [77E3D300] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CreateMutexW] [77E3D555] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!ReleaseMutex] [77E39782] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetTimeZoneInformation] [77E307B7] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SetFilePointer] [77E2FC1D] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SetProcessShutdownParameters] [77DFE8B1] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetSystemDirectoryW] [77E2FAF9] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CreateEventW] [77E3B65E] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SetTermsrvAppInstallMode] [77E86B17] C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!RegisterApplicationRestart] [77E0BD66] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!ExitProcess] [77E341D8] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetModuleFileNameW] [77E3B27E] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetPrivateProfileStringW] [77E08B0C] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!HeapDestroy] [77E0F67A] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetCurrentProcess] [77E3C905] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetProcessHeap] [77E3B68F] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!QueryPerformanceFrequency] [77E0EECB] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetFileAttributesExW] [77E09B95] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!QueueUserWorkItem] [77E09054] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetLongPathNameW] [77E2F333] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetProcessTimes] [77DFBBCE] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!TerminateThread] [77E341F7] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetProcessId] [77E36D9B] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CreateIoCompletionPort] [77E19CB4] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetQueuedCompletionStatus] [77E3D0F5] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetWindowsDirectoryW] [77E344A6] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!FormatMessageW] [77E113D4] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!QueryFullProcessImageNameW] [77E104FF] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GlobalAlloc] [77E37D34] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!DuplicateHandle] [77E33B3F] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetCurrentDirectoryW] [77E1DC12] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!WideCharToMultiByte] [77E3CBF8] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!WriteFile] [77E3A9C1] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!DeactivateActCtx] [77E0C6E5] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!ActivateActCtx] [77E0C691] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!ReleaseActCtx] [77E34163] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CreateActCtxW] [77E0C721] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!FindResourceExW] [77E369FD] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!LoadResource] [77E36ADB] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!LockResource] [77E368DF] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetUserDefaultUILanguage] [77E30723] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!LoadLibraryW] [77E19362] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetProcAddress] [77E3903B] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!FreeLibrary] [77E33DB4] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!WaitForSingleObject] [77E397E0] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CreateProcessW] [77DF1BF3] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetCommandLineW] [77E19C80] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetStartupInfoW] [77DF1929] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CreateThread] [77E3C90E] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!AssignProcessToJobObject] [77DF50C2] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!ResumeThread] [77E0C2D8] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!Sleep] [77DF1C5D] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!QueryInformationJobObject] [77DF32A8] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!LocalAlloc] [77E3ADF9] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!LocalFree] [77E3AD76] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CloseHandle] [77E3AE8D] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!OpenProcess] [77E37267] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SetPriorityClass] [77E08FC9] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetPriorityClass] [77DFAF31] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!CreateJobObjectW] [77DF4907] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SetInformationJobObject] [77DF4874] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetLastError] [77E3A6F9] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!InterlockedDecrement] [77E39414] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!InterlockedIncrement] [77E39400] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!HeapFree] [77E39A12] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!UnhandledExceptionFilter] [77E8FD89] C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!TerminateProcess] [77DF18EF] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!QueryPerformanceCounter] [77E3A660] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!GetModuleHandleA] [77E392A5] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [77E1A84F] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!InterlockedExchange] [77E39428] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!VirtualAlloc] [77E3AD55] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!VirtualFree] [77E340AA] C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [KERNEL32.dll!DelayLoadFailureHook] [77EA93BD] C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetStockObject] [77B659F4] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!CombineRgn] [77B6A156] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetLayout] [77B68010] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!CreatePatternBrush] [77B6973F] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!OffsetViewportOrgEx] [77B6E279] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GdiAlphaBlend] [77B68417] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetTextExtentPoint32W] [77B6C01A] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!ExtTextOutW] [77B6872B] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!SetWindowOrgEx] [77B68ECA] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetPixel] [77B6BE90] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!PatBlt] [77B65D09] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!CreateRectRgn] [77B67F07] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetClipRgn] [77B68BBA] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!IntersectClipRect] [77B68B64] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetViewportOrgEx] [77B690AA] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!SetViewportOrgEx] [77B68E27] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!SelectClipRgn] [77B67AF9] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetBkColor] [77B6A71D] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!CreateCompatibleBitmap] [77B66F60] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!OffsetWindowOrgEx] [77B692B8] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!SetBkColor] [77B66D3A] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetTextExtentPointW] [77B69DE5] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetClipBox] [77B69071] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!CreateDIBSection] [77B67461] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!CreateRectRgnIndirect] [77B68194] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!SetTextColor] [77B6666B] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!SetBkMode] [77B66716] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetTextMetricsW] [77B68A81] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!CreateFontIndirectW] [77B696B9] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!CreateSolidBrush] [77B6664F] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetObjectW] [77B67198] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!DeleteObject] [77B65A37] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
 
GMER Log part 2 of 3

Part 2 of 3
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-02 22:20:51
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD5000AAKS-00TMA0 rev.12.01C01
Running: crppjugr.exe; Driver: C:\Users\OWNER\AppData\Local\Temp\kgloafoc.sys

IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!CreateCompatibleDC] [77B66101] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!SelectObject] [77B662A0] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!BitBlt] [77B670A6] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!DeleteDC] [77B668CD] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [GDI32.dll!GetDeviceCaps] [77B6617F] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetDlgItem] [77D5D472] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!LoadCursorW] [77D5D9D1] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!RegisterClassW] [77D5E1AB] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IsChild] [77D645C0] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetTimer] [77D70BA2] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!MonitorFromRect] [77D61709] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetWindowTextW] [77D69815] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetClassLongW] [77D56C07] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetClassInfoW] [77D67F13] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetClassLongW] [77D68501] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!KillTimer] [77D70AD9] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetClassInfoExW] [77D67DA7] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IsWindowEnabled] [77D65156] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetShellWindow] [77D62032] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetIconInfo] [77D64435] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetScrollInfo] [77D671D8] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetLastActivePopup] [77D80261] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetSystemMenu] [77D61681] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IsIconic] [77D64207] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IsZoomed] [77D64399] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!EnableMenuItem] [77D56E7F] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IsWindowVisible] [77D6878A] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IsWindow] [77D7067B] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!MonitorFromWindow] [77D688D4] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetMonitorInfoW] [77D67D12] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetWindowInfo] [77D6428E] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!BeginDeferWindowPos] [77D64631] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DeferWindowPos] [77D6467F] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!EndDeferWindowPos] [77D64653] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetFocus] [77D63684] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetForegroundWindow] [77D5B8A6] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!LoadMenuW] [77D61412] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetMenuInfo] [77D55951] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetMenuDefaultItem] [77D56E47] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetSubMenu] [77D5BE73] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!TrackPopupMenuEx] [77D80CE7] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!LoadImageW] [77D5C9E5] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!InsertMenuItemW] [77D56F71] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DestroyIcon] [77D6356B] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DeleteMenu] [77D58165] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetMenuItemInfoW] [77D5F311] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetMenuItemInfoW] [77D61EA5] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CharUpperBuffW] [77D66A3D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!PostQuitMessage] [77D680BA] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!LoadStringW] [77D69CCB] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ShutdownBlockReasonCreate] [77D9B8C1] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetWindowLongA] [77D69994] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetWindowLongW] [77D613B4] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!UnregisterDeviceNotification] [77D56713] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!RegisterDeviceNotificationW] [77D560FE] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!RegisterWindowMessageW] [77D5D6AC] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetWindowPos] [77D635E3] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!RegisterClassExW] [77D5DA30] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetDesktopWindow] [77D62314] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!UpdateWindow] [77D622A7] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!InvalidateRect] [77D69062] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!BeginPaint] [77D6A2A3] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!LoadBitmapW] [77D59C71] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetLayeredWindowAttributes] [77D5BDB9] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!EndPaint] [77D6A28F] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ShowWindow] [77D5CA10] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DefWindowProcW] [77D703B4] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!MoveWindow] [77D5989F] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DestroyWindow] [77D67FB6] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!UnregisterClassW] [77D67FDE] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetProcessDPIAware] [77D5CBFA] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!PeekMessageW] [77D7045A] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CreateWindowExW] [77D61305] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DialogBoxParamW] [77D810B0] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!MsgWaitForMultipleObjects] [77D67F3B] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetKeyboardLayout] [77D699F1] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ActivateKeyboardLayout] [77D6478C] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IsProcessDPIAware] [77D63B93] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!PrintWindow] [77D7FF1E] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetDCEx] [77D64D22] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetPropW] [77D71051] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetNextDlgGroupItem] [77D71C12] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetNextDlgTabItem] [77D7279A] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetDlgCtrlID] [77D63F0F] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ChildWindowFromPointEx] [77D7A133] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetCapture] [77D5A986] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetGUIThreadInfo] [77D671C4] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetWindowLongA] [77D5E7CD] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CharUpperW] [77D66B70] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetWindowDC] [77D63BA7] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!RegisterClipboardFormatW] [77D5D6AC] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!UnhookWinEvent] [77D5C06F] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetWinEventHook] [77D59F3A] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ReleaseCapture] [77D830A2] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetUserObjectInformationW] [77D67A5F] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetProcessWindowStation] [77D5D70C] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!FlashWindowEx] [77D7B7F3] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetForegroundWindow] [77D632C4] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!PostMessageW] [77D6A175] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CreatePopupMenu] [77D57AD7] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetWindowThreadProcessId] [77D68F69] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!MsgWaitForMultipleObjectsEx] [77D70FDA] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CharPrevW] [77D69DCF] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CharNextW] [77D60EA7] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DispatchMessageW] [77D7021C] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!TranslateMessage] [77D701AD] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetMessageW] [77D6FEF7] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!EqualRect] [77D6A1F8] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!UnionRect] [77D6A473] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!MapWindowPoints] [77D6A30D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetClientRect] [77D68F0D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!EnumWindows] [77D682FE] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!EndTask] [77D9AD32] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetThreadDesktop] [77D5D6F8] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetThreadDesktop] [77D67A73] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetMenuItemID] [77D83155] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IsHungAppWindow] [77D8078B] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DrawTextW] [77D697D3] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetSysColor] [77D69BF6] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!TrackPopupMenu] [77D714F3] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SendMessageCallbackW] [77D64570] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DeregisterShellHookWindow] [77D97051] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!EndDialog] [77D8326E] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IsDlgButtonChecked] [77D72715] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!LoadIconW] [77D5DA9F] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetSysColorBrush] [77D5E21C] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CloseDesktop] [77D63557] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!OpenInputDesktop] [77D5BCE6] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetActiveWindow] [77D64EF7] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IsRectEmpty] [77D69D9D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetAsyncKeyState] [77D5863C] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!RegisterShellHookWindow] [77D55980] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!FillRect] [77D69865] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetCursorPos] [77D70B88] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetPropW] [77D63DFC] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CopyRect] [77D70D08] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!LockSetForegroundWindow] [77D80030] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!MonitorFromPoint] [77D59C11] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!InflateRect] [77D68D4F] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetClassNameW] [77D5EF2B] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SubtractRect] [77D5CEAA] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!RedrawWindow] [77D6A2E5] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!EnumDisplayMonitors] [77D6844C] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!OffsetRect] [77D70CDF] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!IntersectRect] [77D70D3A] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetWindowRgn] [77D5A221] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetMenuState] [77D833D1] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GhostWindowFromHungWindow] [77D56F5D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!HungWindowFromGhostWindow] [77D64778] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetWindowPlacement] [77D838E3] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!RemovePropW] [77D68726] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SendMessageTimeoutW] [77D6352D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!UnregisterHotKey] [77D5B65E] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!RegisterHotKey] [77D5BDA5] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!InsertMenuW] [77D56C67] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ModifyMenuW] [77D8005A] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ClientToScreen] [77D61769] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ScreenToClient] [77D68C56] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetMenuItemCount] [77D5F138] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetFocus] [77D70B40] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetScrollInfo] [77D5F073] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!InternalGetWindowText] [77D641CB] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetKeyState] [77D68CB1] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ChangeDisplaySettingsW] [77D9AAC2] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetWindowLongW] [77D6F8BF] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!EnumChildWindows] [77D5F9EE] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SendMessageW] [77D70AED] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetWindow] [77D63E3E] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetWindowRect] [77D70E21] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!PtInRect] [77D71020] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetCursor] [77D5D37D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ChildWindowFromPoint] [77D962B2] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetCursorPos] [77D96FB2] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetMessagePos] [77D59071] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!LoadAcceleratorsW] [77D5D050] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!WaitMessage] [77D70733] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!TranslateAcceleratorW] [77D69BAE] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetWindowRgnBox] [77D5EE9D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetActiveWindow] [77D646E3] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!MessageBeep] [77D7E42B] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetWindowPlacement] [77D57963] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetRect] [77D70DBF] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SendNotifyMessageW] [77D593D6] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!UpdateLayeredWindow] [77D57A9E] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetLastInputInfo] [77D689CF] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SendDlgItemMessageW] [77D80E38] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!AllowSetForegroundWindow] [77D59B28] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!RemoveMenu] [77D56C4C] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetParent] [77D5A2AA] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CallWindowProcW] [77D7095E] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!EnableWindow] [77D5CD8B] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetDlgItemInt] [77D79C5D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetDlgItemInt] [77D79B15] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CheckDlgButton] [77D79AE5] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CopyIcon] [77D815DC] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DrawFocusRect]
 
GMER log Part 3 of 4

Part 3 of 4
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-02 22:20:51
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD5000AAKS-00TMA0 rev.12.01C01
Running: crppjugr.exe; Driver: C:\Users\OWNER\AppData\Local\Temp\kgloafoc.sys

IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!NotifyWinEvent] [77D70B4D] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ExitWindowsEx] [77D9B7C3] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DrawEdge] [77D83681] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!WindowFromPoint] [77D5884F] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetDoubleClickTime] [77D5CE80] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetCapture] [77D830AF] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!TrackMouseEvent] [77D58F27] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!LockWorkStation] [77D720B5] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!AppendMenuW] [77D61EF4] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetParent] [77D690AA] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetScrollPos] [77D83602] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SetRectEmpty] [77D63B73] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!AdjustWindowRectEx] [77D60E4A] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!BringWindowToTop] [77D7E3EA] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CascadeWindows] 77DAA4CD
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetSystemMetrics] [77D69AF1] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SystemParametersInfoW] [77D711D8] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!FindWindowW] [77D6A441] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ReleaseDC] [77D69CED] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetDC] [77D69C31] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!DestroyMenu] [77D598C7] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetMenuDefaultItem] [77D56DC7] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!TileWindows] 77DAA771
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!GetAncestor] [77D640B1] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!SwitchToThisWindow] [77D83362] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!CheckMenuItem] [77D563F5] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [USER32.dll!ShowWindowAsync] [77D61FCE] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!memset] 70869860
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_unlock] 70869F69
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_ftol2_sse] 7086B20B
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_except_handler4_common] 70885048
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!__set_app_type] 708717F4
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!memcpy] 70869AC0
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!free] 70869BCA
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!memmove] 7086A048
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!realloc] 7086A509
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!__dllonexit] 7086F8D1
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_lock] 70869F85
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_onexit] 70870D59
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!?terminate@@YAXXZ] 708B2F8E
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_controlfp] 7087097D
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_vsnwprintf] 7086B971
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!malloc] 70869C45
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!__wgetmainargs] 708725BE
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_cexit] 70873D34
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_exit] 708C95EE
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!__p__fmode] 7087179B
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_XcptFilter] 708C3126
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!exit] 70873C08
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_wcmdln] 708FE600
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_initterm] 7086C4E6
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_amsg_exit] 708C961D
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!__setusermatherr] 708F566D
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!_adjust_fdiv] 70901880
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [msvcrt.dll!__p__commode] 70871790
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ntdll.dll!NtOpenThreadToken] 77F34CB4
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ntdll.dll!NtOpenProcessToken] 77F34C44
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ntdll.dll!RtlGetProductInfo] 77EFE49F
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ntdll.dll!NtQueryInformationToken] 77F34E74
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ntdll.dll!NtClose] 77F34314
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ntdll.dll!NtQueryInformationProcess] 77F34E54
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ntdll.dll!NtSetInformationProcess] 77F35324
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ntdll.dll!WinSqmAddToStream] 77EEB68D
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ntdll.dll!NtSetSystemInformation] 77F353E4
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathGetDriveNumberW] 6E7C5941
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathRemoveFileSpecW] 6E7C0075
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHRegGetUSValueW] 6E7A4F59
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrDupW] 6E7C5A7C
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathQuoteSpacesW] 6E7CDEC3
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrChrIW] 6E7BE721
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHRegOpenUSKeyW] 6E7A4BEC
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHRegQueryUSValueW] 6E7A4DFF
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrCmpW] 6E7C0642
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!AssocQueryStringW] 6E7BA03D
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!AssocQueryKeyW] 6E7BA31D
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathParseIconLocationW] 6E7B5454
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathIsPrefixW] 6E7BA568
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathRemoveExtensionW] 6E7B2615
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHOpenRegStream2W] 6E7B13B2
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathFileExistsW] 6E7BB359
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathFindExtensionW] 6E7C0727
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHQueryInfoKeyW] 6E7B71E0
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHDeleteKeyW] 6E7A2B73
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathAppendW] 6E7C04F2
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHDeleteValueW] 6E7A749D
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathRemoveArgsW] 6E7A27A8
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathRemoveBlanksW] 6E7B8249
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrCmpNIW] 6E7BEDF9
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathFindFileNameW] 6E7BED97
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHSetValueW] 6E7A873D
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHGetValueW] 6E7BFE7B
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHCreateThreadRef] 6E7A4B23
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHSetThreadRef] 6E7A4AF8
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathCombineW] 6E7BB3FB
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHRegGetValueW] 6E7BF2EA
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrToIntW] 6E7B6396
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathGetArgsW] 6E7A27E2
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrChrW] 6E7BED6E
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHStrDupW] 6E7C5B37
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrRetToBufW] 6E7C5C57
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrRetToStrW] 6E7C10FD
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrStrIW] 6E7BE7A3
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathMatchSpecW] 6E7B6A76
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathIsRootW] 6E7BB6F0
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathIsNetworkPathW] 6E7BB700
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!SHQueryValueExW] 6E7BFEA5
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!AssocCreate] 6E7BA29A
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrCmpIW] 6E7BE702
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrCmpNW] 6E7C061E
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!StrPBrkW] 6E7A79FE
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathStripToRootW] 6E7B5024
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHLWAPI.dll!PathIsDirectoryW] 6E7B632E
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetDesktopFolder] [76965FEB] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHBindToFolderIDListParent] [76939B4B] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetIDListFromObject] [769413A5] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHCreateShellItemArrayFromIDLists] [76943305] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHCreateItemFromIDList] [76979DAB] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHCreateShellItemArrayFromShellItem] [76901B2D] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHBindToFolderIDListParentEx] [76976270] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHChangeNotify] [769370CD] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHAddToRecentDocs] [768F6939] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!DuplicateIcon] [769A5899] C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!ShellExecuteW] [768F9725] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetPathFromIDListA] [768F94B7] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHUpdateRecycleBinIcon] [768EDA64] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetKnownFolderIDList] [76971372] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetFolderPathEx] [769658CD] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHFileOperationW] [769268D0] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetPathFromIDListW] [76979841] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!ExtractIconExW] [76A63F54] C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetSpecialFolderLocation] [7697911F] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHBindToParent] [76976390] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!Shell_NotifyIconW] [76938626] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetFolderPathAndSubDirW] [7691319B] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!Shell_GetCachedImageIndexW] [769573AC] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetFolderPathW] [7695A041] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHEvaluateSystemCommandTemplate] [76934DFF] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHBindToObject] [7696E0FC] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!ShellExecuteExW] [7694C135] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetSpecialFolderPathW] [7692DAB8] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHParseDisplayName] [769661B8] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [SHELL32.dll!SHGetFolderLocation] [7697835F] C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoTaskMemFree] 72C6AF2E
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoCreateInstance] 72C69EA6
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoRegisterClassObject] 72C27DB6
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoRevokeClassObject] 72C5B099
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoGetClassObject] 72C4FABC
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!OleInitialize] 72C2EE43
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!OleUninitialize] 72C8B87D
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoGetObject] 72CBFCC4
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!StringFromGUID2] 72C69BFA
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoUninitialize] 72C6D271
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoInitialize] 72C5035F
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!RevokeDragDrop] 72C8B99B
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!RegisterDragDrop] 72C2F115
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoRegisterMessageFilter] 72C5278D
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoMarshalInterThreadInterfaceInStream] 72C2F2A5
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoGetInterfaceAndReleaseStream] 72C8AF98
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoTaskMemAlloc] 72C69689
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoCreateFreeThreadedMarshaler] 72C6D076
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!DoDragDrop] 72D02152
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoInitializeEx] 72C6AD63
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CreateBindCtx] 72C6E03E
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!CoFreeUnusedLibraries] 72C674F5
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [ole32.dll!PropVariantClear] 72C6CC5B
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!IsCompositionActive] 6DCE3193
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!IsAppThemed] 6DCE9363
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemeMargins] 6DCE9EF1
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemeRect] 6DCF3105
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!IsThemePartDefined] 6DCEA198
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemeBackgroundRegion] 6DCEE5F0
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!DrawThemeTextEx] 6DCE95A8
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemeFont] 6DCED5AD
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemeColor] 6DCE7BA0
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemeBool] 6DCEB05A
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemeInt] 6DCE7BA0
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!SetWindowTheme] 6DCEDE43
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!DrawThemeText] 6DCE3D2C
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemeTextExtent] 6DCE3281
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!DrawThemeBackground] 6DCE3406
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!CloseThemeData] 6DCE79C0
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!OpenThemeData] 6DCE7CF7
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!DrawThemeParentBackground] 6DCE8DB0
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemePartSize] 6DCE7C2E
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemeMetric] 6DCECCDE
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [UxTheme.dll!GetThemeBackgroundContentRect] 6DCE813E
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] 748A7817
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] 748FA86D
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] 748ABB22
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] 7489F695
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] 748A75E9
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] 7489E7CA
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] 748D8395
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] 748ADA60
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] 7489FFFA
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] 7489FF61
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] 748971CF
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] 7492CAE2
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] 748CC8D8
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] 7489D968
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] 74896853
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] 7489687E
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] 748A2AD1
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [RPCRT4.dll!RpcBindingFree] [77BF2357] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [RPCRT4.dll!RpcStringFreeW] [77BE5396] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [RPCRT4.dll!RpcBindingFromStringBindingW] [77BE58D1] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [RPCRT4.dll!NdrClientCall2] [77C60ACA] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [RPCRT4.dll!RpcStringBindingComposeW] [77BE5CB8] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [RPCRT4.dll!I_RpcExceptionFilter] [77BC4488] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\ProgramData\7eGXsUa44RsITX.exe[3952] @ C:\Windows\explorer.exe [RPCRT4.dll!RpcBindingSetAuthInfoExW] [77BDD915] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [614A9CF2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5788] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [614A9D87] C:\Program Files\Yahoo!\Messenger\yui.dll
 
GMER log Part 4 of 4

Part 4 of 4
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-02 22:20:51
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD5000AAKS-00TMA0 rev.12.01C01
Running: crppjugr.exe; Driver: C:\Users\OWNER\AppData\Local\Temp\kgloafoc.sys
---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
aswMBR and Combofix Logs

aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
Run date: 2012-01-04 19:02:10
-----------------------------
19:02:10.779 OS Version: Windows 6.0.6002 Service Pack 2
19:02:10.780 Number of processors: 2 586 0xF0B
19:02:10.782 ComputerName: OWNER-PC-DEN UserName: OWNER
19:02:37.915 Initialize success
19:20:12.724 AVAST engine defs: 12010401
19:30:26.121 The log file has been saved successfully to "C:\Users\OWNER\Documents\aswMBR.txt"


ComboFix 12-01-04.03 - OWNER 01/04/2012 19:40:15.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1893 [GMT -5:00]
Running from: c:\users\OWNER\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Microsoft
c:\microsoft\Internet Explorer\Quick Launch\Verizon Yahoo! Messenger.lnk
c:\program files\Common Files\Uninstall
c:\program files\Common Files\Uninstall\PAV\Uninstall.lnk
c:\program files\UNWISE.EXE
c:\programdata\~7eGXsUa44RsITX
c:\programdata\~7eGXsUa44RsITXr
c:\programdata\7eGXsUa44RsITX
c:\users\OWNER\AppData\Local\assembly\tmp
c:\users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\OWNER\Desktop\Search.lnk
c:\users\OWNER\Desktop\System Check.lnk
c:\users\OWNER\g2mdlhlpx.exe
c:\windows\MailSwitch.ocx
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
.
.
2012-01-05 00:48 . 2012-01-05 00:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-05 00:08 . 2012-01-05 00:08 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3755F1A-139B-4FEF-85E0-CD61AB28968C}\MpKsl60434771.sys
2012-01-05 00:08 . 2012-01-05 00:08 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3755F1A-139B-4FEF-85E0-CD61AB28968C}\offreg.dll
2012-01-05 00:08 . 2011-11-21 07:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3755F1A-139B-4FEF-85E0-CD61AB28968C}\mpengine.dll
2012-01-02 21:34 . 2012-01-02 21:34 -------- d--h--w- c:\users\OWNER\AppData\Roaming\Malwarebytes
2012-01-02 21:34 . 2012-01-02 21:34 -------- d--h--w- c:\programdata\Malwarebytes
2012-01-02 21:34 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-02 21:34 . 2012-01-02 21:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-01 23:08 . 2012-01-01 23:08 -------- d--h--w- c:\programdata\WindowsSearch
2011-12-30 13:20 . 2011-10-15 08:53 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-12-30 13:20 . 2011-10-15 08:53 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-12-30 13:20 . 2011-10-15 08:53 61248 ----a-w- c:\windows\system32\OpenCL.dll
2011-12-30 13:20 . 2011-10-15 08:53 18871616 ----a-w- c:\windows\system32\nvoglv32.dll
2011-12-30 13:20 . 2011-10-15 08:53 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-12-30 13:20 . 2011-10-15 08:53 5578560 ----a-w- c:\windows\system32\nvcuda.dll
2011-12-30 13:20 . 2011-10-15 08:53 2401088 ----a-w- c:\windows\system32\nvcuvid.dll
2011-12-30 13:20 . 2011-10-15 08:53 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-12-30 13:20 . 2011-10-15 08:53 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-12-29 01:54 . 2012-01-01 22:57 -------- d-----w- c:\users\UpdatusUser
2011-12-29 01:54 . 2011-05-21 11:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-12-29 01:54 . 2011-10-15 08:53 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-12-29 01:48 . 2011-12-29 01:48 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL
2011-12-29 01:48 . 2011-12-29 01:48 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT
2011-12-29 01:48 . 2011-12-29 01:48 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE
2011-12-29 01:48 . 2011-12-29 01:48 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR
2011-12-29 01:48 . 2011-12-29 01:48 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES
2011-12-17 22:45 . 2011-12-17 22:45 -------- d-----w- c:\program files\iPod
2011-12-17 22:45 . 2011-12-17 22:46 -------- d-----w- c:\program files\iTunes
2011-12-17 11:38 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-17 11:38 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-17 11:38 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-17 11:38 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 11:38 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-17 11:38 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-17 11:37 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 07:47 . 2010-08-30 22:19 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-15 08:53 . 2010-10-08 05:57 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2010-10-08 05:57 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2010-10-08 05:57 6350144 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2010-10-08 05:57 3840320 ----a-w- c:\windows\system32\nvsvc.dll
2011-10-15 08:53 . 2010-04-04 02:55 7041856 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-10-15 08:53 . 2010-04-03 22:27 123712 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2007-04-26 08:17 2458432 ----a-w- c:\windows\system32\nvapi.dll
2011-10-15 08:53 . 2007-04-26 08:17 13205312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-10-15 05:54 . 2011-10-15 05:54 321856 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e413a417-d00b-4a3b-9c17-19048046f1ce}"= "c:\program files\johnqtv1\tbjohn.dll" [2007-12-19 1514520]
.
[HKEY_CLASSES_ROOT\clsid\{e413a417-d00b-4a3b-9c17-19048046f1ce}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e413a417-d00b-4a3b-9c17-19048046f1ce}]
2007-12-19 20:53 1514520 ----a-w- c:\program files\johnqtv1\tbjohn.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e413a417-d00b-4a3b-9c17-19048046f1ce}"= "c:\program files\johnqtv1\tbjohn.dll" [2007-12-19 1514520]
.
[HKEY_CLASSES_ROOT\clsid\{e413a417-d00b-4a3b-9c17-19048046f1ce}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E413A417-D00B-4A3B-9C17-19048046F1CE}"= "c:\program files\johnqtv1\tbjohn.dll" [2007-12-19 1514520]
.
[HKEY_CLASSES_ROOT\clsid\{e413a417-d00b-4a3b-9c17-19048046f1ce}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MoneyInsights"="c:\program files\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe" [2008-02-19 502800]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-15 39408]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"MusicManager"="c:\users\OWNER\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-11-30 13223936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-15 4435968]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for ViewSonic\traybar.exe" [2007-08-20 774144]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2007-02-20 81920]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-06-23 244208]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2008-06-12 113136]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2011-01-10 4318520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Planner Reminder 2009.lnk - c:\windows\Installer\{7B1FF9C5-ABDE-4D1B-BE70-DF6A4A546131}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe [2009-11-22 243024]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2009-12-27 603504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSL60434771
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-06 11:42]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 19:23]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 19:23]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4021511835-731674042-3818716740-1000Core.job
- c:\users\OWNER\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-10 19:23]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4021511835-731674042-3818716740-1000UA.job
- c:\users\OWNER\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-10 19:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.washingtonpost.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-04 19:48
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-01-04 19:53:32
ComboFix-quarantined-files.txt 2012-01-05 00:53
.
Pre-Run: 79,543,185,408 bytes free
Post-Run: 80,382,103,552 bytes free
.
- - End Of File - - 58CBD99114DC16D32237B70936D9A53D
 
Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Status of PC after running aswMBR and Combofix

Again, thanks for your continued help.

Here is the status after running aswMBR and Combofix. See logs in prior post. My PC restarts with a black screen, no desktop showing only sidebar widgets and bottom task bar. Running aswMBR and Combofix stopped the System Check pop ups with the errors and the "System Check Report" pop up. A System Check shortcut box in Quick Launch area says "Problem with shortcut. The item '7eGXsUa44RsITX.exe' that this shortcut refers to has been changed or moved so this shortcut is no longer working properly, Do you want to delete this shortcut? YES/No
 
Bootkit Remover log

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
Thank-you for your continued help. I deleted the shortcut per your post and ran Bootkit Remover and have posted the data below.

OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

==========================================================

Re-run aswMBR one more time.
 
Results of Unhide and aswMBR re-run

I ran UNHIDE. The Start Menu items and Quick Launch items are still missing and the Desktop screen is black with only widgets showing and Thumbnails in task bar. Unhide said to run again with anti-virus which I did.

Results of aswMBR_run2_01052012.txt posted below

aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
Run date: 2012-01-05 20:58:45
-----------------------------
20:58:45.158 OS Version: Windows 6.0.6002 Service Pack 2
20:58:45.158 Number of processors: 2 586 0xF0B
20:58:45.160 ComputerName: OWNER-PC-DEN UserName: OWNER
20:59:10.475 Initialize success
21:00:02.793 AVAST engine defs: 12010501
21:06:11.952 The log file has been saved successfully to "C:\Users\OWNER\Documents\aswMBR_run2_01052012.txt"
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

  • Double click on downloaded file to run it.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log (FRST.txt) on your desktop.
  • Please copy and paste it to your reply.
 
Results of FRST scan

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2
Ran by OWNER at 2012-01-05 21:18:18
Running from C:\Users\OWNER\Downloads
Service Pack 2 (X86) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

========================== Registry (Whitelisted) =============

HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKLM\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell]

================================ Services (Whitelisted) ==================


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-01-05 21:17 - 2012-01-05 21:17 - 0858734 ____A C:\Users\OWNER\Downloads\FRST.exe
2012-01-05 21:06 - 2012-01-05 21:06 - 0000492 ____A C:\Users\OWNER\Documents\aswMBR_run2_01052012.txt
2012-01-05 20:39 - 2012-01-05 20:39 - 0684297 ____A C:\Users\OWNER\Downloads\unhide.exe
2012-01-05 20:13 - 2012-01-05 20:13 - 0000514 ____A C:\Users\OWNER\Documents\Bootkit Remover.txt
2012-01-05 20:11 - 2012-01-05 20:12 - 0000000 ____D C:\Users\OWNER\Downloads\bootkit_remover
2012-01-05 20:09 - 2012-01-05 20:09 - 0044607 ____A C:\Users\OWNER\Downloads\bootkit_remover.zip
2012-01-04 20:04 - 2012-01-05 20:23 - 0000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-01-04 19:54 - 2012-01-04 19:54 - 0013558 ____A C:\Users\OWNER\Documents\combofix.txt
2012-01-04 19:53 - 2012-01-04 19:53 - 0013558 ____A C:\ComboFix.txt
2012-01-04 19:53 - 2012-01-04 19:53 - 0000000 __SHD C:\$RECYCLE.BIN
2012-01-04 19:38 - 2012-01-04 19:53 - 0000000 ____D C:\Qoobox
2012-01-04 19:38 - 2012-01-04 19:49 - 0000000 ____D C:\Windows\ERDNT
2012-01-04 19:38 - 2011-06-26 01:45 - 0256000 ____A C:\Windows\PEV.exe
2012-01-04 19:38 - 2010-11-07 12:20 - 0208896 ____A C:\Windows\MBR.exe
2012-01-04 19:38 - 2009-04-19 23:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-01-04 19:38 - 2000-08-30 19:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-01-04 19:38 - 2000-08-30 19:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-01-04 19:38 - 2000-08-30 19:00 - 0098816 ____A C:\Windows\sed.exe
2012-01-04 19:38 - 2000-08-30 19:00 - 0080412 ____A C:\Windows\grep.exe
2012-01-04 19:38 - 2000-08-30 19:00 - 0068096 ____A C:\Windows\zip.exe
2012-01-04 19:31 - 2012-01-04 19:31 - 4370643 ____R (Swearware) C:\Users\OWNER\Downloads\ComboFix.exe
2012-01-04 19:30 - 2012-01-04 19:30 - 0000478 ____A C:\Users\OWNER\Documents\aswMBR.txt
2012-01-04 18:58 - 2012-01-04 19:02 - 4704768 ____A (AVAST Software) C:\Users\OWNER\Downloads\aswMBR.exe
2012-01-02 22:23 - 2012-01-02 22:23 - 0138716 ____A C:\Users\OWNER\Documents\GMER log.txt
2012-01-02 22:20 - 2012-01-02 22:20 - 0138716 ____A C:\Users\OWNER\Documents\GMAR.log
2012-01-02 19:49 - 2012-01-02 19:49 - 0025633 ____A C:\Users\OWNER\Documents\DDS.txt
2012-01-02 19:48 - 2012-01-02 19:48 - 0018830 ____A C:\Users\OWNER\Documents\Attach.txt
2012-01-02 19:41 - 2012-01-02 19:41 - 0607017 ____A (Swearware) C:\Users\OWNER\Downloads\dds.pif
2012-01-02 19:16 - 2012-01-02 19:16 - 0302592 ____A C:\Users\OWNER\Downloads\crppjugr.exe
2012-01-02 18:09 - 2012-01-02 18:09 - 0000000 ____D C:\Users\OWNER\AppData\Local\{7298B8D8-C1FB-4AF3-B595-D9CF9287E74D}
2012-01-02 18:09 - 2012-01-02 18:09 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3DDB63DB-EB9A-4F01-B115-78E2C88F20A3}
2012-01-02 18:07 - 2012-01-05 20:23 - 3485249536 __ASH C:\hiberfil.sys
2012-01-02 16:34 - 2012-01-02 16:34 - 0000000 ____D C:\Users\OWNER\AppData\Roaming\Malwarebytes
2012-01-02 16:34 - 2012-01-02 16:34 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-01-02 16:34 - 2012-01-02 16:34 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-01-02 16:34 - 2012-01-02 16:34 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-01-02 16:34 - 2011-12-10 15:24 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-01-02 16:26 - 2012-01-02 16:26 - 0049200 ____A C:\Windows\ntbtlog.txt
2012-01-01 20:01 - 2012-01-01 20:01 - 0000000 ____D C:\Users\OWNER\AppData\Local\{B7FFD582-75BF-4597-A6F2-4EEB04D6451E}
2012-01-01 20:01 - 2012-01-01 20:01 - 0000000 ____D C:\Users\OWNER\AppData\Local\{418E58D4-1348-4FAE-B094-9468DCCF0E5E}
2012-01-01 18:08 - 2012-01-01 18:08 - 0000000 ____D C:\Users\All Users\WindowsSearch
2012-01-01 18:08 - 2012-01-01 18:08 - 0000000 ____D C:\ProgramData\WindowsSearch
2012-01-01 08:00 - 2012-01-01 08:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\{F0F78033-C146-405C-9F9D-A89066AD9605}
2012-01-01 08:00 - 2012-01-01 08:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3799A976-DD16-4697-AAFB-E6AF0CE27E56}
2011-12-31 17:54 - 2011-12-31 17:54 - 0517728 ____A C:\Users\OWNER\Documents\NewYearWish2012.pdf
2011-12-31 17:54 - 2011-12-31 17:54 - 0368640 ____A C:\Users\OWNER\Documents\NewYearWish2012.pdf.pra
2011-12-31 11:02 - 2011-12-31 11:02 - 0029182 ____A C:\Users\OWNER\Downloads\Download.csv
2011-12-31 10:38 - 2011-12-31 10:38 - 0000000 ____D C:\Users\OWNER\AppData\Local\{CB731A8F-7714-42A8-91BE-D1EE7C943516}
2011-12-31 10:37 - 2011-12-31 10:38 - 0000000 ____D C:\Users\OWNER\AppData\Local\{D17A7992-834E-4D0A-A026-7FCA624949DC}
2011-12-30 19:45 - 2011-12-30 19:45 - 0000000 ____D C:\Users\OWNER\AppData\Local\{0E15062F-3981-40A8-8AD9-A02FC52BB1B1}
2011-12-30 19:45 - 2011-12-30 19:45 - 0000000 ____D C:\Users\OWNER\AppData\Local\{04CDFF29-AC6B-40BE-9C28-13AE5CE57F1F}
2011-12-30 09:32 - 2011-12-30 11:02 - 0015456 ____A C:\Users\OWNER\Documents\leadership.docx
2011-12-30 08:20 - 2011-10-15 03:53 - 5578560 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2011-12-30 08:20 - 2011-10-15 03:53 - 2401088 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2011-12-30 08:20 - 2011-10-15 03:53 - 2099520 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2011-12-30 08:20 - 2011-10-15 03:53 - 18871616 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2011-12-30 08:20 - 2011-10-15 03:53 - 17248576 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2011-12-30 08:20 - 2011-10-15 03:53 - 10327360 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2011-12-30 08:20 - 2011-10-15 03:53 - 0919872 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
2011-12-30 08:20 - 2011-10-15 03:53 - 0877376 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
2011-12-30 08:20 - 2011-10-15 03:53 - 0061248 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2011-12-30 07:44 - 2011-12-30 07:44 - 0000000 ____D C:\Users\OWNER\AppData\Local\{8B3DD721-61BF-4C9A-9154-7702642CE903}
2011-12-30 07:44 - 2011-12-30 07:44 - 0000000 ____D C:\Users\OWNER\AppData\Local\{008C5F84-D810-4062-BB93-E2E3D6EA94C4}
2011-12-29 13:17 - 2011-12-29 13:18 - 0000000 ____D C:\Users\OWNER\Documents\Allstate
2011-12-29 11:18 - 2011-12-28 10:52 - 2236845 ____A C:\Users\OWNER\Documents\DSC00012.JPG
2011-12-29 11:18 - 2011-12-28 10:52 - 2205667 ____A C:\Users\OWNER\Documents\DSC00011.JPG
2011-12-29 11:18 - 2011-12-28 10:51 - 1901949 ____A C:\Users\OWNER\Documents\DSC00010.JPG
2011-12-29 11:18 - 2011-12-28 10:50 - 2354554 ____A C:\Users\OWNER\Documents\DSC00007.JPG
2011-12-29 11:18 - 2011-12-28 10:50 - 2089400 ____A C:\Users\OWNER\Documents\DSC00008.JPG
2011-12-29 11:18 - 2011-12-28 10:50 - 1850996 ____A C:\Users\OWNER\Documents\DSC00009.JPG
2011-12-29 11:18 - 2011-12-28 10:49 - 2299025 ____A C:\Users\OWNER\Documents\DSC00006.JPG
2011-12-29 11:13 - 2012-01-01 10:52 - 0000000 ____D C:\Users\OWNER\Documents\Hall Bath
2011-12-29 10:07 - 2011-12-29 10:08 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3C309ADD-8A53-4547-A842-2AFD25B103EA}
2011-12-29 10:07 - 2011-12-29 10:07 - 0000000 ____D C:\Users\OWNER\AppData\Local\{2F8E11C8-D6E2-4B3F-92F0-5BCE7AEE3694}
2011-12-28 20:54 - 2012-01-01 17:57 - 0000000 ____D C:\users\UpdatusUser
2011-12-28 20:54 - 2011-12-28 20:54 - 0000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\Templates
2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\Start Menu
2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\PrintHood
2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\NetHood
2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\My Documents
2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Videos
2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Pictures
2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Music
2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files
2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\History
2011-12-28 20:54 - 2011-10-15 03:53 - 0602432 ____A (NVIDIA Corporation) C:\Windows\System32\easyupdatusapiu.dll
2011-12-28 20:54 - 2011-05-21 06:01 - 2560616 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2011-12-28 20:54 - 2009-12-31 14:24 - 0000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2011-12-28 20:54 - 2007-10-05 22:26 - 0000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2011-12-28 20:54 - 2006-11-02 07:37 - 0000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Media Center Programs
2011-12-28 19:29 - 2011-12-28 19:29 - 0003120 ____A C:\Windows\System32\ALLFSAF8a.ocx
2011-12-28 09:35 - 2011-12-28 09:35 - 0000000 ____D C:\Users\OWNER\AppData\Local\{EFC84986-05D8-4D1F-A9AD-D89F26DC3E9B}
2011-12-28 09:35 - 2011-12-28 09:35 - 0000000 ____D C:\Users\OWNER\AppData\Local\{7F7F0E3E-7D31-41F5-9C67-62177DF216BF}
2011-12-27 19:27 - 2011-12-27 19:27 - 0000000 ____D C:\Users\OWNER\AppData\Local\{6ABA2B91-8FC8-496B-A1DD-2CFCD6667657}
2011-12-27 19:27 - 2011-12-27 19:27 - 0000000 ____D C:\Users\OWNER\AppData\Local\{2D99B19E-9AF2-4EB9-8B4C-372C3756AAD4}
2011-12-27 07:26 - 2011-12-27 07:27 - 0000000 ____D C:\Users\OWNER\AppData\Local\{E0082879-7A31-4211-87B5-70FB68931B3E}
2011-12-27 07:26 - 2011-12-27 07:26 - 0000000 ____D C:\Users\OWNER\AppData\Local\{E8793C07-5B7A-4BE8-A314-AE7429B6816D}
2011-12-26 16:12 - 2011-12-26 16:12 - 0000000 ____D C:\Users\OWNER\AppData\Local\{9607B1CC-472C-4E23-8B18-CF7F6934314E}
2011-12-26 16:12 - 2011-12-26 16:12 - 0000000 ____D C:\Users\OWNER\AppData\Local\{15AAF5A9-F8B3-4757-B0D1-8D0FAA8CABCF}
2011-12-23 08:45 - 2011-12-23 08:45 - 0000000 ____D C:\Users\OWNER\AppData\Local\{C2536868-B2E9-4A5B-BD59-D009E562A8B9}
2011-12-23 08:45 - 2011-12-23 08:45 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3A082929-01A2-4F19-BE6D-62013731A2F1}
2011-12-22 17:39 - 2011-12-22 17:40 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3C2FD598-EF72-49E9-ADA7-D0A4DD06B84C}
2011-12-22 17:39 - 2011-12-22 17:39 - 0000000 ____D C:\Users\OWNER\AppData\Local\{20BA3FC1-F841-412C-8D2F-A76CA6E6A8D9}
2011-12-21 18:11 - 2011-12-21 18:12 - 0000000 ____D C:\Users\OWNER\AppData\Local\{7AF92889-7DD8-4E9A-AAAD-71E69F84E710}
2011-12-21 18:11 - 2011-12-21 18:11 - 0000000 ____D C:\Users\OWNER\AppData\Local\{B5AA8C0F-E017-4728-812E-CD0E426593B9}
2011-12-21 06:11 - 2011-12-21 06:11 - 0000000 ____D C:\Users\OWNER\AppData\Local\{90F8E8DF-E2CE-44FE-A1E1-980B3B710C04}
2011-12-21 06:10 - 2011-12-21 06:10 - 0000000 ____D C:\Users\OWNER\AppData\Local\{4026FEBA-291A-4C51-AFA2-49C41C4ED3C1}
2011-12-19 10:16 - 2011-12-19 10:17 - 0000000 ____D C:\Users\OWNER\AppData\Local\{76548B33-D73A-494C-B6F7-E8AA68B05BA4}
2011-12-19 10:16 - 2011-12-19 10:16 - 0000000 ____D C:\Users\OWNER\AppData\Local\{CC925330-7BFA-421B-9816-4B4F9D748AAC}
2011-12-18 17:15 - 2011-12-18 17:16 - 0000000 ____D C:\Users\OWNER\AppData\Local\{65615064-A1EB-400A-9664-F0FAFB1AA476}
2011-12-18 17:15 - 2011-12-18 17:15 - 0000000 ____D C:\Users\OWNER\AppData\Local\{85C4E1B8-1F3D-43F9-A9B3-F3797DF82074}
2011-12-17 18:29 - 2011-11-03 18:02 - 12279808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-17 18:29 - 2011-11-03 17:47 - 1798144 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-12-17 18:29 - 2011-11-03 17:46 - 9705472 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-17 18:29 - 2011-11-03 17:40 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-12-17 18:29 - 2011-11-03 17:40 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-17 18:29 - 2011-11-03 17:39 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-17 18:29 - 2011-11-03 17:38 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-17 18:29 - 2011-11-03 17:37 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-17 18:29 - 2011-11-03 17:34 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-12-17 18:29 - 2011-11-03 17:32 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-17 18:29 - 2011-11-03 17:32 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-17 18:29 - 2011-11-03 17:31 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-17 18:29 - 2011-11-03 17:28 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-17 17:45 - 2011-12-17 17:46 - 0000000 ____D C:\Program Files\iTunes
2011-12-17 17:45 - 2011-12-17 17:45 - 0000000 ____D C:\Program Files\iPod
2011-12-17 09:20 - 2011-12-17 09:24 - 0330034 ____A C:\Users\OWNER\Documents\Daniela_12_Birthday2011.pdf
2011-12-17 08:41 - 2011-12-17 08:41 - 0131735 ____A C:\Users\OWNER\Downloads\RAV4_driver_side_windshiel_trim.jpg
2011-12-17 06:38 - 2011-11-23 08:37 - 2043904 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-12-17 06:38 - 2011-10-27 03:01 - 3602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2011-12-17 06:38 - 2011-10-27 03:01 - 3550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-12-17 06:38 - 2011-10-25 10:56 - 0049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-12-17 06:38 - 2011-10-14 11:02 - 0429056 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-12-17 06:37 - 2011-11-08 09:42 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-12-17 06:31 - 2011-12-17 06:31 - 0000000 ____D C:\Users\OWNER\AppData\Local\{77E37575-15D1-4DE6-AEB3-C32E983FB55C}
2011-12-17 06:31 - 2011-12-17 06:31 - 0000000 ____D C:\Users\OWNER\AppData\Local\{0BCDEFBC-4B83-450C-AE1E-76D3B1B4ECF1}
2011-12-11 10:00 - 2011-12-11 10:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\{108E2AE0-100C-48FF-B71F-10EB24388C35}
2011-12-11 10:00 - 2011-12-11 10:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\{0D3C7A68-D8C3-4946-B311-4A6525A98379}


============ 3 Months Modified Files and Folders ===============

2012-01-05 21:18 - 2012-01-05 21:18 - 0000000 ____D C:\FRST
2012-01-05 21:17 - 2012-01-05 21:17 - 0858734 ____A C:\Users\OWNER\Downloads\FRST.exe
2012-01-05 21:10 - 2009-12-31 14:23 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-01-05 21:06 - 2012-01-05 21:06 - 0000492 ____A C:\Users\OWNER\Documents\aswMBR_run2_01052012.txt
2012-01-05 20:41 - 2010-02-09 21:22 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4021511835-731674042-3818716740-1000UA.job
2012-01-05 20:39 - 2012-01-05 20:39 - 0684297 ____A C:\Users\OWNER\Downloads\unhide.exe
2012-01-05 20:33 - 2008-06-01 10:31 - 0000000 ____D C:\Users\OWNER\Audio Books
2012-01-05 20:29 - 2006-11-02 05:33 - 0719248 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-05 20:27 - 2006-11-02 07:52 - 1883082 ____A C:\Windows\WindowsUpdate.log
2012-01-05 20:23 - 2012-01-04 20:04 - 0000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-01-05 20:23 - 2012-01-02 18:07 - 3485249536 __ASH C:\hiberfil.sys
2012-01-05 20:23 - 2009-12-31 14:23 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-01-05 20:23 - 2007-09-29 07:58 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-01-05 20:23 - 2007-09-29 07:58 - 0000000 ____D C:\ProgramData\NVIDIA
2012-01-05 20:23 - 2006-11-02 08:01 - 0000006 ____A C:\Windows\Tasks\SA.DAT
2012-01-05 20:23 - 2006-11-02 07:47 - 0004176 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-01-05 20:23 - 2006-11-02 07:47 - 0004176 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-01-05 20:20 - 2006-11-02 08:01 - 0032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-01-05 20:13 - 2012-01-05 20:13 - 0000514 ____A C:\Users\OWNER\Documents\Bootkit Remover.txt
2012-01-05 20:12 - 2012-01-05 20:11 - 0000000 ____D C:\Users\OWNER\Downloads\bootkit_remover
2012-01-05 20:09 - 2012-01-05 20:09 - 0044607 ____A C:\Users\OWNER\Downloads\bootkit_remover.zip
2012-01-04 20:03 - 2007-09-29 07:58 - 0076410 ____A C:\Windows\PFRO.log
2012-01-04 19:54 - 2012-01-04 19:54 - 0013558 ____A C:\Users\OWNER\Documents\combofix.txt
2012-01-04 19:53 - 2012-01-04 19:53 - 0013558 ____A C:\ComboFix.txt
2012-01-04 19:53 - 2012-01-04 19:53 - 0000000 __SHD C:\$RECYCLE.BIN
2012-01-04 19:53 - 2012-01-04 19:38 - 0000000 ____D C:\Qoobox
2012-01-04 19:53 - 2006-11-02 06:18 - 0000000 ___RD C:\users\Public
2012-01-04 19:53 - 2006-11-02 06:18 - 0000000 ___RD C:\users\Default
2012-01-04 19:49 - 2012-01-04 19:38 - 0000000 ____D C:\Windows\ERDNT
2012-01-04 19:48 - 2006-11-02 05:23 - 0000215 ____A C:\Windows\system.ini
2012-01-04 19:48 - 2006-11-02 05:23 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-01-04 19:47 - 2007-09-28 17:31 - 0000000 ____D C:\users\OWNER
2012-01-04 19:31 - 2012-01-04 19:31 - 4370643 ____R (Swearware) C:\Users\OWNER\Downloads\ComboFix.exe
2012-01-04 19:30 - 2012-01-04 19:30 - 0000478 ____A C:\Users\OWNER\Documents\aswMBR.txt
2012-01-04 19:02 - 2012-01-04 18:58 - 4704768 ____A (AVAST Software) C:\Users\OWNER\Downloads\aswMBR.exe
2012-01-04 18:51 - 2008-12-12 19:04 - 0000000 ____D C:\Users\OWNER\Tracing
2012-01-02 22:23 - 2012-01-02 22:23 - 0138716 ____A C:\Users\OWNER\Documents\GMER log.txt
2012-01-02 22:20 - 2012-01-02 22:20 - 0138716 ____A C:\Users\OWNER\Documents\GMAR.log
2012-01-02 19:49 - 2012-01-02 19:49 - 0025633 ____A C:\Users\OWNER\Documents\DDS.txt
2012-01-02 19:48 - 2012-01-02 19:48 - 0018830 ____A C:\Users\OWNER\Documents\Attach.txt
2012-01-02 19:41 - 2012-01-02 19:41 - 0607017 ____A (Swearware) C:\Users\OWNER\Downloads\dds.pif
2012-01-02 19:16 - 2012-01-02 19:16 - 0302592 ____A C:\Users\OWNER\Downloads\crppjugr.exe
2012-01-02 18:09 - 2012-01-02 18:09 - 0000000 ____D C:\Users\OWNER\AppData\Local\{7298B8D8-C1FB-4AF3-B595-D9CF9287E74D}
2012-01-02 18:09 - 2012-01-02 18:09 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3DDB63DB-EB9A-4F01-B115-78E2C88F20A3}
2012-01-02 18:09 - 2010-10-24 07:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\Windows Live
2012-01-02 18:05 - 2011-01-01 11:41 - 0000000 ____D C:\Users\OWNER\AppData\Roaming\Apple Computer
2012-01-02 16:34 - 2012-01-02 16:34 - 0000000 ____D C:\Users\OWNER\AppData\Roaming\Malwarebytes
2012-01-02 16:34 - 2012-01-02 16:34 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-01-02 16:34 - 2012-01-02 16:34 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-01-02 16:34 - 2012-01-02 16:34 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-01-02 16:31 - 2007-09-28 17:31 - 0002032 ____A C:\Users\OWNER\AppData\Local\d3d9caps.dat
2012-01-02 16:26 - 2012-01-02 16:26 - 0049200 ____A C:\Windows\ntbtlog.txt
2012-01-01 20:01 - 2012-01-01 20:01 - 0000000 ____D C:\Users\OWNER\AppData\Local\{B7FFD582-75BF-4597-A6F2-4EEB04D6451E}
2012-01-01 20:01 - 2012-01-01 20:01 - 0000000 ____D C:\Users\OWNER\AppData\Local\{418E58D4-1348-4FAE-B094-9468DCCF0E5E}
2012-01-01 18:42 - 2009-03-28 07:59 - 0000868 ____A C:\Windows\Tasks\Google Software Updater.job
2012-01-01 18:08 - 2012-01-01 18:08 - 0000000 ____D C:\Users\All Users\WindowsSearch
2012-01-01 18:08 - 2012-01-01 18:08 - 0000000 ____D C:\ProgramData\WindowsSearch
2012-01-01 18:04 - 2006-11-02 06:18 - 0000000 ____D C:\Windows\System32\config\TxR
2012-01-01 17:59 - 2006-11-02 06:18 - 0000000 ____D C:\Windows\System32\Msdtc
2012-01-01 17:57 - 2011-12-28 20:54 - 0000000 ____D C:\users\UpdatusUser
2012-01-01 17:57 - 2006-11-02 06:18 - 0000000 ____D C:\Windows\System32\spool
2012-01-01 17:57 - 2006-11-02 06:18 - 0000000 ____D C:\Windows\registration
2012-01-01 17:57 - 2006-11-02 05:22 - 62652416 ____A C:\Windows\System32\config\software_previous
2012-01-01 17:57 - 2006-11-02 05:22 - 40370176 ____A C:\Windows\System32\config\components_previous
2012-01-01 17:57 - 2006-11-02 05:22 - 22020096 ____A C:\Windows\System32\config\system_previous
2012-01-01 17:57 - 2006-11-02 05:22 - 0524288 ____A C:\Windows\System32\config\default_previous
2012-01-01 17:57 - 2006-11-02 05:22 - 0262144 ____A C:\Windows\System32\config\security_previous
2012-01-01 17:57 - 2006-11-02 05:22 - 0262144 ____A C:\Windows\System32\config\sam_previous
2012-01-01 10:52 - 2011-12-29 11:13 - 0000000 ____D C:\Users\OWNER\Documents\Hall Bath
2012-01-01 08:00 - 2012-01-01 08:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\{F0F78033-C146-405C-9F9D-A89066AD9605}
2012-01-01 08:00 - 2012-01-01 08:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3799A976-DD16-4697-AAFB-E6AF0CE27E56}
2011-12-31 20:09 - 2009-12-29 07:51 - 0000000 ____D C:\Users\OWNER\Documents\Financial
2011-12-31 17:54 - 2011-12-31 17:54 - 0517728 ____A C:\Users\OWNER\Documents\NewYearWish2012.pdf
2011-12-31 17:54 - 2011-12-31 17:54 - 0368640 ____A C:\Users\OWNER\Documents\NewYearWish2012.pdf.pra
2011-12-31 11:02 - 2011-12-31 11:02 - 0029182 ____A C:\Users\OWNER\Downloads\Download.csv
2011-12-31 10:38 - 2011-12-31 10:38 - 0000000 ____D C:\Users\OWNER\AppData\Local\{CB731A8F-7714-42A8-91BE-D1EE7C943516}
2011-12-31 10:38 - 2011-12-31 10:37 - 0000000 ____D C:\Users\OWNER\AppData\Local\{D17A7992-834E-4D0A-A026-7FCA624949DC}
2011-12-30 19:45 - 2011-12-30 19:45 - 0000000 ____D C:\Users\OWNER\AppData\Local\{0E15062F-3981-40A8-8AD9-A02FC52BB1B1}
2011-12-30 19:45 - 2011-12-30 19:45 - 0000000 ____D C:\Users\OWNER\AppData\Local\{04CDFF29-AC6B-40BE-9C28-13AE5CE57F1F}
2011-12-30 11:02 - 2011-12-30 09:32 - 0015456 ____A C:\Users\OWNER\Documents\leadership.docx
2011-12-30 08:22 - 2007-09-29 08:01 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2011-12-30 07:44 - 2011-12-30 07:44 - 0000000 ____D C:\Users\OWNER\AppData\Local\{8B3DD721-61BF-4C9A-9154-7702642CE903}
2011-12-30 07:44 - 2011-12-30 07:44 - 0000000 ____D C:\Users\OWNER\AppData\Local\{008C5F84-D810-4062-BB93-E2E3D6EA94C4}
2011-12-29 13:18 - 2011-12-29 13:17 - 0000000 ____D C:\Users\OWNER\Documents\Allstate
2011-12-29 10:13 - 2006-11-02 06:18 - 0000000 ____D C:\Windows\Microsoft.NET
2011-12-29 10:08 - 2011-12-29 10:07 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3C309ADD-8A53-4547-A842-2AFD25B103EA}
2011-12-29 10:07 - 2011-12-29 10:07 - 0000000 ____D C:\Users\OWNER\AppData\Local\{2F8E11C8-D6E2-4B3F-92F0-5BCE7AEE3694}
2011-12-28 20:54 - 2011-12-28 20:54 - 0000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\Templates
2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\Start Menu
2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\PrintHood
2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\NetHood
2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\My Documents
2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Videos
2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Pictures
2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Music
2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files
2011-12-28 20:54 - 2011-12-28 20:54 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\History
2011-12-28 20:52 - 2007-09-29 08:07 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-12-28 20:52 - 2007-09-29 08:07 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-12-28 20:51 - 2006-11-02 06:18 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2011-12-28 20:49 - 2007-11-18 11:55 - 0000000 ____D C:\Program Files\Zune
2011-12-28 20:48 - 2006-11-02 07:52 - 0113299 ____A C:\Windows\setupact.log
2011-12-28 19:29 - 2011-12-28 19:29 - 0003120 ____A C:\Windows\System32\ALLFSAF8a.ocx
2011-12-28 19:28 - 2007-10-05 21:25 - 0000000 ____D C:\Users\All Users\Google
2011-12-28 19:28 - 2007-10-05 21:25 - 0000000 ____D C:\ProgramData\Google
2011-12-28 19:28 - 2007-10-05 21:25 - 0000000 ____D C:\Program Files\Google
2011-12-28 10:52 - 2011-12-29 11:18 - 2236845 ____A C:\Users\OWNER\Documents\DSC00012.JPG
2011-12-28 10:52 - 2011-12-29 11:18 - 2205667 ____A C:\Users\OWNER\Documents\DSC00011.JPG
2011-12-28 10:51 - 2011-12-29 11:18 - 1901949 ____A C:\Users\OWNER\Documents\DSC00010.JPG
2011-12-28 10:50 - 2011-12-29 11:18 - 2354554 ____A C:\Users\OWNER\Documents\DSC00007.JPG
2011-12-28 10:50 - 2011-12-29 11:18 - 2089400 ____A C:\Users\OWNER\Documents\DSC00008.JPG
2011-12-28 10:50 - 2011-12-29 11:18 - 1850996 ____A C:\Users\OWNER\Documents\DSC00009.JPG
2011-12-28 10:49 - 2011-12-29 11:18 - 2299025 ____A C:\Users\OWNER\Documents\DSC00006.JPG
2011-12-28 09:35 - 2011-12-28 09:35 - 0000000 ____D C:\Users\OWNER\AppData\Local\{EFC84986-05D8-4D1F-A9AD-D89F26DC3E9B}
2011-12-28 09:35 - 2011-12-28 09:35 - 0000000 ____D C:\Users\OWNER\AppData\Local\{7F7F0E3E-7D31-41F5-9C67-62177DF216BF}
2011-12-27 19:27 - 2011-12-27 19:27 - 0000000 ____D C:\Users\OWNER\AppData\Local\{6ABA2B91-8FC8-496B-A1DD-2CFCD6667657}
2011-12-27 19:27 - 2011-12-27 19:27 - 0000000 ____D C:\Users\OWNER\AppData\Local\{2D99B19E-9AF2-4EB9-8B4C-372C3756AAD4}
2011-12-27 11:49 - 2008-02-17 17:29 - 0000000 ____D C:\Users\OWNER\Documents\Aetna
2011-12-27 07:41 - 2010-02-09 21:21 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4021511835-731674042-3818716740-1000Core.job
2011-12-27 07:27 - 2011-12-27 07:26 - 0000000 ____D C:\Users\OWNER\AppData\Local\{E0082879-7A31-4211-87B5-70FB68931B3E}
2011-12-27 07:26 - 2011-12-27 07:26 - 0000000 ____D C:\Users\OWNER\AppData\Local\{E8793C07-5B7A-4BE8-A314-AE7429B6816D}
2011-12-26 16:29 - 2007-10-06 07:27 - 0121344 ____A C:\Users\OWNER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-26 16:12 - 2011-12-26 16:12 - 0000000 ____D C:\Users\OWNER\AppData\Local\{9607B1CC-472C-4E23-8B18-CF7F6934314E}
2011-12-26 16:12 - 2011-12-26 16:12 - 0000000 ____D C:\Users\OWNER\AppData\Local\{15AAF5A9-F8B3-4757-B0D1-8D0FAA8CABCF}
2011-12-23 08:47 - 2009-12-27 12:48 - 0000000 ____D C:\Users\OWNER\Documents\Recipes
2011-12-23 08:45 - 2011-12-23 08:45 - 0000000 ____D C:\Users\OWNER\AppData\Local\{C2536868-B2E9-4A5B-BD59-D009E562A8B9}
2011-12-23 08:45 - 2011-12-23 08:45 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3A082929-01A2-4F19-BE6D-62013731A2F1}
2011-12-22 17:40 - 2011-12-22 17:39 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3C2FD598-EF72-49E9-ADA7-D0A4DD06B84C}
2011-12-22 17:39 - 2011-12-22 17:39 - 0000000 ____D C:\Users\OWNER\AppData\Local\{20BA3FC1-F841-412C-8D2F-A76CA6E6A8D9}
2011-12-21 18:12 - 2011-12-21 18:11 - 0000000 ____D C:\Users\OWNER\AppData\Local\{7AF92889-7DD8-4E9A-AAAD-71E69F84E710}
2011-12-21 18:11 - 2011-12-21 18:11 - 0000000 ____D C:\Users\OWNER\AppData\Local\{B5AA8C0F-E017-4728-812E-CD0E426593B9}
2011-12-21 06:11 - 2011-12-21 06:11 - 0000000 ____D C:\Users\OWNER\AppData\Local\{90F8E8DF-E2CE-44FE-A1E1-980B3B710C04}
2011-12-21 06:10 - 2011-12-21 06:10 - 0000000 ____D C:\Users\OWNER\AppData\Local\{4026FEBA-291A-4C51-AFA2-49C41C4ED3C1}
2011-12-19 17:16 - 2009-12-13 17:03 - 0205408 ____A C:\Users\OWNER\Documents\ChristmasCardList.docx
2011-12-19 10:17 - 2011-12-19 10:16 - 0000000 ____D C:\Users\OWNER\AppData\Local\{76548B33-D73A-494C-B6F7-E8AA68B05BA4}
2011-12-19 10:16 - 2011-12-19 10:16 - 0000000 ____D C:\Users\OWNER\AppData\Local\{CC925330-7BFA-421B-9816-4B4F9D748AAC}
2011-12-18 18:05 - 2006-11-02 06:18 - 0000000 ___SD C:\Windows\Downloaded Program Files
2011-12-18 17:32 - 2006-11-02 06:18 - 0000000 ____D C:\Windows\rescache
2011-12-18 17:16 - 2011-12-18 17:15 - 0000000 ____D C:\Users\OWNER\AppData\Local\{65615064-A1EB-400A-9664-F0FAFB1AA476}
2011-12-18 17:15 - 2011-12-18 17:15 - 0000000 ____D C:\Users\OWNER\AppData\Local\{85C4E1B8-1F3D-43F9-A9B3-F3797DF82074}
2011-12-18 17:12 - 2006-11-02 07:47 - 0513032 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-17 17:46 - 2011-12-17 17:45 - 0000000 ____D C:\Program Files\iTunes
2011-12-17 17:45 - 2011-12-17 17:45 - 0000000 ____D C:\Program Files\iPod
2011-12-17 17:45 - 2010-06-09 19:36 - 0000000 ____D C:\Program Files\Common Files\Apple
2011-12-17 09:24 - 2011-12-17 09:20 - 0330034 ____A C:\Users\OWNER\Documents\Daniela_12_Birthday2011.pdf
2011-12-17 09:14 - 2009-11-23 14:39 - 0000054 ____A C:\Users\OWNER\Documents\Hallmark Card Studio Trial Edition 2009.txt
2011-12-17 08:41 - 2011-12-17 08:41 - 0131735 ____A C:\Users\OWNER\Downloads\RAV4_driver_side_windshiel_trim.jpg
2011-12-17 06:52 - 2007-10-05 21:53 - 0000000 ____D C:\Users\OWNER\AppData\Local\Google
2011-12-17 06:31 - 2011-12-17 06:31 - 0000000 ____D C:\Users\OWNER\AppData\Local\{77E37575-15D1-4DE6-AEB3-C32E983FB55C}
2011-12-17 06:31 - 2011-12-17 06:31 - 0000000 ____D C:\Users\OWNER\AppData\Local\{0BCDEFBC-4B83-450C-AE1E-76D3B1B4ECF1}
2011-12-11 10:00 - 2011-12-11 10:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\{108E2AE0-100C-48FF-B71F-10EB24388C35}
2011-12-11 10:00 - 2011-12-11 10:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\{0D3C7A68-D8C3-4946-B311-4A6525A98379}
2011-12-10 15:24 - 2012-01-02 16:34 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-07 11:44 - 2006-11-02 05:24 - 52988224 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2011-12-04 15:33 - 2011-12-04 15:33 - 0606528 ____A (Google Inc.) C:\Users\OWNER\Downloads\musicmanagerinstaller.exe
2011-12-04 12:49 - 2011-12-04 12:48 - 0000000 ____D C:\Users\OWNER\AppData\Local\{F58FF0C0-AB62-4B1E-9931-28FDE618A3E4}
2011-12-04 12:48 - 2011-12-04 12:48 - 0000000 ____D C:\Users\OWNER\AppData\Local\{EFD557A4-C050-489E-9329-5DD59461EC13}
2011-12-03 12:46 - 2007-09-29 08:07 - 0000000 ____D C:\Users\OWNER\AppData\Local\Microsoft Help
2011-12-03 12:26 - 2011-01-30 18:01 - 0001245 ____A C:\Windows\System32\mapisvc.inf
2011-12-03 12:26 - 2011-01-30 18:01 - 0000000 ____D C:\Program Files\Safari
2011-12-03 11:39 - 2011-12-03 11:39 - 0000000 ____D C:\Users\OWNER\AppData\Local\{360F0CF9-5860-4649-9C7A-9F00C898A0A2}
2011-12-03 11:39 - 2011-12-03 11:39 - 0000000 ____D C:\Users\OWNER\AppData\Local\{0521DC3B-384B-4EFD-ADF6-311DC2BFEC05}
2011-12-01 21:17 - 2009-12-29 09:13 - 0000000 ____D C:\Program Files\Garmin
2011-12-01 21:17 - 2007-10-20 06:44 - 0000000 ____D C:\Garmin
2011-12-01 19:46 - 2009-12-29 09:40 - 0000000 ____D C:\Users\All Users\GARMIN
2011-12-01 19:46 - 2009-12-29 09:40 - 0000000 ____D C:\ProgramData\GARMIN
2011-12-01 19:44 - 2009-12-29 08:47 - 0000000 ____D C:\Users\OWNER\AppData\Roaming\GARMIN
2011-12-01 19:22 - 2011-12-01 19:22 - 0123851 ____A C:\Users\OWNER\Downloads\securedoc (2).html
2011-12-01 19:11 - 2011-12-01 19:11 - 0000000 ____D C:\Users\OWNER\AppData\Local\{E4F1D8BF-127B-40F2-A3DB-62CBF920A3B1}
2011-12-01 19:11 - 2011-12-01 19:11 - 0000000 ____D C:\Users\OWNER\AppData\Local\{A6994259-4978-41A0-9DB3-255A3812A0BF}
2011-11-30 19:59 - 2011-11-30 19:59 - 0000000 ____D C:\Users\OWNER\AppData\Local\{E650752F-0E1E-4E39-B486-B081C693140D}
2011-11-30 19:59 - 2011-11-30 19:58 - 0000000 ____D C:\Users\OWNER\AppData\Local\{16D2F6A8-8A66-4944-AB19-7D9C6374EFB2}
2011-11-27 16:18 - 2011-11-27 16:18 - 0054726 ____A C:\Users\OWNER\Downloads\cuisinart grinder.amr
2011-11-27 16:00 - 2011-11-27 16:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\{AB8675E1-F4A2-4630-9EDF-7BED8C01FF6A}
2011-11-27 16:00 - 2011-11-27 16:00 - 0000000 ____D C:\Users\OWNER\AppData\Local\{604BB66D-6D26-4879-96F5-69E84DA9490A}
2011-11-26 09:28 - 2011-11-26 09:28 - 0000000 ____D C:\Users\OWNER\AppData\Local\{C5C3EF2C-1404-4C42-AC02-40117659859A}
2011-11-26 09:27 - 2011-11-26 09:27 - 0000000 ____D C:\Users\OWNER\AppData\Local\{DE8413CF-1B07-472F-AF3B-8B03481E349F}
2011-11-24 09:52 - 2011-11-24 09:52 - 0000000 ____D C:\Users\OWNER\AppData\Local\{A40462D8-3754-42E5-8E79-337880DD262A}
2011-11-24 09:52 - 2011-11-23 09:51 - 0000000 ____D C:\Users\OWNER\AppData\Local\{F4B707E9-13EA-406B-B53C-3477C908DA77}
2011-11-23 21:52 - 2011-11-23 21:52 - 0000000 ____D C:\Users\OWNER\AppData\Local\{675AF5BE-F8D8-4676-8BFF-322D92CC471F}
2011-11-23 16:40 - 2011-11-23 16:40 - 0100193 ____A C:\Users\OWNER\Downloads\securedoc (1).html
2011-11-23 15:41 - 2011-11-23 15:41 - 0000000 ____D C:\Users\OWNER\AppData\Roaming\Mozilla
2011-11-23 10:07 - 2011-01-10 20:13 - 0000000 ____D C:\Users\OWNER\Documents\FSA Spending Account
2011-11-23 10:07 - 2007-11-06 20:41 - 0000000 ____D C:\Users\OWNER\Documents\My Scans
2011-11-23 09:51 - 2011-11-23 09:51 - 0000000 ____D C:\Users\OWNER\AppData\Local\{C0F3642F-3A88-4BC9-B985-B21CCFBA5664}
2011-11-23 08:37 - 2011-12-17 06:38 - 2043904 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-22 17:43 - 2011-11-22 17:43 - 0000000 ____D C:\Users\OWNER\AppData\Local\{7D446AEF-826B-4A45-B3D2-252C32CDA359}
2011-11-22 17:43 - 2011-11-21 17:41 - 0000000 ____D C:\Users\OWNER\AppData\Local\{F6D99392-D194-4CC7-A2B4-A12566055402}
2011-11-22 05:43 - 2011-11-22 05:43 - 0000000 ____D C:\Users\OWNER\AppData\Local\{F093790F-B0A8-4DD7-A94E-C1A7372C0674}
2011-11-21 17:42 - 2011-11-21 17:42 - 0000000 ____D C:\Users\OWNER\AppData\Local\{2FC192B8-78B1-4601-8A0A-E7734F0A3902}
2011-11-20 18:02 - 2011-01-18 19:16 - 0000000 ____D C:\Users\OWNER\Documents\My Digital Editions
2011-11-20 16:25 - 2011-11-20 16:24 - 0000000 ____D C:\Users\OWNER\AppData\Local\{FE396A6C-9B59-4223-A795-A5E523C0C295}
2011-11-20 16:24 - 2011-11-20 16:24 - 0000000 ____D C:\Users\OWNER\AppData\Local\{6ABDD2AA-C6BE-4B82-8004-D16EF3DFFCD7}
2011-11-15 16:12 - 2011-11-15 16:12 - 0000000 ____D C:\Users\OWNER\AppData\Local\{EBE07D16-2250-4346-B148-CB0C1F0A2D7A}
2011-11-15 16:12 - 2011-11-15 16:12 - 0000000 ____D C:\Users\OWNER\AppData\Local\{9A7C05AF-0D1B-4361-BE0C-6E57F8BDD3ED}
2011-11-13 14:54 - 2011-11-13 14:54 - 0000000 ____D C:\Users\OWNER\AppData\Local\{DF4AA70F-1E97-4AA4-8AA6-D5CAE14B0A2F}
2011-11-13 14:54 - 2011-11-13 14:53 - 0000000 ____D C:\Users\OWNER\AppData\Local\{C485905D-7D03-41D8-BC04-46F095E5D98B}
2011-11-11 19:39 - 2006-11-02 06:18 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-11 18:51 - 2011-11-11 18:51 - 0000000 ____D C:\Users\OWNER\AppData\Local\{BF439D29-EE22-4798-81CF-77CA74CD990A}
2011-11-11 18:51 - 2011-11-11 06:50 - 0000000 ____D C:\Users\OWNER\AppData\Local\{09A662D2-DBF4-46D1-B2B0-DD614C01FD60}
2011-11-11 06:51 - 2011-11-11 06:51 - 0000000 ____D C:\Users\OWNER\AppData\Local\{767D78D0-24CF-4D20-9738-F1CE89E68D33}
2011-11-08 09:42 - 2011-12-17 06:37 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-11-06 16:45 - 2011-11-06 16:45 - 0000000 ____D C:\Users\OWNER\AppData\Local\{BA0CC566-C570-4095-9AB2-77CEDABA48A6}
2011-11-06 16:45 - 2011-11-06 04:44 - 0000000 ____D C:\Users\OWNER\AppData\Local\{3FF241EF-7D11-42E7-BEAE-B4222E1D94AF}
2011-11-06 04:44 - 2011-11-06 04:44 - 0000000 ____D C:\Users\OWNER\AppData\Local\{44CB45F3-899F-49EE-9DF6-94369A590E62}
2011-11-03 18:02 - 2011-12-17 18:29 - 12279808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-11-03 17:47 - 2011-12-17 18:29 - 1798144 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-11-03 17:46 - 2011-12-17 18:29 - 9705472 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-11-03 17:40 - 2011-12-17 18:29 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-11-03 17:40 - 2011-12-17 18:29 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-11-03 17:39 - 2011-12-17 18:29 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-11-03 17:38 - 2011-12-17 18:29 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-11-03 17:37 - 2011-12-17 18:29 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-11-03 17:34 - 2011-12-17 18:29 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-11-03 17:32 - 2011-12-17 18:29 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-11-03 17:32 - 2011-12-17 18:29 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-11-03 17:31 - 2011-12-17 18:29 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-11-03 17:28 - 2011-12-17 18:29 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-10-31 06:16 - 2011-10-31 06:16 - 0000000 ____D C:\Users\OWNER\AppData\Local\{F4D81C3E-A5EF-4341-A13C-589963D4D904}
2011-10-31 06:16 - 2011-10-31 06:15 - 0000000 ____D C:\Users\OWNER\AppData\Local\{67E3475D-76E5-47C2-9070-BA76055B0519}
2011-10-28 08:17 - 2011-10-28 08:17 - 0000000 ____D C:\Program Files\QuickTime
2011-10-28 05:58 - 2011-10-28 05:57 - 0000000 ____D C:\Users\OWNER\AppData\Local\{6FC48DD7-EC27-477F-BF91-784BDCA37E3E}
2011-10-28 05:57 - 2011-10-28 05:57 - 0000000 ____D C:\Users\OWNER\AppData\Local\{0926CFA0-7E28-445D-9868-4380DB4601F0}
2011-10-27 03:01 - 2011-12-17 06:38 - 3602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2011-10-27 03:01 - 2011-12-17 06:38 - 3550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-10-25 10:56 - 2011-12-17 06:38 - 0049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-10-24 13:29 - 2011-10-24 13:29 - 0094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx
2011-10-24 13:29 - 2011-10-24 13:29 - 0069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts
2011-10-18 18:02 - 2011-10-18 18:02 - 0000000 ____D C:\Users\OWNER\AppData\Local\{BEE043A9-3B7E-4583-A798-0BF5B7C1167A}
2011-10-18 18:02 - 2011-10-18 18:02 - 0000000 ____D C:\Users\OWNER\AppData\Local\{138C5FEA-CEAA-4729-96F8-998367286F8C}
2011-10-18 17:58 - 2008-08-11 18:17 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2011-10-16 13:12 - 2011-10-16 13:12 - 0000000 ____D C:\Program Files\Bonjour
2011-10-16 07:22 - 2011-10-16 07:22 - 0000000 ____D C:\Users\OWNER\AppData\Local\{34373BF8-F952-4536-ABB1-21E0B96C16AF}
2011-10-16 07:22 - 2011-10-16 07:22 - 0000000 ____D C:\Users\OWNER\AppData\Local\{0FF3491D-C445-41A9-8FE6-100997667F51}
2011-10-15 03:53 - 2011-12-30 08:20 - 5578560 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2011-10-15 03:53 - 2011-12-30 08:20 - 2401088 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2011-10-15 03:53 - 2011-12-30 08:20 - 2099520 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2011-10-15 03:53 - 2011-12-30 08:20 - 18871616 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2011-10-15 03:53 - 2011-12-30 08:20 - 17248576 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2011-10-15 03:53 - 2011-12-30 08:20 - 10327360 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2011-10-15 03:53 - 2011-12-30 08:20 - 0919872 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
2011-10-15 03:53 - 2011-12-30 08:20 - 0877376 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
2011-10-15 03:53 - 2011-12-30 08:20 - 0061248 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2011-10-15 03:53 - 2011-12-28 20:54 - 0602432 ____A (NVIDIA Corporation) C:\Windows\System32\easyupdatusapiu.dll
2011-10-15 03:53 - 2010-10-08 00:57 - 6350144 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2011-10-15 03:53 - 2010-10-08 00:57 - 3840320 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc.dll
2011-10-15 03:53 - 2010-10-08 00:57 - 1136448 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2011-10-15 03:53 - 2010-10-08 00:57 - 0203072 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2011-10-15 03:53 - 2010-04-03 21:55 - 7041856 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2um.dll
2011-10-15 03:53 - 2010-04-03 21:55 - 0004359 ____A C:\Windows\System32\nvinfo.pb
2011-10-15 03:53 - 2010-04-03 17:27 - 0123712 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2011-10-15 03:53 - 2007-04-26 03:17 - 2458432 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
2011-10-15 03:53 - 2007-04-26 03:17 - 13205312 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dum.dll
2011-10-15 00:54 - 2011-10-15 00:54 - 0321856 ____A C:\Windows\System32\nvStreaming.exe
2011-10-14 11:02 - 2011-12-17 06:38 - 0429056 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-10-09 12:50 - 2011-10-09 12:50 - 0002725 ____A C:\Users\OWNER\Downloads\pharmacy_claim.csv
2011-10-09 06:41 - 2011-10-09 06:41 - 0000000 ____D C:\Users\OWNER\AppData\Local\{10FA69C6-0FFA-4751-B587-CC2BCD04E52E}
2011-10-09 06:41 - 2011-10-09 06:40 - 0000000 ____D C:\Users\OWNER\AppData\Local\{88761325-5FE2-488B-B06B-C56F2D183FE4}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 51%
Total physical RAM: 3324.86 MB
Available physical RAM: 1599.89 MB
Total Pagefile: 8247.9 MB
Available Pagefile: 6590.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.98 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.76 GB) (Free:72.8 GB) NTFS ==>[Drive with boot components]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 1024 KB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 466 GB Healthy System

Partitions of Disk 1:
===============

There are no partitions on this disk to show.

Disk: 1
The arguments specified for this command are not valid.
For more information on the command type: HELP SELECT PARTITION

There is no partition selected.

Partitions of Disk 2:
===============

There are no partitions on this disk to show.

Disk: 2
The arguments specified for this command are not valid.
For more information on the command type: HELP SELECT PARTITION

There is no partition selected.

Partitions of Disk 3:
===============

There are no partitions on this disk to show.

Disk: 3
The arguments specified for this command are not valid.
For more information on the command type: HELP SELECT PARTITION

There is no partition selected.

Partitions of Disk 4:
===============

There are no partitions on this disk to show.

Disk: 4
The arguments specified for this command are not valid.
For more information on the command type: HELP SELECT PARTITION

There is no partition selected.


==========================================================

Last Boot: 2012-01-05 20:31

======================= End Of Log ==========================
 
All looks clean.

You'll have to restore all missing items manually.
See if you can change desktop background manually.
Recreate desktop shortcuts manually.
As for Start menu see here: http://www.smartestcomputing.us.com...tart-menu-and-files-hiddendeleted-by-a-virus/
Scroll down to "Method 3 - manual".

Any other issues?

Whenever ready....

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Manual fix and OTL log

Thanks, I went through the manual process and got my desktop, shortcuts and start menu back. Below is part 1 of 2 for the OTL Log results. I had to do it in two due to number of characters. I will separately post the Extras Log.


OTL logfile created on: 1/5/2012 10:46:58 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\OWNER\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 56.79% Memory free
8.05 Gb Paging File | 6.57 Gb Available in Paging File | 81.59% Paging File free
Paging file location(s): c:\pagefile.sys 5000 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 74.74 Gb Free Space | 16.05% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC-DEN | User Name: OWNER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/05 21:36:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\OWNER\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/29 20:06:54 | 013,223,936 | ---- | M] (Google Inc.) -- C:\Users\OWNER\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 03:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 03:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/03 09:14:06 | 001,409,384 | ---- | M] (Garmin) -- C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/08/05 12:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/10 12:28:54 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSConnector.exe
PRC - [2011/01/10 12:28:52 | 000,603,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSTrayApp.exe
PRC - [2011/01/10 12:28:52 | 000,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\esClient.exe
PRC - [2011/01/10 11:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2011/01/10 11:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2011/01/10 11:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/01 14:49:58 | 000,257,888 | ---- | M] (Creative Home) -- C:\Program Files\Creative Home\Hallmark Card Studio Trial Edition 2009\Planner\PLNRnote.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/12 09:00:48 | 000,113,136 | ---- | M] () -- C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
PRC - [2008/02/19 12:07:04 | 000,502,800 | ---- | M] (Microsoft(R) Corporation) -- C:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe
PRC - [2007/08/20 10:47:54 | 000,774,144 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for ViewSonic\traybar.exe
PRC - [2007/08/17 15:37:16 | 002,567,680 | ---- | M] () -- C:\Program Files\Camera Assistant Software for ViewSonic\CEC_MAIN.exe
PRC - [2007/06/14 23:02:55 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/09 10:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/29 19:57:12 | 000,344,064 | ---- | M] () -- C:\Users\OWNER\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2011/11/29 19:57:02 | 000,346,624 | ---- | M] () -- C:\Users\OWNER\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2011/11/29 19:56:16 | 000,363,520 | ---- | M] () -- C:\Users\OWNER\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2011/11/29 19:56:06 | 000,198,656 | ---- | M] () -- C:\Users\OWNER\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2011/10/18 18:10:31 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\bd729791a7504ef9ecb4ad6ebfd94935\System.Xml.Linq.ni.dll
MOD - [2011/10/18 18:10:30 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll
MOD - [2011/10/18 18:07:13 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b67478ec034fdf811a748f1b6b5b1c95\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/18 18:06:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/18 18:02:55 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/18 18:01:18 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/18 18:01:10 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/10/16 18:01:22 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\813a0913bea1269e48613509609e72b4\PresentationFramework.ni.dll
MOD - [2011/10/16 18:01:09 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8244412387a82c0acd3d63622e22cef5\PresentationCore.ni.dll
MOD - [2011/10/16 18:01:04 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2de8b7360d6a58fa7fd1b451fa88dde6\System.Windows.Forms.ni.dll
MOD - [2011/10/16 18:01:01 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9dacf8a5033dfbcb435be166d2f42cdf\WindowsBase.ni.dll
MOD - [2011/10/16 18:00:58 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9211f2faac02f0082b201a95731736c4\PresentationFramework.Aero.ni.dll
MOD - [2011/10/16 18:00:56 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll
MOD - [2011/10/16 18:00:54 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll
MOD - [2011/10/16 18:00:52 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll
MOD - [2011/10/16 18:00:49 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4844dd28e0611d1ebd1e449fe822c2a5\System.Configuration.ni.dll
MOD - [2011/10/16 18:00:47 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll
MOD - [2011/10/16 18:00:40 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/10 11:47:40 | 000,158,208 | ---- | M] () -- C:\Program Files\Verizon\VSP\Windows7Features.dll
MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2008/12/20 00:26:06 | 002,625,536 | ---- | M] () -- C:\Program Files\Cucusoft\zune-converter\Filter\ffdshow.ax
MOD - [2008/06/12 09:00:48 | 000,113,136 | ---- | M] () -- C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
MOD - [2008/02/19 12:05:31 | 000,250,896 | ---- | M] () -- C:\Program Files\Microsoft Money Plus\MNYCoreFiles\myuni08.dll
MOD - [2007/08/17 15:37:16 | 002,567,680 | ---- | M] () -- C:\Program Files\Camera Assistant Software for ViewSonic\CEC_MAIN.exe
MOD - [2006/12/10 20:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 20:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (McciCMService)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/10 12:29:24 | 000,239,472 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
SRV - [2011/01/10 12:28:54 | 000,376,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV - [2011/01/10 12:28:52 | 000,097,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\esClient.exe -- (esClient)
SRV - [2011/01/10 11:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/23 09:08:34 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2008/06/23 09:08:28 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2008/06/23 09:06:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/06/23 09:06:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/06/23 09:05:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/01/05 22:01:25 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B58F7EE1-E390-42AB-9304-A9F09BF0E979}\MpKsl23834a70.sys -- (MpKsl23834a70)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/15 03:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/03/23 02:17:06 | 001,170,464 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/06/23 10:11:24 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2007/09/06 18:53:00 | 000,046,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BackupReader.sys -- (BackupReader)
DRV - [2007/08/21 00:13:04 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2007/06/14 23:07:39 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/05/09 08:37:54 | 000,434,176 | ---- | M] (Pinnacle a division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinAVS.sys -- (PinnacleMarvinAVS)
DRV - [2007/03/13 12:05:30 | 000,044,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006/09/22 11:11:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [2006/05/08 23:27:22 | 000,426,624 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinUsb.sys -- (PinnacleMarvinUSB)
DRV - [2005/07/13 15:55:22 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/07/07 02:01:12 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/02/09 11:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2005/01/20 22:38:04 | 000,073,344 | ---- | M] (LSI Logic Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DVxplore.sys -- (DVxplore)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: {69224684-5682-419b-9fe4-ef7946ee3319} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.washingtonpost.com/
IE - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 EE FF A1 B7 6B CA 01 [binary data]
IE - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..\URLSearchHook: {69224684-5682-419b-9fe4-ef7946ee3319} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)
IE - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..\URLSearchHook: {e413a417-d00b-4a3b-9c17-19048046f1ce} - C:\Program Files\johnqtv1\tbjohn.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ [2008/10/23 18:23:10 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2008/10/23 18:23:10 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\OWNER\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\OWNER\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\OWNER\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\OWNER\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/26 20:12:46 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\OWNER\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\OWNER\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Verizon Servicepoint (Enabled) = C:\Program Files\Verizon\VSP\nprpspa.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\OWNER\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\OWNER\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Entanglement = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Default = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
CHR - Extension: Poppit = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/01/04 19:48:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AOL Radio Toolbar Loader) - {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (johnqtv1 Toolbar) - {e413a417-d00b-4a3b-9c17-19048046f1ce} - C:\Program Files\johnqtv1\tbjohn.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AOL Radio Toolbar) - {9167da98-6f9b-46f1-991d-826cae46cab6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (johnqtv1 Toolbar) - {e413a417-d00b-4a3b-9c17-19048046f1ce} - C:\Program Files\johnqtv1\tbjohn.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..\Toolbar\WebBrowser: (AOL Radio Toolbar) - {9167DA98-6F9B-46F1-991D-826CAE46CAB6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..\Toolbar\WebBrowser: (johnqtv1 Toolbar) - {E413A417-D00B-4A3B-9C17-19048046F1CE} - C:\Program Files\johnqtv1\tbjohn.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for ViewSonic\traybar.exe (Chicony)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe ()
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000..\Run: [MoneyInsights] C:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe (Microsoft(R) Corporation)
O4 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000..\Run: [MusicManager] C:\Users\OWNER\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-4021511835-731674042-3818716740-1010..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4021511835-731674042-3818716740-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81920D7E-5609-4616-BCCD-A2BA500F3AA1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/07 09:38:18 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - vdrcodec.dll File not found
Drivers32: VIDC.MJPG - C:\Windows\System32\pvmjpg30.dll (Pegasus Imaging Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 21:36:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\OWNER\Desktop\OTL.exe
[2012/01/05 21:18:06 | 000,000,000 | ---D | C] -- C:\FRST
[2012/01/05 21:18:06 | 000,000,000 | ---D | C] -- \FRST
[2012/01/04 19:53:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/04 19:53:35 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2012/01/04 19:38:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/04 19:38:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/04 19:38:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/04 19:38:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/04 19:38:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/04 19:38:05 | 000,000,000 | ---D | C] -- \Qoobox
[2012/01/02 18:09:28 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{7298B8D8-C1FB-4AF3-B595-D9CF9287E74D}
[2012/01/02 18:09:04 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{3DDB63DB-EB9A-4F01-B115-78E2C88F20A3}
[2012/01/02 16:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/02 16:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/02 16:34:21 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/02 16:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/01 20:01:34 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{418E58D4-1348-4FAE-B094-9468DCCF0E5E}
[2012/01/01 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{B7FFD582-75BF-4597-A6F2-4EEB04D6451E}
[2012/01/01 18:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012/01/01 13:29:06 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/01 08:00:43 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{3799A976-DD16-4697-AAFB-E6AF0CE27E56}
[2012/01/01 08:00:21 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{F0F78033-C146-405C-9F9D-A89066AD9605}
[2011/12/31 10:38:20 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{CB731A8F-7714-42A8-91BE-D1EE7C943516}
[2011/12/31 10:37:52 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{D17A7992-834E-4D0A-A026-7FCA624949DC}
[2011/12/30 19:45:26 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{0E15062F-3981-40A8-8AD9-A02FC52BB1B1}
[2011/12/30 19:45:04 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{04CDFF29-AC6B-40BE-9C28-13AE5CE57F1F}
[2011/12/30 08:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/12/30 08:20:05 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/12/30 07:44:40 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{008C5F84-D810-4062-BB93-E2E3D6EA94C4}
[2011/12/30 07:44:30 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{8B3DD721-61BF-4C9A-9154-7702642CE903}
[2011/12/29 13:17:37 | 000,000,000 | ---D | C] -- C:\Users\OWNER\Documents\Allstate
[2011/12/29 11:13:53 | 000,000,000 | ---D | C] -- C:\Users\OWNER\Documents\Hall Bath
[2011/12/29 10:07:57 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{3C309ADD-8A53-4547-A842-2AFD25B103EA}
[2011/12/29 10:07:38 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{2F8E11C8-D6E2-4B3F-92F0-5BCE7AEE3694}
[2011/12/28 20:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2011/12/28 19:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2011/12/28 09:35:47 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{7F7F0E3E-7D31-41F5-9C67-62177DF216BF}
[2011/12/28 09:35:26 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{EFC84986-05D8-4D1F-A9AD-D89F26DC3E9B}
[2011/12/27 19:27:34 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{6ABA2B91-8FC8-496B-A1DD-2CFCD6667657}
[2011/12/27 19:27:13 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{2D99B19E-9AF2-4EB9-8B4C-372C3756AAD4}
[2011/12/27 07:26:59 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{E0082879-7A31-4211-87B5-70FB68931B3E}
[2011/12/27 07:26:34 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{E8793C07-5B7A-4BE8-A314-AE7429B6816D}
[2011/12/26 16:12:25 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{9607B1CC-472C-4E23-8B18-CF7F6934314E}
[2011/12/26 16:12:09 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{15AAF5A9-F8B3-4757-B0D1-8D0FAA8CABCF}
[2011/12/23 08:45:43 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{3A082929-01A2-4F19-BE6D-62013731A2F1}
[2011/12/23 08:45:19 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{C2536868-B2E9-4A5B-BD59-D009E562A8B9}
[2011/12/22 17:39:55 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{3C2FD598-EF72-49E9-ADA7-D0A4DD06B84C}
[2011/12/22 17:39:41 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{20BA3FC1-F841-412C-8D2F-A76CA6E6A8D9}
[2011/12/21 18:11:51 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{7AF92889-7DD8-4E9A-AAAD-71E69F84E710}
[2011/12/21 18:11:29 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{B5AA8C0F-E017-4728-812E-CD0E426593B9}
[2011/12/21 06:11:01 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{90F8E8DF-E2CE-44FE-A1E1-980B3B710C04}
[2011/12/21 06:10:43 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{4026FEBA-291A-4C51-AFA2-49C41C4ED3C1}
[2011/12/19 10:16:54 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{76548B33-D73A-494C-B6F7-E8AA68B05BA4}
[2011/12/19 10:16:41 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{CC925330-7BFA-421B-9816-4B4F9D748AAC}
[2011/12/18 17:15:53 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{65615064-A1EB-400A-9664-F0FAFB1AA476}
[2011/12/18 17:15:39 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{85C4E1B8-1F3D-43F9-A9B3-F3797DF82074}
[2011/12/17 17:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/17 17:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/17 17:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/17 06:31:32 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{0BCDEFBC-4B83-450C-AE1E-76D3B1B4ECF1}
[2011/12/17 06:31:20 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{77E37575-15D1-4DE6-AEB3-C32E983FB55C}
[2011/12/11 10:00:33 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{0D3C7A68-D8C3-4946-B311-4A6525A98379}
[2011/12/11 10:00:06 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\{108E2AE0-100C-48FF-B71F-10EB24388C35}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
OTL Log part 2 of 2

========== Files - Modified Within 30 Days ==========

[2012/01/05 22:41:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4021511835-731674042-3818716740-1000UA.job
[2012/01/05 22:36:41 | 000,002,305 | ---- | M] () -- C:\Users\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2012/01/05 22:35:19 | 000,001,989 | ---- | M] () -- C:\Users\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/05 22:34:51 | 000,000,949 | ---- | M] () -- C:\Users\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/01/05 22:10:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/05 22:07:08 | 000,614,692 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/05 22:07:08 | 000,108,654 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/05 22:01:42 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/01/05 22:01:24 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/05 22:01:23 | 000,004,176 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 22:01:23 | 000,004,176 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 22:01:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/05 22:01:12 | 3487,309,824 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/05 21:36:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\OWNER\Desktop\OTL.exe
[2012/01/04 19:48:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/02 16:31:26 | 000,002,032 | ---- | M] () -- C:\Users\OWNER\AppData\Local\d3d9caps.dat
[2012/01/01 18:42:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/12/31 17:54:39 | 000,517,728 | ---- | M] () -- C:\Users\OWNER\Documents\NewYearWish2012.pdf
[2011/12/31 17:54:06 | 000,368,640 | ---- | M] () -- C:\Users\OWNER\Documents\NewYearWish2012.pdf.pra
[2011/12/28 19:29:06 | 000,003,120 | ---- | M] () -- C:\Windows\System32\ALLFSAF8a.ocx
[2011/12/28 10:52:24 | 002,236,845 | ---- | M] () -- C:\Users\OWNER\Documents\DSC00012.JPG
[2011/12/28 10:52:02 | 002,205,667 | ---- | M] () -- C:\Users\OWNER\Documents\DSC00011.JPG
[2011/12/28 10:51:10 | 001,901,949 | ---- | M] () -- C:\Users\OWNER\Documents\DSC00010.JPG
[2011/12/28 10:50:58 | 001,850,996 | ---- | M] () -- C:\Users\OWNER\Documents\DSC00009.JPG
[2011/12/28 10:50:24 | 002,089,400 | ---- | M] () -- C:\Users\OWNER\Documents\DSC00008.JPG
[2011/12/28 10:50:10 | 002,354,554 | ---- | M] () -- C:\Users\OWNER\Documents\DSC00007.JPG
[2011/12/28 10:49:44 | 002,299,025 | ---- | M] () -- C:\Users\OWNER\Documents\DSC00006.JPG
[2011/12/27 07:41:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4021511835-731674042-3818716740-1000Core.job
[2011/12/26 16:29:41 | 000,121,344 | ---- | M] () -- C:\Users\OWNER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/18 17:12:51 | 000,513,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/17 09:24:16 | 000,330,034 | ---- | M] () -- C:\Users\OWNER\Documents\Daniela_12_Birthday2011.pdf
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/05 22:35:19 | 000,001,989 | ---- | C] () -- C:\Users\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/05 22:35:03 | 000,002,305 | ---- | C] () -- C:\Users\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2012/01/05 22:34:51 | 000,000,949 | ---- | C] () -- C:\Users\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/01/05 21:57:55 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/01/05 21:57:55 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/01/05 21:57:55 | 000,001,589 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/01/05 21:57:55 | 000,000,944 | ---- | C] () -- C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/01/05 21:57:55 | 000,000,915 | ---- | C] () -- C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/01/05 21:57:55 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2012/01/04 19:38:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/04 19:38:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/04 19:38:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/04 19:38:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/04 19:38:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/02 18:07:13 | 3487,309,824 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/02 18:07:13 | 3487,309,824 | -HS- | C] () -- \hiberfil.sys
[2011/12/31 17:54:37 | 000,517,728 | ---- | C] () -- C:\Users\OWNER\Documents\NewYearWish2012.pdf
[2011/12/31 17:54:06 | 000,368,640 | ---- | C] () -- C:\Users\OWNER\Documents\NewYearWish2012.pdf.pra
[2011/12/29 11:18:43 | 002,354,554 | ---- | C] () -- C:\Users\OWNER\Documents\DSC00007.JPG
[2011/12/29 11:18:43 | 002,299,025 | ---- | C] () -- C:\Users\OWNER\Documents\DSC00006.JPG
[2011/12/29 11:18:43 | 002,236,845 | ---- | C] () -- C:\Users\OWNER\Documents\DSC00012.JPG
[2011/12/29 11:18:43 | 002,205,667 | ---- | C] () -- C:\Users\OWNER\Documents\DSC00011.JPG
[2011/12/29 11:18:43 | 002,089,400 | ---- | C] () -- C:\Users\OWNER\Documents\DSC00008.JPG
[2011/12/29 11:18:43 | 001,901,949 | ---- | C] () -- C:\Users\OWNER\Documents\DSC00010.JPG
[2011/12/29 11:18:43 | 001,850,996 | ---- | C] () -- C:\Users\OWNER\Documents\DSC00009.JPG
[2011/12/28 19:29:06 | 000,003,120 | ---- | C] () -- C:\Windows\System32\ALLFSAF8a.ocx
[2011/12/17 09:20:08 | 000,330,034 | ---- | C] () -- C:\Users\OWNER\Documents\Daniela_12_Birthday2011.pdf
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2010/12/30 20:11:35 | 000,504,108 | ---- | C] () -- C:\Users\OWNER\AppData\Local\rx_image32.Cache
[2010/12/19 21:42:23 | 000,000,106 | ---- | C] () -- C:\Windows\VaultMediaClient.INI
[2010/08/29 14:26:20 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/05/19 19:47:37 | 000,139,264 | ---- | C] () -- C:\Windows\System32\gswin32c.exe
[2009/12/29 19:56:57 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/11/17 20:21:04 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009/11/15 07:54:10 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/13 11:42:54 | 000,000,094 | ---- | C] () -- C:\Windows\biblesuite1.ini
[2009/11/13 11:42:54 | 000,000,088 | ---- | C] () -- C:\Windows\bibsuitesavers.ini
[2009/11/13 11:42:54 | 000,000,031 | ---- | C] () -- C:\Windows\bibaudiosuite.ini
[2009/10/17 06:32:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/17 06:32:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/26 16:08:24 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2008/12/04 19:37:52 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/09/25 15:01:54 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/09/25 15:01:54 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/08/21 20:30:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/16 13:47:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2008/04/23 19:21:52 | 000,074,608 | ---- | C] () -- C:\Windows\TrueInstall.exe
[2008/03/26 18:56:36 | 000,096,577 | ---- | C] () -- C:\Windows\hpqins16.dat
[2008/03/10 18:20:16 | 000,002,026 | ---- | C] () -- C:\Windows\TLTitleData.ini
[2008/03/10 18:19:46 | 000,086,870 | ---- | C] () -- C:\Windows\System32\BerlitzSCR.dat
[2008/03/02 15:02:51 | 000,004,735 | ---- | C] () -- C:\Users\OWNER\AppData\Local\Tescan002.rtf
[2008/01/26 21:21:40 | 000,000,093 | ---- | C] () -- C:\Users\OWNER\AppData\Local\fusioncache.dat
[2007/12/31 23:41:45 | 018,082,864 | ---- | C] () -- C:\Users\OWNER\AppData\Local\rx_image.Cache
[2007/12/31 23:41:45 | 001,359,660 | ---- | C] () -- C:\Users\OWNER\AppData\Local\rx_audio.Cache
[2007/10/14 14:11:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/10/07 11:28:33 | 000,993,216 | ---- | C] () -- C:\Windows\System32\DVC.EXE
[2007/10/07 11:28:33 | 000,167,424 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2007/10/07 11:28:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\DVResampleru.dll
[2007/10/07 08:20:08 | 000,194,248 | ---- | C] () -- C:\Windows\System32\LTRFD13n.DLL
[2007/10/07 08:14:54 | 000,196,096 | ---- | C] () -- C:\Windows\System32\macd32.dll
[2007/10/07 08:14:54 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2007/10/07 08:14:54 | 000,136,192 | ---- | C] () -- C:\Windows\System32\mamc32.dll
[2007/10/07 08:14:54 | 000,057,856 | ---- | C] () -- C:\Windows\System32\masd32.dll
[2007/10/07 08:14:54 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2007/10/06 15:50:45 | 000,348,160 | ---- | C] () -- C:\Windows\System32\cdga.dll
[2007/10/06 12:48:22 | 000,148,935 | ---- | C] () -- C:\Windows\hpoins19.dat
[2007/10/06 12:46:42 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2007/10/06 11:41:10 | 000,404,480 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007/10/06 11:41:10 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007/10/06 11:41:10 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007/10/06 07:27:01 | 000,121,344 | ---- | C] () -- C:\Users\OWNER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/05 22:00:24 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2007/10/05 22:00:24 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2007/10/05 21:59:06 | 000,000,011 | ---- | C] () -- C:\Windows\VSWizard.ini
[2007/09/29 09:08:05 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2007/09/29 09:08:04 | 000,333,257 | RHS- | C] () -- \bootmgr
[2007/09/29 08:01:51 | 000,024,576 | ---- | C] () -- C:\Windows\System32\LSIReg.dll
[2007/09/28 17:31:20 | 000,002,032 | ---- | C] () -- C:\Users\OWNER\AppData\Local\d3d9caps.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,513,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,614,692 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,108,654 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 05:23:09 | 000,000,121 | ---- | C] () -- \AUTOEXEC.BAT
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 01:25:08 | 000,000,010 | ---- | C] () -- \config.sys
[2003/05/31 19:43:00 | 000,005,632 | ---- | C] () -- C:\Windows\TrueProcess.exe

========== LOP Check ==========

[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2007/12/31 15:18:07 | 000,000,000 | ---D | M] -- C:\Users\All Users\eSellerate
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2011/12/01 19:46:43 | 000,000,000 | ---D | M] -- C:\Users\All Users\GARMIN
[2009/10/21 06:14:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\Kiwee Toolbar2
[2009/01/18 18:16:18 | 000,000,000 | ---D | M] -- C:\Users\All Users\Nova Development
[2010/05/19 19:47:57 | 000,000,000 | ---D | M] -- C:\Users\All Users\OCRTemp
[2007/10/07 09:31:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\Pinnacle
[2007/10/07 09:31:38 | 000,000,000 | ---D | M] -- C:\Users\All Users\Pinnacle Studio
[2011/03/10 11:34:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Radialpoint
[2008/01/26 21:21:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\SmartSound Software Inc
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2010/12/30 19:58:18 | 000,000,000 | ---D | M] -- C:\Users\All Users\Uninstall
[2008/03/15 08:18:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\Windows Home Server
[2012/01/01 18:08:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\WindowsSearch
[2011/01/01 11:40:59 | 000,000,000 | ---D | M] -- C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006/11/02 06:18:34 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2006/11/02 08:02:03 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2006/11/02 05:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2007/10/07 08:16:30 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2008/03/03 19:53:28 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData
[2007/09/28 17:31:20 | 000,000,000 | -HSD | M] -- C:\Users\OWNER\Application Data
[2012/01/05 22:31:19 | 000,000,000 | ---D | M] -- C:\Users\OWNER\Audio Books
[2010/10/12 19:45:19 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Contacts
[2007/09/28 17:31:20 | 000,000,000 | -HSD | M] -- C:\Users\OWNER\Cookies
[2012/01/05 22:44:28 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Desktop
[2012/01/05 22:46:01 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Documents
[2012/01/05 22:44:28 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Downloads
[2011/02/13 08:43:15 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Favorites
[2007/10/05 20:02:56 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Links
[2007/09/28 17:31:20 | 000,000,000 | -HSD | M] -- C:\Users\OWNER\Local Settings
[2011/01/16 09:38:10 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Music
[2007/09/28 17:31:20 | 000,000,000 | -HSD | M] -- C:\Users\OWNER\My Documents
[2007/09/28 17:31:20 | 000,000,000 | -HSD | M] -- C:\Users\OWNER\NetHood
[2011/12/29 11:19:53 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Pictures
[2007/09/28 17:31:20 | 000,000,000 | -HSD | M] -- C:\Users\OWNER\PrintHood
[2007/09/28 17:31:20 | 000,000,000 | -HSD | M] -- C:\Users\OWNER\Recent
[2009/11/15 08:33:48 | 000,000,000 | ---D | M] -- C:\Users\OWNER\Ringtones
[2007/10/06 14:36:24 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Saved Games
[2007/10/05 20:02:56 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Searches
[2007/09/28 17:31:20 | 000,000,000 | -HSD | M] -- C:\Users\OWNER\SendTo
[2007/09/28 17:31:20 | 000,000,000 | -HSD | M] -- C:\Users\OWNER\Start Menu
[2007/09/28 17:31:20 | 000,000,000 | -HSD | M] -- C:\Users\OWNER\Templates
[2012/01/04 18:51:51 | 000,000,000 | ---D | M] -- C:\Users\OWNER\Tracing
[2011/11/22 08:00:29 | 000,000,000 | R--D | M] -- C:\Users\OWNER\Videos
[2012/01/04 19:53:33 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData
[2012/01/02 18:09:12 | 000,000,000 | R--D | M] -- C:\Users\Public\Desktop
[2007/11/18 14:43:44 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2006/11/02 07:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\Public\Favorites
[2007/11/18 11:55:54 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2007/10/07 08:16:30 | 000,000,000 | ---D | M] -- C:\Users\Public\My Documents
[2010/10/24 19:54:23 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2010/08/16 18:07:09 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2007/10/07 08:16:30 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2006/11/02 06:18:34 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData
[2011/12/28 20:54:36 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Application Data
[2011/12/28 20:54:37 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\Contacts
[2011/12/28 20:54:36 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Cookies
[2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Desktop
[2011/12/28 20:54:36 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Documents
[2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Downloads
[2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Favorites
[2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Links
[2011/12/28 20:54:36 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Local Settings
[2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Music
[2011/12/28 20:54:36 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\My Documents
[2011/12/28 20:54:36 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\NetHood
[2006/11/02 05:23:35 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Pictures
[2011/12/28 20:54:36 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\PrintHood
[2011/12/28 20:54:36 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Recent
[2006/11/02 05:23:35 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\Saved Games
[2011/12/28 20:54:37 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\Searches
[2011/12/28 20:54:36 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\SendTo
[2011/12/28 20:54:36 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Start Menu
[2011/12/28 20:54:36 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Templates
[2007/10/07 08:16:30 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Videos
[2012/01/05 21:58:58 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/10/07 09:38:18 | 000,000,121 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/09/29 09:08:05 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/01/04 19:53:32 | 000,013,558 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/11/15 07:53:52 | 000,087,497 | ---- | M] () -- C:\Cucu_Video_log.txt
[2012/01/05 22:01:12 | 3487,309,824 | -HS- | M] () -- C:\hiberfil.sys
[2007/10/05 22:00:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/03/04 20:41:08 | 000,015,215 | ---- | M] () -- C:\mombi.log
[2007/10/05 22:00:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/11/24 15:33:05 | 000,000,549 | ---- | M] () -- C:\NTDClient.log
[2012/01/05 22:01:11 | 947,912,703 | -HS- | M] () -- C:\pagefile.sys
[2008/12/06 10:33:36 | 000,000,000 | ---- | M] () -- C:\plx_proxy.log
[2007/09/28 17:58:06 | 000,000,206 | ---- | M] () -- C:\realtek.log
[2007/09/28 17:58:06 | 000,000,420 | ---- | M] () -- C:\RHDSetup.log
[2007/10/05 22:27:49 | 000,916,162 | ---- | M] () -- C:\TB.log

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/17 07:04:01 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/19 02:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2005/02/24 16:21:54 | 000,757,760 | ---- | M] (Frontier Groove Inc.) -- C:\Windows\AZVENA.scr
[2011/05/13 14:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/04/02 16:05:52 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2007/09/13 16:26:26 | 000,641,024 | ---- | M] () -- C:\Windows\system32\NEROINSTAEC43759.DB

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/01/05 22:34:51 | 000,000,082 | -HS- | M] () -- C:\Users\OWNER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/01/05 21:36:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\OWNER\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/12/30 08:23:04 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/12/30 08:22:34 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2008/04/02 16:04:39 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2008/04/02 16:04:39 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/12/30 08:22:34 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/12/30 19:56:03 | 000,000,402 | -HS- | M] () -- C:\Users\OWNER\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/05/04 19:51:04 | 000,004,211 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2009/11/17 20:21:04 | 000,000,133 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/08/29 14:26:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Tosci Slideshow.dmss:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Tosci 04162009.dmss:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Slideshow2.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Slideshow1.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Slideshow0.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Slideshow.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Silvesto E Giuseppa.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Path of Daggers 261.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Andrea Del Principe Kylee kate Sargant - Buonanotte Amore.jwl:Roxio EMC Stream

< End of report >
 
Extras Log part 1 of 2

OTL Extras logfile created on: 1/5/2012 10:46:58 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\OWNER\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 56.79% Memory free
8.05 Gb Paging File | 6.57 Gb Available in Paging File | 81.59% Paging File free
Paging file location(s): c:\pagefile.sys 5000 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 74.74 Gb Free Space | 16.05% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC-DEN | User Name: OWNER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0130B062-96C3-4C33-A11C-2F2F177838ED}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{057748BD-99E8-4A37-8803-DDD317307AF7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0626BB58-F604-4F34-9859-A6E1380B26A2}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{0E9EF908-ECAD-42F3-8A6D-8CE7C8CB51D5}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{128696C8-B7CD-47A3-9B65-34F20388A45D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1D1F75DD-92DC-456E-9A5B-8F781F8B6A47}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1F4B6381-AB3F-4C12-8C37-F7EAF4D02EF2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{20AF259C-BCD2-40A4-BE7D-BF6964C46775}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{22B221DA-3F02-4082-BEDD-684E9D45AEA6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A77E1E3-69D2-499F-9CB5-C2C75EC895FC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3071B60A-784C-4C07-9992-0831648085D8}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{335ABFBD-AD42-45A7-AC0B-E37A7055F175}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{37FCDC00-F019-4BC4-BB4F-A5AC4E475D24}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3934E592-AD2E-405D-9AC9-F47BDECDACC4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D3F49FB-5403-47C5-AE6A-0090869D0E99}" = lport=6331 | protocol=6 | dir=in | name=windows live onecare |
"{417F9C36-291A-4F49-B398-2078EC27D7F9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41EC1B85-B455-4F3B-8EC1-9355E9C5E191}" = rport=10243 | protocol=6 | dir=out | app=system |
"{45EF26A4-CDAA-4032-84F1-CCE5E5DD683A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{48C7FBB6-0E2E-4550-A884-2B1C5F60E961}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4901E274-F86C-4043-A71D-BDD222D9F8AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52235340-A264-4493-8B56-1682EE64D55F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5570ED42-21D8-4413-A966-DF5BDB47CF62}" = lport=10243 | protocol=6 | dir=in | app=system |
"{59ABA3D9-98E5-42DB-A4EA-34F7B22D603E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5ABE6C3F-F853-407B-8F9F-20BCEE8F36FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{615787A2-AD6C-46CF-80DC-EB1C22D1E289}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{64E54819-DB66-43E2-93BD-A6DF59C2F3A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{76A37A82-5744-4695-8C19-6B658EA094D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7949A94D-FE1F-4AF7-B55D-BE78BA7F8863}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7ABC3DF2-827C-404E-BC7F-8520AA039224}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7BA1D2B3-D6EA-4381-84CD-A79B0E3A33FF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7C230B74-2851-41FC-99F0-9B001B7FCEFD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7D868EBE-3E1E-48AF-88E4-BD3B433E049D}" = lport=1900 | protocol=17 | dir=in | app=%programfiles%\zune\zune.exe |
"{7F76ED14-4EFC-40F0-9F61-731E0AEA1B94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8AFA080E-27AD-430E-849A-E88548B96CDD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8D5C65E3-DF75-459E-9BAF-CFEA7076BF95}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8E04088E-2514-4915-AEF1-9CF2F550AE00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FF1D550-81D8-4943-A41B-5349CFA76B32}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9A615BB6-0069-4070-83B3-B1B8C4AE717F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9B40FC5C-A1BE-4471-B9A3-CF2E95B216D1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9C9F59C2-C58C-4379-9D40-5773E172D7C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A1FAD785-2B6D-4ED9-861D-40357C903874}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A242BAA8-9FDE-4BA0-A608-8C5FA88634F4}" = rport=2869 | protocol=6 | dir=out | app=system |
"{A3AE8197-CD29-4620-964A-E9396EBCC4D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A737CFB2-AAE9-4461-8625-39952AB722AE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A7473AE4-5ABB-4A52-A934-0BB43E7E02F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6A6838B-6275-46E3-978D-2F661C6FF228}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9ACA28E-DDE7-4A00-9843-1CD5BCD5C66C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CC3B5DFE-FE42-47F0-BD63-507928729D60}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CD27DEF1-B01D-4F5B-881A-6CC9DEC0836D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF95D667-0C63-4B72-8856-50C1298F3BF5}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D04FC068-4882-4640-A78F-9C14D3706895}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE1D34C9-DE61-4AF7-89E0-CEC5C2A7EF03}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E19309FA-D981-4BFA-9E02-DE4F46EAA846}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E62A2600-2962-4814-BB2E-87D5C86DA525}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E7AF5B55-8248-4132-96FA-A5FF0D8FC9E7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7D24B76-375C-4146-9E52-C8E85644F0EF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EADA1C34-B58A-4F88-9B69-8336FCC67DC4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB13796E-AC28-4236-80AB-B02EEE4A7F40}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0759104-98C8-48BB-8A4B-324072320741}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F726BD60-5376-4F97-BDE1-2B1D0BADECB3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FC94A511-89CF-48A6-936C-001A76A5490E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FD5E72-273A-488F-B353-9E95BF2FF0E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0BC37EB9-5AC3-436A-90D8-5CCB0984ABA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BFE5EE7-CFB4-4E4C-AD9C-1490E7BECE54}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0D7723B6-6CD9-4E1B-ACC8-0068771FDF53}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1343B8B6-58B0-41D7-BF72-A40785D9A271}" = protocol=17 | dir=in | app=c:\program files\roxio\digital home 10\roxioupnpservice10.exe |
"{1CCF2786-842A-4D18-8E56-309170B95073}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1DAF1323-2995-4752-A8A0-A0E7ACF98620}" = protocol=17 | dir=in | app=c:\program files\roxio\digital home 10\roxioupnpservice10.exe |
"{1FDA763F-5382-4D50-AD1F-290B05D927B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23FEC879-11D2-491E-86FF-A2F9AF0D49E2}" = protocol=17 | dir=in | app=c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe |
"{2C7A9DE5-56D5-4137-81AF-FEC139C57BA4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2CB98344-FD69-42F8-AEA4-95B021377ADB}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{2D41B30C-A44B-442D-88F9-22A5DCAC5ABE}" = protocol=6 | dir=in | app=c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe |
"{2ECCC785-DD8F-474D-8EDC-7B308A339A42}" = protocol=17 | dir=in | app=c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe |
"{379F6392-5C37-43D4-9E25-F5579C4246C2}" = protocol=17 | dir=in | app=c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe |
"{3A8CB746-421E-4809-8A94-6CF14551BD36}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{41C1B19C-3643-4F09-831E-3FE496C689BC}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 10\programs\pmsregisterfile.exe |
"{43C3DAA5-AC9D-428B-AB56-75793849DCBE}" = protocol=6 | dir=out | app=system |
"{456F0066-CEF6-4F55-BFA4-7834C91712D6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{46374AA3-A5A0-4E60-B608-25B22997DE70}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{467AA821-A178-446F-907B-AA6AE8D3346A}" = protocol=6 | dir=out | app=system |
"{49458302-4415-4FB7-B488-00FF4E1B3D27}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{499FE795-653A-404B-B77B-9F4EAD2EBFF1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B83154C-0682-4F0B-A45B-1F18F7B33CE0}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{51A4B50A-05FD-40D2-85C6-F1E1905E50B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51D4BC83-DA09-4BB9-A752-D59A182E81F6}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{53BF4EE2-D3F0-460E-BF57-22D47BD4503B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{53EB8557-CA0C-4AA4-9AF5-76E9C576939A}" = protocol=17 | dir=in | app=c:\program files\roxio\digital home 10\roxioupnprenderer10.exe |
"{5996B4E7-57F2-4445-9B59-640B050D22B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5AA25C1A-9F84-4797-88FB-2D808FC17AF3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5E4155F6-5B82-45A5-B1D4-7E13D6CCEEC7}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{6A16F458-D3FD-40FE-AECE-B6542CD8D93C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 10\programs\umi.exe |
"{6C472D7B-C1A0-4A8B-AC6C-E7CB7BCB0556}" = protocol=17 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |
"{6E4F7BC8-1332-44C8-935C-D32362B516D8}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{6ED4D756-212C-4778-9D14-25E1E8BF958B}" = protocol=6 | dir=in | app=c:\program files\roxio\digital home 10\roxioupnprenderer10.exe |
"{6F9D34B2-B502-4EAC-B166-4D233DFFAD88}" = protocol=6 | dir=out | app=system |
"{7051913A-4D23-47D8-BDE5-41A8589100C5}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{739F8EB0-B636-4C30-95A1-9308FE50A62F}" = protocol=6 | dir=in | app=c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe |
"{78A76EF1-C003-4C16-9BCC-B5700400C978}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 10\programs\rm.exe |
"{82C5E88B-F181-4417-82C5-8618AA3199D5}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{84210697-4E81-4759-A293-F7002635B926}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{84FC653C-E5BB-4D58-9170-1DCD9FF3ECD9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{85050E8B-5FF1-4E20-A4BF-9D494BC66C1B}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{868A98C4-8010-4A23-AB49-BCCAB4AFA7F8}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{8701DFE1-45C5-44A1-A6E1-72CA01FDF247}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{87B0DAB8-25DA-43AB-BFC3-646F413AED77}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{907025F9-4076-48B1-A1C6-70D089A05397}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{91A0D92E-AC56-43CB-BB16-AFC590F3F765}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93ECBCC1-BA9C-4202-AE2E-B6BAFB02B384}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{953156DA-4440-41AF-8608-C4937EDCA99D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9AC3E7E2-ECD9-4A02-9EDC-96E58DA48C27}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9AE4B073-E05F-4E7A-8DA0-0E3381E27C70}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9EF3DB9E-F0A8-4B58-9E6C-D4A6DF8A9EF3}" = protocol=6 | dir=in | app=c:\program files\roxio\digital home 10\roxioupnprenderer10.exe |
"{A466014A-860E-4803-868B-9266D87D2A23}" = protocol=6 | dir=in | app=c:\program files\roxio\digital home 10\roxioupnpservice10.exe |
"{A4CF2F54-E0A9-467E-A10F-E390DF5C4594}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 10\programs\studio.exe |
"{A5972EC6-F28C-4C98-9582-E9A3CE6C8C2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A86F6848-732D-4AAF-9B2C-8FE0AA5B8662}" = protocol=6 | dir=out | app=system |
"{AFA92881-DF1C-45CD-8FF1-6CF6FFF6EBDB}" = protocol=17 | dir=in | app=c:\program files\roxio\digital home 10\roxioupnpservice10.exe |
"{B3B6F03B-7229-4752-B0C5-7D78890AC461}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{B4D31F3C-238E-4A5B-A2E8-5C7E7A829750}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B6EF933F-4758-4614-9949-FFB0CE935FB2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA47B61B-6A4C-43DB-8E7A-3F9E8FD4F466}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{BE513763-ADA8-4166-9259-1D0D76B5178B}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 10\programs\rm.exe |
"{BED40899-41AE-454D-A934-6685D183002C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{BFEB84FC-083E-4B51-89C9-AAD4CFB8F128}" = protocol=6 | dir=out | app=system |
"{C06E8A8C-24FA-438D-BCF8-458FC89DE157}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C25DB5EF-54E9-4D94-B91C-FA575363D5CA}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 10\programs\studio.exe |
"{CD283F75-5102-45F3-8F60-95649BFACDAF}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D02194BA-ABED-43B7-A8D5-A8E72F47FE97}" = protocol=6 | dir=in | app=c:\program files\roxio\digital home 10\roxioupnpservice10.exe |
"{D140EBF0-1341-4C65-998D-087BBFB8CE0A}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{D1F1B65C-D4F7-4040-A23E-20FB83F67762}" = protocol=6 | dir=out | app=system |
"{D5E997FD-C2B6-4C87-ACDB-5F29E6251D18}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DCA1D227-5DF6-4348-B836-CF760C235B77}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{E5804615-1199-4B6A-9EE3-FDC142D722AE}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{F1AF71A8-5DBD-4E6D-A648-E89A673E719C}" = protocol=6 | dir=in | app=c:\program files\roxio\digital home 10\roxioupnpservice10.exe |
"{F2A69896-3318-4198-AA97-C8A71CE4DE2C}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{F3C39E36-E7F4-495F-B902-0EA471EECDF2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F40A6641-1B3E-4744-9161-A15005D5FDF6}" = protocol=17 | dir=in | app=c:\program files\roxio\digital home 10\roxioupnprenderer10.exe |
"{F801EF96-448E-46CC-9EBC-917D609D6A63}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F829267D-F445-4F24-A666-0DCC783BB52C}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 10\programs\pmsregisterfile.exe |
"{F8A24608-45B3-4E68-B986-DEC3591B2808}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{F8F05C24-B33C-4E94-ACA1-66EBB487B9E0}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 10\programs\umi.exe |
"{FCCBF37A-1CFA-4B11-927F-35183BB212C5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FCF53428-82B3-4973-95DC-3761E9CC43F2}" = protocol=6 | dir=in | app=c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe |
"{FD791C01-09FB-40F9-A205-AF58C55FE78F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FDB38BF3-432B-40C0-A00D-CDD5027181C2}" = protocol=6 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |
"{FECC87AB-65C4-4E7C-9870-A4C89E35220E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{47979139-70A4-4A39-BAFE-8BA0F854E1E3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4C515785-C349-40E4-8660-D4462D5AF4A3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{5383F590-75A1-4866-B4FB-175385430595}C:\program files\pinnacle\studio 10\programs\studio.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 10\programs\studio.exe |
"TCP Query User{97F28B83-26E9-4542-8E5B-DA6778E8C80D}C:\program files\verizon\verizon media manager\release\verizon media manager.exe" = protocol=6 | dir=in | app=c:\program files\verizon\verizon media manager\release\verizon media manager.exe |
"UDP Query User{3437124A-267A-4551-9F60-0FDDC223DFA9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{96A4CCF4-EDBA-4DB0-94AE-5A6751BE9380}C:\program files\verizon\verizon media manager\release\verizon media manager.exe" = protocol=17 | dir=in | app=c:\program files\verizon\verizon media manager\release\verizon media manager.exe |
"UDP Query User{E72A0FC3-52F2-48A2-8752-2E3EC234506E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{F9582E48-0A31-4900-A825-045033E76D27}C:\program files\pinnacle\studio 10\programs\studio.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 10\programs\studio.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA ForceWare Multimedia
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0F052922-4BCE-4763-A540-00857554336D}" = Redist
"{12A3AF78-CBB5-484B-AE87-927C4DE6B9A8}" = Garmin City Navigator North America NT 2011.10 Update
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AAE4354-EE96-4414-B5A5-726162E60700}" = Berlitz Learning System - Italian
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20CFBF87-73BD-4EC5-80B4-9C894126BD14}" = TurboTax 2008 wvaiper
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server Connector
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{311C9C43-C4E2-442C-BCB4-D86DB2BF81D1}" = MemoriesOnTV
"{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3D29DFC0-EAA2-012B-AED3-000000000000}" = TurboTax 2009 wvaiper
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E67A8DA-FE7B-4160-8465-F5571EA18753}" = Roxio Disc Gallery
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator
"{53CDAAAB-6D41-4A36-BAA4-90261DE31B13}" = NetZero For Cosmi
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{59716973-C123-4B46-B44B-36FCD9CEB8A3}" = Print Artist 22 Platinum
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69EB5C18-1222-41F1-8C75-69B5F55F4321}" = Garmin Lifetime Updater
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{6F50C41C-6CFB-49E1-AF91-E1AACDE24FBA}" = Garmin City Navigator North America NT 2012.30 Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71DFAA65-77FA-41F3-A748-013B5A8524A3}" = Garmin City Navigator North America NT 2010.30
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789FC4C2-7DEE-4dc0-9E12-9A013AE80C8E}" = 3300
"{78AE804E-C0CD-4E81-8C3B-63061742800D}" = Multimedia Bible and Christian References
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B1FF9C5-ABDE-4D1B-BE70-DF6A4A546131}" = Hallmark Card Studio Trial Edition 2009
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{964D07BE-460C-4862-B59C-49575B8F46DC}" = Google SketchUp Pro 8
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A9A1828-31D1-4590-A99F-022B7237AFAE}" = Roxio MediaShare
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A0724A7E-F4E7-498e-B3F9-6FB2B909E56E}" = 3100_3200_3300_Help
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A6A9D7C4-1E5B-42FD-98F5-E067A942AEE1}" = AQUAZONE "Virtual Aquarium Collection"
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9FE08B0-7804-43FF-8B90-04EEC285FFF6}" = Microsoft Office Live Add-in Patches
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B986E497-3E38-4361-9F35-3FEC4F7FF771}" = Berlitz Before You Know It Flash Cards
"{BB830F9E-53B3-492F-B39C-2DF615D1C9E1}" = TurboTax 2010 wvaiper
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}" = Roxio Easy Media Creator 10 Suite
"{C33F3EF6-3625-4FE5-BCBA-41361C99AF1D}" = Camera Assistant Software for ViewSonic
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5B3C1B7-37C2-47B0-B6DD-EC53D3FB3B01}" = HP MediaSmart Server
"{D6F2C4FD-149A-4BA0-A95D-2A80F10EE751}" = OverDrive Media Console
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A43EF2-46A5-4de2-916A-C515D8AA1618}" = 3100_3200_3300trb
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E5538179-A892-499A-B7AA-8D7074EB203B}" = Vz In Home Agent
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F19F7B24-AAD4-4236-8475-5335483DA676}" = Avery Wizard 3.1
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows Vista Signed Files
"{FCC3BD6A-F118-475D-8748-7EE08EA0AF56}" = HDView for Internet Explorer
"{FD727056-F0C4-4811-9688-9EBF450D22C4}" = AXIS Media Control Embedded Installer
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF1482CF-D19B-44DD-B887-9698CB51DFD5}" = Studio 10.8 Patch
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AOL Radio Toolbar" = AOL Radio Toolbar
"Audit Support Center" = Audit Support Center 1.0
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"Cucusoft DVD to Zune + Zune Video Converter Suite_is1" = Cucusoft DVD to Zune + Zune Video Converter Suite 8.2.8.2
"Digital Editions" = Adobe Digital Editions
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HECI" = Intel(R) Management Engine Interface
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Wizard 3.1
"johnqtv1 Toolbar" = johnqtv1 Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Money2008b" = Microsoft Money Plus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PDF-File Converter" = PDF-File Converter
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.0
"Quicken WillMaker Plus 2007" = Quicken WillMaker Plus 2007
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.7.44
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SystemRequirementsLab" = System Requirements Lab
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Verizon Media Manager" = Verizon Media Manager
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Applications" = Verizon Yahoo! Applications
"Yahoo! Software Update" = Yahoo! Software Update
"Zune" = Zune
 
Extras Log part 2 of 2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4021511835-731674042-3818716740-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AOL Radio Toolbar" = AOL Radio Toolbar
"GoToMeeting" = GoToMeeting 4.5.0.457
"HuluDesktop" = Hulu Desktop
"MusicManager" = Music Manager
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/27/2011 9:55:22 PM | Computer Name = OWNER-PC-Den | Source = MsiInstaller | ID = 1023
Description =

Error - 12/29/2011 8:04:28 PM | Computer Name = OWNER-PC-Den | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module Flash10w.ocx, version 10.3.183.7, time stamp 0x4e52e8e0,
exception code 0xc0000005, fault offset 0x000ba050, process id 0xb04, application
start time 0x01ccc63ca0159b1b.

Error - 12/30/2011 9:37:30 AM | Computer Name = OWNER-PC-Den | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 15.4.3538.513, time stamp
0x4dcdb2b3, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000374, fault offset 0x000b06fc, process id 0xb5c, application
start time 0x01ccc6f09f64755b.

Error - 1/1/2012 6:43:23 PM | Computer Name = OWNER-PC-Den | Source = Application Error | ID = 1000
Description = Faulting application nvcplui.exe, version 3.9.731.0, time stamp 0x4e991d0e,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x0062fb28, process id 0xee8, application start time 0x01ccc8d6af2a8f60.

Error - 1/1/2012 8:07:38 PM | Computer Name = OWNER-PC-Den | Source = ESENT | ID = 488
Description = wlcomm (5796) C:\Users\OWNER\AppData\Local\Microsoft\Windows Live\Contacts\matthew_carpenter6@msn.com\15.4\:
An attempt to create the file "C:\Users\OWNER\AppData\Local\Microsoft\Windows Live\Contacts\matthew_carpenter6@msn.com\15.4\DBStore\contacts.pat"
failed with system error 5 (0x00000005): "Access is denied. ". The create file
operation will fail with error -1032 (0xfffffbf8).

Error - 1/1/2012 8:07:38 PM | Computer Name = OWNER-PC-Den | Source = ESENT | ID = 217
Description = wlcomm (5796) C:\Users\OWNER\AppData\Local\Microsoft\Windows Live\Contacts\matthew_carpenter6@msn.com\15.4\:
Error (-1032) during backup of a database (file C:\Users\OWNER\AppData\Local\Microsoft\Windows
Live\Contacts\matthew_carpenter6@msn.com\15.4\DBStore\contacts.edb). The database
will be unable to restore.

Error - 1/1/2012 8:07:38 PM | Computer Name = OWNER-PC-Den | Source = ESENT | ID = 215
Description = wlcomm (5796) C:\Users\OWNER\AppData\Local\Microsoft\Windows Live\Contacts\matthew_carpenter6@msn.com\15.4\:
The backup has been stopped because it was halted by the client or the connection
with the client failed.

Error - 1/2/2012 5:26:46 PM | Computer Name = OWNER-PC-Den | Source = EventSystem | ID = 4609
Description =

Error - 1/2/2012 8:20:40 PM | Computer Name = OWNER-PC-Den | Source = Application Error | ID = 1000
Description = Faulting application crppjugr.exe, version 1.0.15.15641, time stamp
0x4e21f2b1, faulting module crppjugr.exe, version 1.0.15.15641, time stamp 0x4e21f2b1,
exception code 0xc0000005, fault offset 0x0000c676, process id 0x127c, application
start time 0x01ccc9ad11fbc952.

Error - 1/2/2012 8:57:44 PM | Computer Name = OWNER-PC-Den | Source = Perflib | ID = 1010
Description =

[ Media Center Events ]
Error - 4/24/2010 1:01:49 PM | Computer Name = OWNER-PC-Den | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 4/30/2010 3:50:05 PM | Computer Name = OWNER-PC-Den | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 5/1/2010 5:47:36 PM | Computer Name = OWNER-PC-Den | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 5/24/2010 3:11:09 PM | Computer Name = OWNER-PC-Den | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 5/24/2010 4:17:10 PM | Computer Name = OWNER-PC-Den | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 5/28/2010 6:15:24 AM | Computer Name = OWNER-PC-Den | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 5/29/2010 12:11:22 PM | Computer Name = OWNER-PC-Den | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/6/2010 12:09:57 PM | Computer Name = OWNER-PC-Den | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/12/2010 12:00:24 PM | Computer Name = OWNER-PC-Den | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/1/2010 2:27:35 PM | Computer Name = OWNER-PC-Den | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 1/5/2012 11:01:50 PM | Computer Name = OWNER-PC-Den | Source = Service Control Manager | ID = 7009
Description =

Error - 1/5/2012 11:01:50 PM | Computer Name = OWNER-PC-Den | Source = Service Control Manager | ID = 7009
Description =

Error - 1/5/2012 11:01:50 PM | Computer Name = OWNER-PC-Den | Source = Service Control Manager | ID = 7000
Description =

Error - 1/5/2012 11:01:50 PM | Computer Name = OWNER-PC-Den | Source = Service Control Manager | ID = 7001
Description =

Error - 1/5/2012 11:01:50 PM | Computer Name = OWNER-PC-Den | Source = Service Control Manager | ID = 7026
Description =

Error - 1/5/2012 11:02:08 PM | Computer Name = OWNER-PC-Den | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 1/5/2012 11:03:40 PM | Computer Name = OWNER-PC-Den | Source = DCOM | ID = 10005
Description =

Error - 1/5/2012 11:03:40 PM | Computer Name = OWNER-PC-Den | Source = Service Control Manager | ID = 7009
Description =

Error - 1/5/2012 11:03:40 PM | Computer Name = OWNER-PC-Den | Source = DCOM | ID = 10005
Description =

Error - 1/5/2012 11:03:40 PM | Computer Name = OWNER-PC-Den | Source = Service Control Manager | ID = 7009
Description =


< End of report >
 
Clean up and thanks

Thanks for your help with removing this virus. I assume I can delete the downloaded programs and logs created through this process, correct? Let me know if there is anything else I need to do to clean up my PC.
 
Any current issues?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
    SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
    SRV - File not found [Auto | Stopped] -- -- (McciCMService)
    O15 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
    O15 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKU\S-1-5-21-4021511835-731674042-3818716740-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
    O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedopt...zTCPConfig.CAB (Reg Error: Key error.)
    @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Tosci Slideshow.dmss:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Tosci 04162009.dmss:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Slideshow2.dmsm:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Slideshow1.dmsm:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Slideshow0.dmsm:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Slideshow.dmsm:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Silvesto E Giuseppa.jwl:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Path of Daggers 261.wma:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\OWNER\Documents\Andrea Del Principe Kylee kate Sargant - Buonanotte Amore.jwl:Roxio EMC Stream
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

==============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

===================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Back