Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible virus,mutiple process running unknown.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible virus,mutiple process running unknown.

Unread postby rmrrar » October 14th, 2013, 4:16 pm

I started having issues after windows update did an update . It installed Microsoft security essentials 4.3.215.0 . My laptop has been extremely slow as before it was moderately swift to load up windows. I have thought that my computer might have a virus as there many process now running that have two or more of the same. I have also seen that there are services that I cant identify is they are threats or not. I have had alot of updates to my programs for net framework also that I never did but they are new to the computer. I have also been having internet lag and then my programs will stop responding and crash. I can use all the help I can get . Thanks, rmrrar.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720
Run by ROBERT at 14:48:32 on 2013-10-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2416 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe
C:\windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\node.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\ATT-SST\pcTrayApp.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k defragsvc
C:\windows\system32\dfrgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
uProxyOverride = <local>;*.local;192.168.*.*
mWinlogon: Userinit = C:\WINDOWS\SYSWOW64\Userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
mRun: [TkBellExe] "C:\program files (x86)\real\realplayer\update\realsched.exe" -osboot
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: $talisma_url$
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2C42FF12-A26B-49CF-95AC-E1FCD6686B28} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D37F6B86-617F-44FB-8D81-EFFCBC1C359E} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D37F6B86-617F-44FB-8D81-EFFCBC1C359E}\144545431373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D37F6B86-617F-44FB-8D81-EFFCBC1C359E}\2375942554338343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D37F6B86-617F-44FB-8D81-EFFCBC1C359E}\2456374702755637475627E6 : DHCPNameServer = 8.8.8.8 8.8.4.4 208.67.222.222
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe"
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-9-3 45856]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-10-23 202752]
R2 ATT MAHostService;ATT MAHostService;C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe [2013-8-26 321024]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HsfXAudioService;HsfXAudioService;C:\windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-10-24 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-10-24 126392]
R2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2013-10-9 342528]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 regi;regi;C:\windows\System32\drivers\regi.sys [2010-10-24 14112]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 CAXHWAZL;CAXHWAZL;C:\windows\System32\drivers\CAXHWAZL.sys [2009-2-13 292864]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-10-23 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-10-23 325152]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2010-10-23 932384]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2012-6-23 369152]
S2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-4-29 460288]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
S2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [?]
S3 Andbus;LGE Android Composite USB Device;C:\windows\System32\drivers\lgandbus.sys [2013-9-16 27944]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;C:\windows\System32\drivers\hitmanpro36.sys [2012-4-28 27936]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;C:\windows\System32\drivers\btblan.sys [2009-10-9 40320]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-6-2 25928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-12-12 19456]
S3 Revoflt;Revoflt;C:\windows\System32\drivers\revoflt.sys [2011-8-29 31800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-10-23 232992]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-10-23 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-12-12 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-1-3 1255736]
S4 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
.
=============== Created Last 30 ================
.
2013-10-14 18:46:03 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4C4C38C8-4F6E-4F5D-85ED-89456BAC040B}\mpengine.dll
2013-10-14 01:55:32 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-14 01:55:32 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-10-10 05:54:47 633856 ----a-w- C:\windows\System32\comctl32.dll
2013-10-10 05:52:12 102608 ----a-w- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 05:52:11 124112 ----a-w- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 05:52:09 461312 ----a-w- C:\windows\System32\scavengeui.dll
2013-10-10 01:58:18 -------- d-----w- C:\Program Files (x86)\Motive
2013-10-09 23:21:18 -------- d-----w- C:\Program Files (x86)\Yahoo!
2013-10-09 23:19:20 -------- d-----w- C:\Program Files\ATT-SST
2013-10-09 23:19:09 -------- d-----w- C:\Program Files (x86)\ATT-SST
2013-10-09 05:44:00 17813896 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2013-10-07 19:06:08 -------- d-----w- C:\1c5ffd6c744d58c33beb8eec8e
2013-09-28 03:43:12 19169637 ----a-w- C:\windows\SysWow64\KBDcache.DLL
2013-09-28 03:42:54 3584 ----a-w- C:\windows\System32\thunk.dll
2013-09-28 03:42:54 1536 ----a-w- C:\windows\SysWow64\thunk.dll
2013-09-26 21:43:25 56 ----a-w- C:\windows\SysWow64\dot3com.dat.dll
2013-09-17 04:22:40 27944 ----a-w- C:\windows\System32\drivers\lgandbus.sys
2013-09-17 04:19:00 -------- d-----w- C:\Users\ROBERT\AppData\Local\Wondershare
2013-09-17 04:19:00 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
2013-09-17 04:18:56 -------- d-----w- C:\Users\ROBERT\AppData\Roaming\Wondershare
2013-09-17 04:18:56 -------- d-----w- C:\Users\ROBERT\.android
.
==================== Find3M ====================
.
2013-09-22 23:28:06 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\windows\SysWow64\mswsock.dll
2013-09-03 06:43:49 173 ----a-w- C:\windows\DeleteOnReboot.bat
2013-09-03 06:31:25 45856 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2013-08-29 02:17:48 5549504 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\windows\System32\win32k.sys
2013-08-07 09:22:02 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-08-05 02:25:45 155584 ----a-w- C:\windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 12:09:36 983488 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-21 17:09:36 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2013-07-21 17:09:36 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2013-07-19 01:58:42 2048 ----a-w- C:\windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll
.
============= FINISH: 14:48:51.11 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/2/2011 10:51:07 PM
System Uptime: 10/14/2013 1:46:48 PM (1 hours ago)
.
Motherboard: TOSHIBA | | NALAE
Processor: AMD Turion(tm) II P540 Dual-Core Processor | Socket M2/S1G1 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 190.407 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP455: 10/1/2013 4:26:33 PM - Windows Update
RP456: 10/3/2013 12:26:39 AM - Revo Uninstaller's restore point - Mozilla Firefox 23.0 (x86 en-US)
RP457: 10/3/2013 12:28:34 AM - Revo Uninstaller's restore point - OBBO Android SMS & Contacts Backup 2.0
RP458: 10/5/2013 3:25:07 PM - Windows Update
RP459: 10/7/2013 2:00:00 PM - Windows Update
RP460: 10/7/2013 2:30:13 PM - Windows Update
RP461: 10/9/2013 9:55:51 PM - Windows Update
RP462: 10/10/2013 3:00:18 AM - Windows Update
RP463: 10/13/2013 6:03:48 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.02)
Amazon Links
Apple Mobile Device Support
Apple Software Update
AT&T Troubleshoot & Resolve Tool
ATI Catalyst Install Manager
ATT Management Agent
Audacity 2.0.3
Bonjour
Canon MG2100 series MP Drivers
ccc-utility64
CopyTrans Suite Remove Only
Corel WinDVD
Dragon NaturallySpeaking 11
ffdshow [rev 2527] [2008-12-19]
Glary Utilities 2.43.0.1419
Google Chrome
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Label@Once 1.0
LeapFrog Connect
LeapFrog Leapster Explorer Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Quickbooks Financial Center
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows 7
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RealUpgrade 1.1
Revo Uninstaller 1.94
Revo Uninstaller Pro 2.5.3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
SketchUp 2013
Skype Launcher
Synaptics Pointing Device Driver
Torres Box Tuning Calculator version 1.1
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
Utility Common Driver
V.92 Modem On Hold
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
Vivitar Experience Image Manager
Vodafone WCDMA Composite Device Drive Software
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live Sync
.
==== Event Viewer Messages From Past Week ========
.
10/9/2013 5:40:40 PM, Error: Service Control Manager [7000] - The ATT MAHostService service failed to start due to the following error: The system cannot find the path specified.
10/8/2013 5:25:23 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/8/2013 5:16:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/8/2013 5:16:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/8/2013 5:16:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/8/2013 5:16:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/8/2013 5:16:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/8/2013 5:16:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/8/2013 5:15:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
10/8/2013 5:15:35 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/8/2013 5:15:35 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/8/2013 5:15:35 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/8/2013 5:15:35 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/8/2013 5:15:35 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/8/2013 5:15:35 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/8/2013 5:15:35 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/8/2013 5:15:35 AM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/8/2013 5:15:35 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/8/2013 5:15:35 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/8/2013 5:15:35 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
10/8/2013 11:53:29 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8004be5060, 0xfffff80000b9c518, 0xfffffa800640a010). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 100813-24289-01.
10/7/2013 2:12:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter
10/14/2013 2:19:01 PM, Error: Service Control Manager [7034] - The pcCMService64 service terminated unexpectedly. It has done this 1 time(s).
10/14/2013 2:18:55 PM, Error: Service Control Manager [7034] - The pcCMService service terminated unexpectedly. It has done this 1 time(s).
10/14/2013 2:08:22 PM, Error: Service Control Manager [7034] - The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
10/14/2013 1:47:21 PM, Error: Service Control Manager [7000] - The vToolbarUpdater15.4.0 service failed to start due to the following error: The system cannot find the file specified.
10/12/2013 9:33:24 AM, Error: Microsoft Antimalware [2001] -
10/12/2013 11:39:29 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8006148060, 0xfffff80000b9c518, 0xfffffa8007e6d760). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 101213-18049-01.
10/11/2013 9:12:52 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am
Advertisement
Register to Remove

Re: Possible virus,mutiple process running unknown.

Unread postby wannabeageek » October 17th, 2013, 1:45 am

Hi rmrrar, and Welcome back to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



It seems rather strange that your logs show no Anti-Virus programs listed in the Installed Programs list, yet there are remnants for AVG, Norton PC Checkup and no trace of Microsoft Security Essentials.

Please run OTL and pay close attention to the instructions as they are slightly different from normal. You may wish to post each log individually, as they will be very long.


OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click the Scan All Users checkbox.
  3. Files Scans Block - Change the File age to 60 days
  4. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
  5. Check the LOP and the Purity Check boxes.
    Leave the remaining selections to the default settings.
  6. Click on Run Scan at the top left hand corner.
  7. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  8. Please post the contents of both OTL.txt and Extras.txt files in your next reply.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Possible virus,mutiple process running unknown.

Unread postby rmrrar » October 17th, 2013, 4:36 am

OTL logfile created on: 10/17/2013 3:23:45 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ROBERT\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 66.04% Memory free
7.49 Gb Paging File | 6.09 Gb Available in Paging File | 81.31% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.75 Gb Total Space | 189.73 Gb Free Space | 66.40% Space Free | Partition Type: NTFS

Computer Name: ROBERT-PC | User Name: ROBERT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2013/10/17 03:22:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ROBERT\Downloads\OTL (1).exe
PRC - [2013/10/03 01:03:07 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/08/26 15:29:16 | 005,271,040 | ---- | M] (Joyent, Inc) -- C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\node.exe
PRC - [2013/08/26 15:29:16 | 000,321,024 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe
PRC - [2013/07/21 12:09:40 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/06/26 16:37:56 | 007,391,232 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2013/05/07 10:54:02 | 000,342,528 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
PRC - [2013/04/16 03:09:06 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/03/02 19:23:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/16 11:36:04 | 000,225,280 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
PRC - [2011/06/04 10:35:07 | 000,123,320 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
PRC - [2010/07/23 11:53:16 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
PRC - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/03 01:03:05 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 01:03:03 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 01:02:12 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 01:02:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 01:02:09 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/02 21:18:16 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
SRV:64bit: - [2010/04/06 16:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/03/15 11:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/23 19:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 00:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013/08/26 15:29:16 | 000,321,024 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe -- (ATT MAHostService)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/06/26 16:37:56 | 007,391,232 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2013/05/07 10:54:02 | 000,342,528 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/03/02 19:23:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/04 10:35:07 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/11/29 15:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/07/23 12:29:18 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/29 13:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/16 23:22:40 | 000,027,944 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus.sys -- (Andbus)
DRV:64bit: - [2013/09/03 01:31:25 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/22 09:52:08 | 000,075,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/26 21:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/06/26 21:38:30 | 000,023,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2012/04/28 17:05:16 | 000,027,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/04/28 13:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/03/15 12:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/15 11:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/02 15:05:26 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2010/02/02 15:05:26 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2010/01/12 16:37:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/07 11:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/02 17:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/10/09 22:22:42 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (LeapFrog-USBLAN)
DRV:64bit: - [2009/10/07 20:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 20:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/30 23:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/29 13:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/13 00:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 00:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 00:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/04/17 13:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2006/06/18 08:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2010/02/02 15:09:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/02/02 15:09:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/04/17 22:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{9C9A7121-333C-4183-94FE-593770E56758}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{413D6B5A-DDF9-452B-8138-3FB88131DF57}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1876674280-98715098-3197743793-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1876674280-98715098-3197743793-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1876674280-98715098-3197743793-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-1876674280-98715098-3197743793-1001\..\SearchScopes,DefaultScope = {26D159A9-FE30-477D-9A8A-0F58638F2C54}
IE - HKU\S-1-5-21-1876674280-98715098-3197743793-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1876674280-98715098-3197743793-1001\..\SearchScopes\{26D159A9-FE30-477D-9A8A-0F58638F2C54}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1876674280-98715098-3197743793-1001\..\SearchScopes\{413D6B5A-DDF9-452B-8138-3FB88131DF57}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
IE - HKU\S-1-5-21-1876674280-98715098-3197743793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1876674280-98715098-3197743793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local;192.168.*.*


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/21 12:10:35 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: RealDownloader = C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_2\
CHR - Extension: Chrome In-App Payments service = C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: RealDownloader = C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_2\
CHR - Extension: Chrome In-App Payments service = C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKU\S-1-5-21-1876674280-98715098-3197743793-1001\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1876674280-98715098-3197743793-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\pcTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [TkBellExe] C:\program files (x86)\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1876674280-98715098-3197743793-1001..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1876674280-98715098-3197743793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1876674280-98715098-3197743793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1876674280-98715098-3197743793-1001\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C42FF12-A26B-49CF-95AC-E1FCD6686B28}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D37F6B86-617F-44FB-8D81-EFFCBC1C359E}: DhcpNameServer = 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSWOW64\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{347890f8-cfd0-11e2-988e-88ae1df4a0b2}\Shell - "" = AutoRun
O33 - MountPoints2\{347890f8-cfd0-11e2-988e-88ae1df4a0b2}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 60 Days ==========

[2013/10/13 20:55:32 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/10/13 20:55:32 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/10 03:14:44 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/10/10 03:14:43 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/10/10 03:14:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/10/10 03:14:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/10/10 03:14:41 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/10/10 03:14:41 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/10/10 03:14:40 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/10/10 03:14:40 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/10/10 03:14:40 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/10/10 03:14:40 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/10/10 03:14:39 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/10/10 03:14:36 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/10/10 03:14:35 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/10/10 03:14:35 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/10/10 03:14:33 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/10/10 00:54:47 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\comctl32.dll
[2013/10/10 00:54:44 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2013/10/10 00:54:44 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2013/10/10 00:54:44 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fontsub.dll
[2013/10/10 00:54:44 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fontsub.dll
[2013/10/10 00:54:44 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2013/10/10 00:54:44 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lpk.dll
[2013/10/10 00:54:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2013/10/10 00:54:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dciman32.dll
[2013/10/10 00:54:42 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\davclnt.dll
[2013/10/10 00:54:34 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys
[2013/10/10 00:54:34 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidparse.sys
[2013/10/10 00:54:31 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/10/10 00:54:30 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\advapi32.dll
[2013/10/10 00:54:27 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/10/10 00:54:27 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdh.dll
[2013/10/10 00:54:26 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/10/10 00:54:25 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdh.dll
[2013/10/10 00:54:24 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/10/10 00:54:23 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/10/10 00:54:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/10/10 00:54:22 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/10/10 00:54:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/10/10 00:54:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/10/10 00:54:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/10/10 00:52:12 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 00:52:11 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 00:52:09 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scavengeui.dll
[2013/10/09 20:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motive
[2013/10/09 18:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/10/09 18:21:19 | 000,000,000 | ---D | C] -- C:\Users\ROBERT\AppData\Roaming\Yahoo!
[2013/10/09 18:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2013/10/09 18:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AT&T
[2013/10/09 18:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\ATT-SST
[2013/10/09 18:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATT-SST
[2013/10/09 00:44:00 | 017,813,896 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2013/10/07 14:06:08 | 000,000,000 | ---D | C] -- C:\1c5ffd6c744d58c33beb8eec8e
[2013/09/16 23:22:40 | 000,027,944 | ---- | C] (LG Electronics Inc.) -- C:\windows\SysNative\drivers\lgandbus.sys
[2013/09/16 23:19:00 | 000,000,000 | ---D | C] -- C:\Users\ROBERT\AppData\Local\Wondershare
[2013/09/16 23:19:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2013/09/16 23:18:56 | 000,000,000 | ---D | C] -- C:\Users\ROBERT\AppData\Roaming\Wondershare
[2013/09/16 23:18:56 | 000,000,000 | ---D | C] -- C:\Users\ROBERT\.android
[2013/09/13 01:43:43 | 000,000,000 | ---D | C] -- C:\Users\ROBERT\AppData\Roaming\UpdaterEX
[2013/09/12 20:51:25 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\ataport.sys
[2013/09/12 20:51:20 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013/09/12 20:51:19 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013/09/12 20:51:19 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe
[2013/09/12 20:51:18 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013/09/12 20:51:18 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013/09/12 20:51:18 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2013/09/12 20:51:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/12 20:51:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/12 20:51:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/12 20:51:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/12 20:51:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/12 20:51:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/12 20:51:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/12 20:51:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/12 20:51:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/12 20:51:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/12 20:51:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/12 20:51:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/12 20:51:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/12 20:51:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/12 20:51:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/12 20:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/12 20:51:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll
[2013/09/12 20:51:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\apisetschema.dll
[2013/09/12 20:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/12 20:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/12 20:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/12 20:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/12 20:51:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013/09/03 01:32:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/03 01:32:16 | 000,000,000 | ---D | C] -- C:\Users\ROBERT\AppData\Local\AVG SafeGuard toolbar
[2013/09/03 01:31:45 | 000,045,856 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/09/03 01:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/09/03 01:31:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/08/23 03:09:27 | 000,000,000 | ---D | C] -- C:\Users\ROBERT\Desktop\New folder
[2013/08/23 03:09:12 | 000,000,000 | ---D | C] -- C:\Users\ROBERT\New folder (2)
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2013/10/17 03:14:52 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/17 03:14:52 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/17 03:13:00 | 000,780,264 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/10/17 03:13:00 | 000,661,028 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/10/17 03:13:00 | 000,121,666 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/10/17 03:06:57 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/17 03:06:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/10/17 03:06:31 | 3016,503,296 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/16 15:32:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/15 09:15:49 | 000,039,190 | ---- | M] () -- C:\Users\ROBERT\Desktop\profit loss.rtf
[2013/10/14 14:28:05 | 000,007,620 | ---- | M] () -- C:\Users\ROBERT\AppData\Local\Resmon.ResmonCfg
[2013/10/14 12:58:37 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/10/13 20:55:32 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/10/13 20:55:32 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/12 11:39:17 | 515,603,067 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/10/11 14:45:28 | 000,020,992 | ---- | M] () -- C:\Users\ROBERT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/10 05:40:43 | 000,288,280 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/10/10 03:12:06 | 000,774,480 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/10/09 20:51:29 | 000,002,251 | ---- | M] () -- C:\Users\ROBERT\Desktop\AT&T Webmail.lnk
[2013/10/09 20:51:29 | 000,002,243 | ---- | M] () -- C:\Users\ROBERT\Desktop\AT&T Internet Home.lnk
[2013/10/09 20:49:29 | 000,000,258 | RHS- | M] () -- C:\Users\ROBERT\ntuser.pol
[2013/10/09 18:20:42 | 000,002,242 | ---- | M] () -- C:\Users\Public\Desktop\AT&T Troubleshoot & Resolve Tool.lnk
[2013/10/09 00:44:02 | 017,813,896 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2013/10/08 13:47:15 | 000,000,661 | ---- | M] () -- C:\Users\ROBERT\Music\Documents\ROBERT - Shortcut.lnk
[2013/10/06 14:32:41 | 000,168,454 | ---- | M] () -- C:\Users\ROBERT\Desktop\keep dreamin rob.skp
[2013/10/06 08:31:24 | 020,946,943 | ---- | M] () -- C:\Users\ROBERT\Desktop\MOV146.3gp
[2013/10/05 15:39:29 | 000,002,154 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/03 18:44:36 | 019,169,637 | ---- | M] () -- C:\windows\SysWow64\KBDcache.DLL
[2013/10/03 18:43:48 | 000,001,536 | ---- | M] () -- C:\windows\SysWow64\thunk.dll
[2013/10/03 18:43:47 | 000,003,584 | ---- | M] () -- C:\windows\SysNative\thunk.dll
[2013/09/26 16:43:26 | 000,000,056 | ---- | M] () -- C:\windows\SysWow64\dot3com.dat.dll
[2013/09/25 10:02:01 | 000,126,296 | ---- | M] () -- C:\Users\ROBERT\Desktop\Form1003.pdf
[2013/09/22 18:27:49 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/09/22 18:27:48 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/09/22 18:27:48 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/09/22 18:27:48 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/09/22 18:27:48 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/09/22 17:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/09/22 17:54:55 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/09/22 17:54:51 | 003,959,296 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/09/22 17:54:51 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/09/22 17:54:50 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/09/22 17:54:50 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/09/22 17:54:50 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/09/22 17:54:50 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/09/20 21:48:36 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/09/20 21:39:47 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/17 14:23:01 | 000,019,193 | ---- | M] () -- C:\Users\ROBERT\Music\Documents\dispute results for credit report.rtf
[2013/09/16 23:22:40 | 000,027,944 | ---- | M] (LG Electronics Inc.) -- C:\windows\SysNative\drivers\lgandbus.sys
[2013/09/13 01:43:43 | 000,000,296 | ---- | M] () -- C:\windows\tasks\UpdaterEX.job
[2013/09/13 01:40:43 | 000,000,238 | -H-- | M] () -- C:\Users\ROBERT\AppData\Roaming\ROBERTlog.dat
[2013/09/03 14:03:05 | 000,861,682 | ---- | M] () -- C:\Users\ROBERT\Desktop\001.jpg
[2013/09/03 13:33:45 | 000,000,788 | ---- | M] () -- C:\Users\ROBERT\Desktop\Document.rtf
[2013/09/03 01:43:49 | 000,000,173 | ---- | M] () -- C:\windows\DeleteOnReboot.bat
[2013/09/03 01:31:25 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/08/28 21:17:48 | 005,549,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/08/28 21:16:35 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/08/28 21:16:28 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/08/28 21:16:14 | 000,859,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdh.dll
[2013/08/28 21:13:28 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\advapi32.dll
[2013/08/28 20:51:45 | 003,969,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/08/28 20:51:45 | 003,914,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/08/28 20:50:31 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/08/28 20:50:16 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdh.dll
[2013/08/28 19:49:53 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/08/28 19:49:52 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/08/28 19:49:52 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/08/28 19:49:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/08/27 20:12:33 | 000,461,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\scavengeui.dll
[2013/08/25 09:40:43 | 091,915,720 | ---- | M] () -- C:\Users\ROBERT\Desktop\Watch Video Of The Garland County Sheriff’s Department Press Conference On Derrick Estell And Tamara Upshaw’s Capture Hot Springs Daily.mp4
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/14 14:28:05 | 000,007,620 | ---- | C] () -- C:\Users\ROBERT\AppData\Local\Resmon.ResmonCfg
[2013/10/12 15:31:00 | 000,039,190 | ---- | C] () -- C:\Users\ROBERT\Desktop\profit loss.rtf
[2013/10/09 18:20:42 | 000,002,242 | ---- | C] () -- C:\Users\Public\Desktop\AT&T Troubleshoot & Resolve Tool.lnk
[2013/10/09 18:20:21 | 000,002,251 | ---- | C] () -- C:\Users\ROBERT\Desktop\AT&T Webmail.lnk
[2013/10/09 18:20:21 | 000,002,243 | ---- | C] () -- C:\Users\ROBERT\Desktop\AT&T Internet Home.lnk
[2013/10/08 13:47:15 | 000,000,661 | ---- | C] () -- C:\Users\ROBERT\Music\Documents\ROBERT - Shortcut.lnk
[2013/10/08 11:53:17 | 515,603,067 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/10/06 14:32:41 | 000,168,454 | ---- | C] () -- C:\Users\ROBERT\Desktop\keep dreamin rob.skp
[2013/10/06 08:47:04 | 020,946,943 | ---- | C] () -- C:\Users\ROBERT\Desktop\MOV146.3gp
[2013/09/27 22:43:12 | 019,169,637 | ---- | C] () -- C:\windows\SysWow64\KBDcache.DLL
[2013/09/27 22:42:54 | 000,003,584 | ---- | C] () -- C:\windows\SysNative\thunk.dll
[2013/09/27 22:42:54 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\thunk.dll
[2013/09/26 16:43:25 | 000,000,056 | ---- | C] () -- C:\windows\SysWow64\dot3com.dat.dll
[2013/09/25 10:02:00 | 000,126,296 | ---- | C] () -- C:\Users\ROBERT\Desktop\Form1003.pdf
[2013/09/17 14:23:01 | 000,019,193 | ---- | C] () -- C:\Users\ROBERT\Music\Documents\dispute results for credit report.rtf
[2013/09/13 01:43:43 | 000,000,296 | ---- | C] () -- C:\windows\tasks\UpdaterEX.job
[2013/09/03 14:03:04 | 000,861,682 | ---- | C] () -- C:\Users\ROBERT\Desktop\001.jpg
[2013/09/03 13:33:45 | 000,000,788 | ---- | C] () -- C:\Users\ROBERT\Desktop\Document.rtf
[2013/09/03 01:43:40 | 000,000,173 | ---- | C] () -- C:\windows\DeleteOnReboot.bat
[2013/08/25 10:31:12 | 091,915,720 | ---- | C] () -- C:\Users\ROBERT\Desktop\Watch Video Of The Garland County Sheriff’s Department Press Conference On Derrick Estell And Tamara Upshaw’s Capture Hot Springs Daily.mp4
[2013/07/19 20:58:35 | 000,000,258 | RHS- | C] () -- C:\Users\ROBERT\ntuser.pol
[2013/07/13 19:55:50 | 000,165,376 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2013/07/13 19:52:51 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/06/11 06:41:08 | 000,020,992 | ---- | C] () -- C:\Users\ROBERT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/08 21:04:24 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2013/04/17 21:38:31 | 000,061,440 | ---- | C] () -- C:\windows\wnUninstall.exe
[2012/08/28 06:30:06 | 000,001,235 | ---- | C] () -- C:\Users\ROBERT\AppData\Roaming\SAS7_000.DAT
[2012/01/27 13:55:23 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/23 06:53:03 | 000,008,428 | ---- | C] () -- C:\Users\ROBERT\AppData\Roaming\UserTile.png
[2011/10/23 06:33:27 | 000,000,019 | ---- | C] () -- C:\windows\info9.ini
[2011/10/23 06:33:27 | 000,000,019 | ---- | C] () -- C:\windows\info7.ini
[2011/10/23 06:33:27 | 000,000,019 | ---- | C] () -- C:\windows\info4.ini
[2011/10/23 06:33:27 | 000,000,019 | ---- | C] () -- C:\windows\info10.ini
[2005/06/18 04:56:32 | 000,000,238 | -H-- | C] () -- C:\Users\ROBERT\AppData\Roaming\ROBERTlog.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/01/03 00:11:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Book Place
[2013/08/01 09:28:27 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Audacity
[2011/07/03 03:46:41 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Book Place
[2012/07/07 08:32:44 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Catalina Marketing Corp
[2013/07/19 21:29:37 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\CheckPoint
[2013/07/13 20:07:29 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\EZDownloader
[2012/10/17 21:40:06 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Genieo
[2011/08/29 17:01:07 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\GlarySoft
[2013/03/22 19:30:57 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Innova
[2012/11/12 03:57:49 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Mael
[2012/11/15 14:01:41 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\MusicNet
[2012/08/25 01:22:56 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Nuance
[2012/11/17 06:42:07 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Opera
[2012/03/20 02:59:27 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\PCTools
[2012/12/16 04:37:24 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Philipp Winterberg
[2011/11/01 05:11:11 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Product_PT
[2011/11/21 02:59:18 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\RepairShop 2.1
[2011/01/16 21:35:00 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Samsung
[2013/06/12 04:32:45 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\SketchUp
[2013/10/15 09:35:59 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\SoftGrid Client
[2011/11/08 00:10:25 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\SyncCell
[2011/01/14 19:35:32 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Temporary
[2011/11/01 09:56:42 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\TestApp
[2011/01/03 17:03:26 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Tific
[2011/12/02 07:16:51 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Toshiba
[2011/03/01 16:06:54 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\TP
[2011/01/14 19:35:32 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\TransRender
[2013/09/13 01:43:43 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\UpdaterEX
[2011/01/02 23:53:47 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\WinBatch
[2013/09/13 02:46:31 | 000,000,000 | RHSD | M] -- C:\Users\ROBERT\AppData\Roaming\WinDir
[2011/03/11 05:35:20 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Windows Live Writer
[2013/07/18 04:43:31 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\WindSolutions
[2013/09/16 23:19:00 | 000,000,000 | ---D | M] -- C:\Users\ROBERT\AppData\Roaming\Wondershare

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:82F50D1C

< End of report >
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Possible virus,mutiple process running unknown.

Unread postby rmrrar » October 17th, 2013, 4:37 am

OTL Extras logfile created on: 10/17/2013 3:23:45 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ROBERT\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 66.04% Memory free
7.49 Gb Paging File | 6.09 Gb Available in Paging File | 81.31% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.75 Gb Total Space | 189.73 Gb Free Space | 66.40% Space Free | Partition Type: NTFS

Computer Name: ROBERT-PC | User Name: ROBERT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1934E5D1-93FB-4F75-AC27-52364ED53F6E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26CBE1CD-988A-4930-9FC6-C0D827964428}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3BC0430D-0AB4-4087-AC61-4E0AE94F2F9A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7A877ABF-9DAC-4983-9605-696AC63DABA8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A92515ED-35D0-4176-8AB5-D994C72AA80B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BCC77E41-C3CC-41D8-B5BA-7F20079D1E33}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{C6646607-46CA-4696-86B0-E681B398F2F0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9FA4379-290B-4FBC-9A5A-C4F1525CEE3D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DFAC3213-4768-4FEB-9BD7-E4C20EDEE809}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E20AF60A-FB9D-42F6-9E7E-3FCB66825E4E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{239281D8-6D1B-4437-9E88-54B485802C03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2466B6A5-CF2B-400B-AAE8-A9569EC23D93}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{2922700B-B162-45C7-A331-16530CF67774}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4601B6F7-CEAA-4536-A53B-2EE6DE6D276C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{47E61A80-7153-4D44-8F82-14A0955B3019}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{524240C9-B7EE-44D8-83B1-6191CBBBE6C8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{550863F5-5023-408A-BE86-B5D875EE687F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6428B40E-8F6E-48EB-8CCC-63E251D5C832}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |
"{6F5CAFB8-26AC-4267-9477-B9789CEF11DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73C2499C-D9D6-45D0-B04E-DB60A1297C56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78A60B91-58BD-4296-BE99-7C0233595287}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{7F2763E7-276E-43C6-81B2-95C364F05805}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |
"{90D7BAC8-58F2-4D0F-8FA5-734F0A11AC42}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AD2CD023-5C42-41FE-B6AF-334A2BE7C642}" = protocol=6 | dir=out | app=system |
"{B2CA4D5E-B620-4DCA-9BF2-05C4C6647882}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB295CA1-DE2B-469A-9918-F11EBC0FB4D3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C1AADA2B-DDA4-465B-87F7-234675B6405D}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{C54F4F26-67B8-4C77-80E9-15AF17FCE265}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D0C05605-A0E3-4889-A457-E93416F58EF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D6C47AB9-671B-4807-906A-B65438BA4ECB}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{DAA151BA-8D5D-4D8B-8BA1-B26AF71F7BC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E388A4C5-36ED-4A48-8A83-312042F076FB}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{EDD96732-51DE-4F68-B780-AC047A44C584}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |
"{F555F9DA-4E1A-48BF-B0CF-DCDEF785E199}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |
"{F9C49F1D-EF65-4B51-8D38-D363F38E5C99}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{0C4D453D-20BF-4D2A-905A-4FC90661CB6B}C:\program files (x86)\att-sst\pcbrowser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\att-sst\pcbrowser.exe |
"UDP Query User{5D973CD4-C5FA-4382-AB09-E3DC2EB45FE5}C:\program files (x86)\att-sst\pcbrowser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\att-sst\pcbrowser.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series" = Canon MG2100 series MP Drivers
"{21E2A283-1416-AF26-6DA1-92FDE02224EB}" = ccc-utility64
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE3DFCA2-6F42-509D-555C-68A923314062}" = ATI Catalyst Install Manager
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{154C378D-D990-42DF-BDFD-5225E2EE3D8C}" = V.92 Modem On Hold
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B622C9-AA10-47D7-A10C-377CF9BC8502}" = SketchUp 2013
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}" = Toshiba Book Place
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D9B30331-BBF9-4CC7-940A-D735A324E100}_is1" = Torres Box Tuning Calculator version 1.1
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DCF0D853-BC4E-4EE6-A011-6B9BC84CF8F9}" = LeapFrog Connect
"{E0ED5BFA-F614-40D6-901A-DC7E1432B7F0}" = LeapFrog Leapster Explorer Plugin
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ATT-ATT Management Agent" = ATT Management Agent
"ATT-SST" = AT&T Troubleshoot & Resolve Tool
"Audacity_is1" = Audacity 2.0.3
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Glary Utilities_is1" = Glary Utilities 2.43.0.1419
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"LeapsterExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"RealPlayer 16.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.94
"UPCShell" = LeapFrog Connect
"Vivitar Experience Image Manager" = Vivitar Experience Image Manager
"Vodafone WCDMA Composite Device Drive" = Vodafone WCDMA Composite Device Drive Software

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/14/2013 12:10:27 AM | Computer Name = ROBERT-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/14/2013 12:10:27 AM | Computer Name = ROBERT-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/14/2013 2:03:27 PM | Computer Name = ROBERT-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/14/2013 2:03:28 PM | Computer Name = ROBERT-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/14/2013 4:58:35 PM | Computer Name = ROBERT-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/15/2013 7:22:20 AM | Computer Name = ROBERT-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/15/2013 9:57:43 AM | Computer Name = ROBERT-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/15/2013 9:57:43 AM | Computer Name = ROBERT-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/15/2013 10:16:56 AM | Computer Name = ROBERT-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/15/2013 10:16:56 AM | Computer Name = ROBERT-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 10/13/2013 6:53:07 PM | Computer Name = ROBERT-PC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater15.4.0 service failed to start due to the following
error: %%2

Error - 10/14/2013 1:55:21 PM | Computer Name = ROBERT-PC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater15.4.0 service failed to start due to the following
error: %%2

Error - 10/14/2013 2:47:21 PM | Computer Name = ROBERT-PC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater15.4.0 service failed to start due to the following
error: %%2

Error - 10/14/2013 3:08:22 PM | Computer Name = ROBERT-PC | Source = Service Control Manager | ID = 7034
Description = The Application Virtualization Client service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/14/2013 3:18:55 PM | Computer Name = ROBERT-PC | Source = Service Control Manager | ID = 7034
Description = The pcCMService service terminated unexpectedly. It has done this
1 time(s).

Error - 10/14/2013 3:19:01 PM | Computer Name = ROBERT-PC | Source = Service Control Manager | ID = 7034
Description = The pcCMService64 service terminated unexpectedly. It has done this
1 time(s).

Error - 10/15/2013 1:56:17 AM | Computer Name = ROBERT-PC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater15.4.0 service failed to start due to the following
error: %%2

Error - 10/15/2013 10:05:01 AM | Computer Name = ROBERT-PC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater15.4.0 service failed to start due to the following
error: %%2

Error - 10/15/2013 5:07:33 PM | Computer Name = ROBERT-PC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater15.4.0 service failed to start due to the following
error: %%2

Error - 10/17/2013 4:06:47 AM | Computer Name = ROBERT-PC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater15.4.0 service failed to start due to the following
error: %%2


< End of report >
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Possible virus,mutiple process running unknown.

Unread postby wannabeageek » October 17th, 2013, 12:41 pm

Hi rmrrar,

I'm a little confused at why the OTL log says run 5 and that your AV has disappeared.
We will correct these things as we work though the process.

Please run the following:

Step 1.
No Anti-virus Software Installed!
Looking over your log ... there is NO evidence of anti-virus software installed.. This puts you at serious risk.
Anti-virus software will help detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories.

To protect your computer from infection...download a (free for personal use) anti-virus program from one these reliable vendors.

  1. avast! Free Antivirus - Excellent detection, the freeware version includes email scanning.
  2. Microsoft Security Essentials ** - New, from Microsoft, with email scanning, easy to install, easy to use.
    ** Your PC must run genuine Windows to install Microsoft Security Essentials.

A good (pay for) Anti-virus program is ESET NOD32 Antivirus - 30 day free trial.

Installing a new AV product.
Do NOT uninstall any existing anti-virus product yet!
  1. Download the new Anti-virus product to your computer desktop.
  2. Save any work. Close all applications, especially your Internet connection.
  3. Uninstall any existing anti-virus product... Use the AV uninstall option if available.
  4. Reboot your computer, if not done during the uninstall.
  5. Install the new AV product... following installation instructions.
  6. Check for updates to the new AV product, if not done during install setup.
  7. Run a full scan of your computer.
  8. Post the scan results.

It is strongly recommended that you run only one antivirus program at a time.
Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.



On personal note: I use AVAST.


Step 2.
Uninstall Programs
I need you to uninstall some program(s).
  1. Click on Start...then... Click the Start Search box on the Start Menu.
  2. Copy and paste the value below, into the open text entry box:
    appwiz.cpl
  3. then press enter.
    • Locate the following program(s):
      NortonPCCheckup
    • Select the program and click on Uninstall to uninstall it.
      Carefully read any prompts...
      Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    • When finished... Close the Control Panel window.



Please include in your next reply:
  1. Contents of the Anti-Virus scan results.
  2. Verify that NortonPCCheckup is uninstalled
  3. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Possible virus,mutiple process running unknown.

Unread postby rmrrar » October 17th, 2013, 3:49 pm

Hello , I cannot get the antivirus results to copy over but this was the info that was on the log.
( C:...\upgradeconfiginfo_2337613.xm . Severity- high!-Status: Threat: HTML:FakeWarn-A[trj] ) that was the only thing that it found . It has options to fix automatically , move to chest,repair,delete, or do nothing. I havent done anything yet. waiting for you to confirm that .

Next the nortonPCcheckup wasnt on the list of programs so I was unable to verify that the file was removed . I will wait to hear from you to go further . thanks rmrrar
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Possible virus,mutiple process running unknown.

Unread postby wannabeageek » October 17th, 2013, 8:14 pm

Hi rmrrar,

AdwCleaner Download and Run

Click on this link to download : ADWCleaner
Click on the Download Now button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:

Image

You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
It may take several minutes to complete. When it is done click on the Clean button, accept any prompts that appear and allow the system to reboot.
You will then be presented with the report. Copy & Paste it into your next post.

Image
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Possible virus,mutiple process running unknown.

Unread postby rmrrar » October 18th, 2013, 8:42 pm

# AdwCleaner v3.008 - Report created 18/10/2013 at 19:36:34
# Updated 17/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : ROBERT - ROBERT-PC
# Running from : C:\Users\ROBERT\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\Users\ROBERT\AppData\Local\cool_mirage
Folder Deleted : C:\Users\ROBERT\AppData\Roaming\EZDownloader

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp
Key Deleted : HKLM\SOFTWARE\Classes\FTDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[0].txt - [5002 octets] - [03/09/2013 01:32:43]
AdwCleaner[R0].txt - [2571 octets] - [18/10/2013 19:34:43]
AdwCleaner[S0].txt - [2536 octets] - [18/10/2013 19:36:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2596 octets] ##########
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Possible virus,mutiple process running unknown.

Unread postby rmrrar » October 20th, 2013, 12:22 am

Hello , I didn't hear back about what to do with the item found in my 1st full scan using avast, was I to fix, move to chest, repair, delete, or do nothing? I posted my results from the adware cleaner in my last post . thanks rmrrar.
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Possible virus,mutiple process running unknown.

Unread postby wannabeageek » October 21st, 2013, 12:07 am

Hi rmrrar,

I apologize for the delay. Some issues came up that I had to deal with.

Do not worry about the file found by avast. We will pick it up later and deal with it later.

Please run the following and post each log as you finish each step.

Step 1.
Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :OTL
    DRV:64bit: - [2013/09/03 01:31:25 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
    O3 - HKU\S-1-5-21-1876674280-98715098-3197743793-1001\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-1876674280-98715098-3197743793-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [] File not found
    O15 - HKU\S-1-5-21-1876674280-98715098-3197743793-1001\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/On ... canner.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlus ... 1.6/gp.cab (Reg Error: Key error.)
    [2013/09/03 01:32:16 | 000,000,000 | ---D | C] -- C:\Users\ROBERT\AppData\Local\AVG SafeGuard toolbar
    [2013/09/03 01:31:45 | 000,045,856 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
    [2013/09/03 01:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:82F50D1C
    
    :Commands
    [EMPTYTEMP]
    
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.



Step 2.
As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do the following:
  • Launch the application.
  • One of 2 things will happen:
    • The program will be so outdated that it will automatically invoke a complete re-install; or
    • The program will check, update the database and then run.
    If it does a complete re-install, be sure to follow the prompts.
  • Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt



Please include in your next reply:
  1. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  2. Contents of C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  3. Any problem executing the instructions?
  4. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Possible virus,mutiple process running unknown.

Unread postby rmrrar » October 21st, 2013, 5:10 am

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service avgtp stopped successfully!
Service avgtp deleted successfully!
C:\Windows\SysNative\drivers\avgtpx64.sys moved successfully.
Registry value HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\$talisma_url$\ deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Users\ROBERT\AppData\Local\AVG SafeGuard toolbar folder moved successfully.
File C:\windows\SysNative\drivers\avgtpx64.sys not found.
C:\ProgramData\AVG SafeGuard toolbar folder moved successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:82F50D1C deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: ROBERT
->Temp folder emptied: 20062156 bytes
->Temporary Internet Files folder emptied: 192880720 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 201786357 bytes
->Flash cache emptied: 1964 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1171456 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 839678800 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,197.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10212013_033014

Files\Folders moved on Reboot...
C:\Users\ROBERT\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.14.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
ROBERT :: ROBERT-PC [administrator]

10/21/2013 3:36:13 AM
mbam-log-2013-10-21 (03-36-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 213814
Time elapsed: 5 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

the pc still seems to be running a bit slow.
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Possible virus,mutiple process running unknown.

Unread postby wannabeageek » October 21st, 2013, 9:43 am

Hi rmrrar,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *upgradeconfiginfo_2337613.xm*
    *Bandoo*
    *Community*
    *Conduit*
    *datamngr*
    *Fun4IM*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *Sweetpacks*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *Bandoo*
    *Community*
    *Conduit*
    *datamngr*
    *Fun4IM*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *Sweetpacks*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    Bandoo
    Community
    Conduit
    datamngr
    Fun4IM
    iLivid
    IObit
    Iminent
    Searchqu
    Searchnu
    Sweetpacks
    Tarma
    trolltech
    vshare
    whitesmoke
    Yontoo
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Possible virus,mutiple process running unknown.

Unread postby rmrrar » October 21st, 2013, 12:20 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 11:06 on 21/10/2013 by ROBERT
Administrator - Elevation successful

========== filefind ==========

Searching for "*upgradeconfiginfo_2337613.xm*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Community*"
C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_community.babycenter.com_0.localstorage --a---- 58368 bytes [09:21 18/07/2013] [09:24 18/07/2013] 718A507B9979F64E53BCEC733A0AEC9A
C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_community.babycenter.com_0.localstorage-journal --a---- 3608 bytes [09:21 18/07/2013] [09:24 18/07/2013] 68BC6E709656314B197C186AA05F947A

Searching for "*Conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206120 bytes [18:30 24/05/2012] [18:30 24/05/2012] 976934130CD5C5DBD2DC977B298DF525
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist --a---- 11408 bytes [18:15 24/05/2012] [18:15 24/05/2012] AB18CD2A656AE753C30E6276EC3DA0C2
C:\Users\ROBERT\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\50Z9G4DZ\app.mam.conduit[1].xml --a---- 13 bytes [02:08 20/07/2013] [02:08 20/07/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

Searching for "*datamngr*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
C:\Windows\System32\config\components.iobit --a---- 45318144 bytes [07:48 10/03/2013] [07:48 10/03/2013] 1D5D0BD25908EAF6B1253C18720FEC66
C:\Windows\System32\config\default.iobit --a---- 876544 bytes [07:41 10/03/2013] [07:41 10/03/2013] AA5ADC1E8DE46D92898308721BC193D4
C:\Windows\System32\config\sam.iobit --a---- 57344 bytes [07:41 10/03/2013] [07:41 10/03/2013] 26933E2943D18132387E20397B3C8BBA
C:\Windows\System32\config\security.iobit --a---- 24576 bytes [07:41 10/03/2013] [07:41 10/03/2013] 200292906B86EFADBD4D5EB731776BDF
C:\Windows\System32\config\software.iobit --a---- 67731456 bytes [07:41 10/03/2013] [07:41 10/03/2013] F54FECB422F07E8831DF15440F2FA895
C:\_OTL\MovedFiles\06012013_143748\C_Boot\BCD.iobit --a---- 28672 bytes [07:41 10/03/2013] [21:17 24/03/2013] 1359114E59510BE2E6A4AE55703672B4
C:\_OTL\MovedFiles\06012013_143748\C_ProgramData\IObit\ASCDownloader\IObit Malware Fighter.exe --a---- 18110448 bytes [07:32 10/03/2013] [07:33 10/03/2013] AE9F6DD240764F6AF28380704C09116D
C:\_OTL\MovedFiles\06012013_143748\C_ProgramData\IObit\ASCDownloader\IObit Malware Fighter.exe.dat --a---- 662 bytes [07:33 10/03/2013] [07:33 10/03/2013] 927F12303CFE1521D576BD727CEA46AE
C:\_OTL\MovedFiles\06012013_143748\C_Users\ROBERT\ntuser.dat.iobit --a---- 6615040 bytes [21:17 24/03/2013] [21:17 24/03/2013] 90BF1076B3CB238539391CB879CFB6D0
C:\_OTL\MovedFiles\06012013_143748\C_Users\ROBERT\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit --a---- 3571712 bytes [21:17 24/03/2013] [21:17 24/03/2013] 6355D422DC7610FFB89F91FC59CE8A7B
C:\_OTL\MovedFiles\06012013_143748\C_Windows\ServiceProfiles\LocalService\ntuser.dat.iobit --a---- 253952 bytes [07:41 10/03/2013] [21:17 24/03/2013] 8B55C34D7B85B4C75CC0CB7E180161B5
C:\_OTL\MovedFiles\06012013_143748\C_Windows\ServiceProfiles\NetworkService\ntuser.dat.iobit --a---- 266240 bytes [07:41 10/03/2013] [21:17 24/03/2013] 63C25D4745C8AF83F8D3D60CF8F2D163

Searching for "*Iminent*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Sweetpacks*"
No files found.

Searching for "*Tarma*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*whitesmoke*"
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Colors-Named\0129_WhiteSmoke.skm --a---- 1526 bytes [15:56 05/06/2013] [15:56 05/06/2013] AD41BC61879535202A0D3867FFB67716

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*Bandoo*"
No folders found.

Searching for "*Community*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
C:\_OTL\MovedFiles\06012013_143748\C_Program Files (x86)\IObit d------ [07:22 10/03/2013]
C:\_OTL\MovedFiles\06012013_143748\C_Program Files (x86)\IObit\IObit Malware Fighter d------ [07:33 10/03/2013]
C:\_OTL\MovedFiles\06012013_143748\C_ProgramData\IObit d------ [07:22 10/03/2013]
C:\_OTL\MovedFiles\06012013_143748\C_Users\ROBERT\AppData\Roaming\IObit d------ [07:22 10/03/2013]
C:\_OTL\MovedFiles\06012013_143748\C_Users\ROBERT\AppData\Roaming\IObit\IObit Malware Fighter d------ [07:33 10/03/2013]
C:\_OTL\MovedFiles\06012013_143748\C_Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit d------ [11:09 10/03/2013]

Searching for "*Iminent*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Sweetpacks*"
No folders found.

Searching for "*Tarma*"
C:\_OTL\MovedFiles\05272013_162809\C_ProgramData\Tarma Installer d------ [21:29 27/05/2013]

Searching for "*trolltech*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "Bandoo"
No data found.

Searching for "Community"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\communitychev.com]
[HKEY_CURRENT_USER\Software\RealNetworks\RealConverter\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~S3GPP Timed Text Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~S3gppttrenderer.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/X-RN-3GPP-TEXT}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 2003-2005. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA AAC Audio Format~FileExtensions~SAAC~FileMime~Saudio/aac|audio/aacp~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saacff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copy
[HKEY_CURRENT_USER\Software\RealNetworks\RealConverter\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo1]
@="_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RFC 2397 Data Scheme File System~FileProtocol~Sdata|tone~FileShort~Spn-datafsys~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{PluginFilename~Shxmedplyeng.dll~ComponentCLSID~XAwQAAAEJ0RGLBgCgJEBtWQ==}{PluginFilename~Shxnetwksvc.dll~ComponentCLSID~XWo5XqUd82BGLywACs2WHIA==}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks SDP Stream Description Plu
[HKEY_CURRENT_USER\Software\RealNetworks\RealConverter\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo2]
@="rity~N50~Version~N0~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks MPEG Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3render.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/X-MP3-draft-00|audio/X-MP3-draft-00-RN|audio/MPEG-ELEMENTARY|audio/MPEG-ELEMENTARY-RN|audio/MPEG-ELEMENTARY-RAW|audio/rn-mpeg|audio/mpa-robust|audio/MPA|audio/mp1s|audio/mp2p|audio/vnd.rn-mp1s|audio/vnd.rn-mp2p}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SHelix MP3 File Writer Plugin~FileExtensions~Smp3~F
[HKEY_CURRENT_USER\Software\RealNetworks\RealConverter\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo3]
@="ranularity~N100~Version~N0~Copyright~S(c) 1995-2008 RealNetworks, All rights reserved.~Description~Sivr-null Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sivr-null}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~S(c) 1995,1996,1997 RealNetworks, All rights reserved.~Description~SRecord File Format Plugin~FileExtensions~Srec|ivr~FileMime~Sapplication/x-pn-recordfileformat~FileOpenNames~SInternet Video Recording (*.ivr)~PlgCopy~Shttp://www.real.com~PluginFilename~Srecf3260.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610612736~Copyright~S(c) 1995-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks RealMedia File Format Plugin~FileExtensions~Sra|rm|rmd|rmj|rms|mnd|rmc|rmvb|mns|mrc|rax|rvx|rv~FileMime~Saudio/x-pn-realaudio|application/x-pn-realmedia|video/x-p
[HKEY_CURRENT_USER\Software\RealNetworks\RealConverter\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo4]
@="escription~SRealNetworks Brush Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-brushstream}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N100~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Synchronized Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmmrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/x-pn-realevent|syncMM/x-pn-realvideo|application/x-pn-realad}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source
[HKEY_CURRENT_USER\Software\RealNetworks\RealDownloader\1.3\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Version~N271589404~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SHelix FLV File Format Plugin~FileExtensions~Sflv~FileMime~Svideo/x-flv~FileOpenNames~SFlash Video Files (*.flv)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Sflvff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N20~Version~N-1610605245~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SHelix Flash Video Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Sflvrender.dll~PluginType~SPLUGIN_RENDERER~RendererMi
[HKEY_CURRENT_USER\Software\RealNetworks\RealDownloader\1.3\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo1]
@="ginFilename~Smp4fformat.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N20~Version~N-1610597568~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks MPEG-4 Video Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp4vrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/MP4V-ES|video/X-RN-MP4|video/X-HX-AVC1|video/X-HX-DIVX|video/H264|video/H264ES|video/x-hx-flv}{IndexNumber~N0~LoadMultiple~N1~Version~N271589404~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks MP4 File Writer Plugin~
[HKEY_CURRENT_USER\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~S3GPP Timed Text Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~S3gppttrenderer.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/X-RN-3GPP-TEXT}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 2003-2005. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA AAC Audio Format~FileExtensions~SAAC~FileMime~Saudio/aac|audio/aacp~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saacff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyrig
[HKEY_CURRENT_USER\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo1]
@="_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RFC 2397 Data Scheme File System~FileProtocol~Sdata|tone~FileShort~Spn-datafsys~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{PluginFilename~Shxmedplyeng.dll~ComponentCLSID~XAwQAAAEJ0RGLBgCgJEBtWQ==}{PluginFilename~Shxnetwksvc.dll~ComponentCLSID~XWo5XqUd82BGLywACs2WHIA==}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks SDP Stream Description Plugin
[HKEY_CURRENT_USER\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo2]
@="rity~N50~Version~N0~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks MPEG Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3render.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/X-MP3-draft-00|audio/X-MP3-draft-00-RN|audio/MPEG-ELEMENTARY|audio/MPEG-ELEMENTARY-RN|audio/MPEG-ELEMENTARY-RAW|audio/rn-mpeg|audio/mpa-robust|audio/MPA|audio/mp1s|audio/mp2p|audio/vnd.rn-mp1s|audio/vnd.rn-mp2p}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SHelix MP3 File Writer Plugin~FileExtensions~Smp3~File
[HKEY_CURRENT_USER\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo3]
@="ranularity~N100~Version~N0~Copyright~S(c) 1995-2008 RealNetworks, All rights reserved.~Description~Sivr-null Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sivr-null}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~S(c) 1995,1996,1997 RealNetworks, All rights reserved.~Description~SRecord File Format Plugin~FileExtensions~Srec|ivr~FileMime~Sapplication/x-pn-recordfileformat~FileOpenNames~SInternet Video Recording (*.ivr)~PlgCopy~Shttp://www.real.com~PluginFilename~Srecf3260.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610612736~Copyright~S(c) 1995-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks RealMedia File Format Plugin~FileExtensions~Sra|rm|rmd|rmj|rms|mnd|rmc|rmvb|mns|mrc|rax|rvx|rv~FileMime~Saudio/x-pn-realaudio|application/x-pn-realmedia|video/x-pn-r
[HKEY_CURRENT_USER\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo4]
@="escription~SRealNetworks Brush Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-brushstream}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N100~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Synchronized Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmmrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/x-pn-realevent|syncMM/x-pn-realvideo|application/x-pn-realad}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source Li
[HKEY_CURRENT_USER\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\RealMediaSDK\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~S3GPP Timed Text Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~S3gppttrenderer.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/X-RN-3GPP-TEXT}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 2003-2005. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA AAC Audio Format~FileExtensions~SAAC~FileMime~Saudio/aac|audio/aacp~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saacff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyr
[HKEY_CURRENT_USER\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\RealMediaSDK\PluginHandlerData\PluginInfo1]
@="_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RFC 2397 Data Scheme File System~FileProtocol~Sdata|tone~FileShort~Spn-datafsys~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{PluginFilename~Shxmedplyeng.dll~ComponentCLSID~XAwQAAAEJ0RGLBgCgJEBtWQ==}{PluginFilename~Shxnetwksvc.dll~ComponentCLSID~XWo5XqUd82BGLywACs2WHIA==}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks SDP Stream Description Plug
[HKEY_CURRENT_USER\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\RealMediaSDK\PluginHandlerData\PluginInfo2]
@="rity~N50~Version~N0~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks MPEG Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3render.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/X-MP3-draft-00|audio/X-MP3-draft-00-RN|audio/MPEG-ELEMENTARY|audio/MPEG-ELEMENTARY-RN|audio/MPEG-ELEMENTARY-RAW|audio/rn-mpeg|audio/mpa-robust|audio/MPA|audio/mp1s|audio/mp2p|audio/vnd.rn-mp1s|audio/vnd.rn-mp2p}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SHelix MP3 File Writer Plugin~FileExtensions~Smp3~Fi
[HKEY_CURRENT_USER\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\RealMediaSDK\PluginHandlerData\PluginInfo3]
@="ranularity~N100~Version~N0~Copyright~S(c) 1995-2008 RealNetworks, All rights reserved.~Description~Sivr-null Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sivr-null}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~S(c) 1995,1996,1997 RealNetworks, All rights reserved.~Description~SRecord File Format Plugin~FileExtensions~Srec|ivr~FileMime~Sapplication/x-pn-recordfileformat~FileOpenNames~SInternet Video Recording (*.ivr)~PlgCopy~Shttp://www.real.com~PluginFilename~Srecf3260.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610612736~Copyright~S(c) 1995-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks RealMedia File Format Plugin~FileExtensions~Sra|rm|rmd|rmj|rms|mnd|rmc|rmvb|mns|mrc|rax|rvx|rv~FileMime~Saudio/x-pn-realaudio|application/x-pn-realmedia|video/x-pn
[HKEY_CURRENT_USER\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\RealMediaSDK\PluginHandlerData\PluginInfo4]
@="escription~SRealNetworks Brush Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-brushstream}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N100~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Synchronized Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmmrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/x-pn-realevent|syncMM/x-pn-realvideo|application/x-pn-realad}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\12.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N-1073737062~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~S3GPP Timed Text Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~S3gppttrenderer.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/X-RN-3GPP-TEXT}{IndexNumber~N0~LoadMultiple~N1~Version~N-1073737062~Copyright~SCopyright(c) RealNetworks, Inc. 2003-2005. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA AAC Audio Format~FileExtensions~SAAC~FileMime~Saudio/aac|audio/aacp~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saacff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\12.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo1]
@="ndexNumber~N0~LoadMultiple~N1~Version~N-1073737062~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks HTTP File System with CHTTP Support~FileProtocol~Shttp|chttp~FileShort~Spn-http~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N-1073737062~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RFC 2397 Data Scheme File System~FileProtocol~Sdata|tone~FileShort~Spn-datafsys~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_S
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\12.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo2]
@="ions~Smp3|mp2|mpa|mp1|mpga|mpg|mpeg|mpv|dat~FileMime~Saudio/rn-mpeg|audio/mpeg|audio/mpg|audio/mp3|audio/x-mpeg|audio/x-mpg|audio/x-mp3~FileOpenNames~SMPEG Audio Files (.mp3;.mp2;.mpa;.mp1;.mpga)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3fformat.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N-1073737062~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RealMedia MP3 Playlist File Format Plugin~FileExtensions~Sm3u|pls|xpl~FileMime~Saudio/mpegurl|audio/x-mpegurl|audio/scpls|audio/x-scpls~FileOpenNames~SMP3 Playlist Files (*.m3u,*.pls,*.xpl)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3metaff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Rende
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\12.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo3]
@="me~Srarender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/x-pn-realaudio|audio/x-pn-multirate-realaudio|audio/x-pn-multirate-realaudio-live|audio/x-pn-realaudio-ivr|audio/x-pn-multirate-realaudio-ivr|audio/x-pn-multirate-realaudio-live-ivr~Codec.000~XZG5ldAA=~Codec.001~XZG5ldAA=~Codec.002~XZG5ldAA=~Codec.003~XZG5ldAA=~Codec.004~Xc2lwcgA=~Codec.005~XZG5ldAA=~Codec.006~XMjhfOAA=~Codec.007~XZG5ldAA=~Codec.008~Xc2lwcgA=~Codec.009~XZG5ldAA=~Codec.010~Xc2lwcgA=~Codec.011~Xc2lwcgA=~Codec.012~XbHBjSgA=~Codec.013~XMDVfNgA=}{IndexNumber~N0~LoadMultiple~N1~Version~N1610650908~Copyright~S(c) 1999-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks Internet Video Recording Manager Plugin~DRMId~SRAV2~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_SOURCE_HANDLER~SOURCE_HANDLER_GUID~SA672077B-2DB6-492B-A079096204BF1B28~SourceHandlerType~SSOURCE_HA
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\12.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo4]
@="er the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RMA Driver Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-rmadriver|application/rma-driver}{IndexNumber~N2~LoadMultiple~N1~Version~N-1073737062~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Brush File Format Plugin~FileExtensions~Sbsh~FileMime~Stext/brush~FileOpenNames~SBrush Files (*.bsh)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N3~LoadMultiple~N1~Renderer_Granularity~N200~Version~N-1073737062~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009.
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\12.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo5]
@="l~PluginType~SPLUGIN_SOURCE_HANDLER~SOURCE_HANDLER_GUID~S656512C7-B931-47D8-BFE2FBEB12D79A4A}{IndexNumber~N1~LoadMultiple~N1~Version~N268438477~Copyright~S(c) 1995-2007 RealNetworks, Inc. All rights reserved.~Description~SWindows Media Secure Source Handler~PlgCopy~Shttp://www.real.com~PluginFilename~Swmsechnd.dll~PluginType~SPLUGIN_SOURCE_HANDLER~SOURCE_HANDLER_GUID~S8D270AF3-D1BF-4D7C-B2509CAD085E95CE}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N20~Version~N-1610600884~Copyright~SContains Windows Media Decoder Technology by Microsoft, Inc.
This product is protected by certain intellectual property rights of Microsoft.
Use or distribution of such technology outside of this product is prohibited without a license from Microsoft.
Copyright(c) 2005-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks Windows Media Video Renderer Plugin~PlgCopy~Shttp://www.helix
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~S3GPP Timed Text Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~S3gppttrenderer.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/X-RN-3GPP-TEXT}{IndexNumber~N0~LoadMultiple~N1~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 2003-2005. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA AAC Audio Format~FileExtensions~SAAC~FileMime~Saudio/aac|audio/aacp~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saacff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N-
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo1]
@="ginFilename~Sh263render.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/H263-2000|video/h263-1998|video/h263|video/X-RN-3GPP-H263}{IndexNumber~N0~LoadMultiple~N1~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks HTTP File System with CHTTP Support~FileProtocol~Shttp|chttp~FileShort~Spn-http~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RFC 2397 Data Scheme File System~FilePr
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo2]
@="Shttp://www.helixcommunity.org~PluginFilename~Smp3fformat.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RealMedia MP3 Playlist File Format Plugin~FileExtensions~Sm3u|pls|xpl~FileMime~Saudio/mpegurl|audio/x-mpegurl|audio/scpls|audio/x-scpls~FileOpenNames~SMP3 Playlist Files (*.m3u,*.pls,*.xpl)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3metaff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N0~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo3]
@="-realaudio-ivr|audio/x-pn-multirate-realaudio-live-ivr~Codec.000~XZG5ldAA=~Codec.001~XZG5ldAA=~Codec.002~XZG5ldAA=~Codec.003~XZG5ldAA=~Codec.004~Xc2lwcgA=~Codec.005~XZG5ldAA=~Codec.006~XMjhfOAA=~Codec.007~XZG5ldAA=~Codec.008~Xc2lwcgA=~Codec.009~XZG5ldAA=~Codec.010~Xc2lwcgA=~Codec.011~Xc2lwcgA=~Codec.012~XbHBjSgA=~Codec.013~XMDVfNgA=}{IndexNumber~N0~LoadMultiple~N1~Version~N1610650908~Copyright~S(c) 1999-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks Internet Video Recording Manager Plugin~DRMId~SRAV2~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_SOURCE_HANDLER~SOURCE_HANDLER_GUID~SA672077B-2DB6-492B-A079096204BF1B28~SourceHandlerType~SSOURCE_HANDLER_DRM}{IndexNumber~N1~LoadMultiple~N1~Renderer_Granularity~N100~Version~N0~Copyright~S(c) 1995-2008 RealNetworks, All rights reserved.~Description~Sivr-null Renderer Plugin~PlgCopy~Shttp:/
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo4]
@="Type~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-rmadriver|application/rma-driver}{IndexNumber~N2~LoadMultiple~N1~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Brush File Format Plugin~FileExtensions~Sbsh~FileMime~Stext/brush~FileOpenNames~SBrush Files (*.bsh)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N3~LoadMultiple~N1~Renderer_Granularity~N200~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Brush Renderer Plugin~PlgCopy~Shttp:/
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo5]
@="y~N20~Version~N-1610600884~Copyright~SContains Windows Media Decoder Technology by Microsoft, Inc.
This product is protected by certain intellectual property rights of Microsoft.
Use or distribution of such technology outside of this product is prohibited without a license from Microsoft.
Copyright(c) 2005-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks Windows Media Video Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Swmvrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/x-hx-wmv}{IndexNumber~N0~LoadMultiple~N0~Version~N1610650278~Copyright~S(c) 1995-2002 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks Zip Container File System~FileProtocol~Szip~FileShort~Srn-zip~PlgCopy~Shttp://www.real.com~PluginFilename~Szipf3260.dll~PluginType~SPLUGIN_FILE_SYSTEM}50830"
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~S3GPP Timed Text Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~S3gppttrenderer.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/X-RN-3GPP-TEXT}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 2003-2005. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA AAC Audio Format~FileExtensions~SAAC~FileMime~Saudio/aac|audio/aacp~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saacff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyrigh
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo1]
@="_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RFC 2397 Data Scheme File System~FileProtocol~Sdata|tone~FileShort~Spn-datafsys~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{PluginFilename~Shxmedplyeng.dll~ComponentCLSID~XAwQAAAEJ0RGLBgCgJEBtWQ==}{PluginFilename~Shxnetwksvc.dll~ComponentCLSID~XWo5XqUd82BGLywACs2WHIA==}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks SDP Stream Description Plugin~
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo2]
@="rity~N50~Version~N0~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks MPEG Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3render.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/X-MP3-draft-00|audio/X-MP3-draft-00-RN|audio/MPEG-ELEMENTARY|audio/MPEG-ELEMENTARY-RN|audio/MPEG-ELEMENTARY-RAW|audio/rn-mpeg|audio/mpa-robust|audio/MPA|audio/mp1s|audio/mp2p|audio/vnd.rn-mp1s|audio/vnd.rn-mp2p}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SHelix MP3 File Writer Plugin~FileExtensions~Smp3~FileM
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo3]
@="ranularity~N100~Version~N0~Copyright~S(c) 1995-2008 RealNetworks, All rights reserved.~Description~Sivr-null Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sivr-null}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~S(c) 1995,1996,1997 RealNetworks, All rights reserved.~Description~SRecord File Format Plugin~FileExtensions~Srec|ivr~FileMime~Sapplication/x-pn-recordfileformat~FileOpenNames~SInternet Video Recording (*.ivr)~PlgCopy~Shttp://www.real.com~PluginFilename~Srecf3260.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610612736~Copyright~S(c) 1995-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks RealMedia File Format Plugin~FileExtensions~Sra|rm|rmd|rmj|rms|mnd|rmc|rmvb|mns|mrc|rax|rvx|rv~FileMime~Saudio/x-pn-realaudio|application/x-pn-realmedia|video/x-pn-re
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo4]
@="escription~SRealNetworks Brush Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-brushstream}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N100~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Synchronized Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmmrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/x-pn-realevent|syncMM/x-pn-realvideo|application/x-pn-realad}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source Lic
[HKEY_CURRENT_USER\Software\RealNetworks\RealTrimmer\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~S3GPP Timed Text Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~S3gppttrenderer.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/X-RN-3GPP-TEXT}{IndexNumber~N0~LoadMultiple~N1~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 2003-2005. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA AAC Audio Format~FileExtensions~SAAC~FileMime~Saudio/aac|audio/aacp~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saacff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~
[HKEY_CURRENT_USER\Software\RealNetworks\RealTrimmer\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo1]
@="ginFilename~Sh263render.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/H263-2000|video/h263-1998|video/h263|video/X-RN-3GPP-H263}{IndexNumber~N0~LoadMultiple~N1~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks HTTP File System with CHTTP Support~FileProtocol~Shttp|chttp~FileShort~Spn-http~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RFC 2397 Data Scheme File System~File
[HKEY_CURRENT_USER\Software\RealNetworks\RealTrimmer\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo2]
@="Shttp://www.helixcommunity.org~PluginFilename~Smp3fformat.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RealMedia MP3 Playlist File Format Plugin~FileExtensions~Sm3u|pls|xpl~FileMime~Saudio/mpegurl|audio/x-mpegurl|audio/scpls|audio/x-scpls~FileOpenNames~SMP3 Playlist Files (*.m3u,*.pls,*.xpl)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3metaff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N0~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://w
[HKEY_CURRENT_USER\Software\RealNetworks\RealTrimmer\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo3]
@="-realaudio-ivr|audio/x-pn-multirate-realaudio-live-ivr~Codec.000~XZG5ldAA=~Codec.001~XZG5ldAA=~Codec.002~XZG5ldAA=~Codec.003~XZG5ldAA=~Codec.004~Xc2lwcgA=~Codec.005~XZG5ldAA=~Codec.006~XMjhfOAA=~Codec.007~XZG5ldAA=~Codec.008~Xc2lwcgA=~Codec.009~XZG5ldAA=~Codec.010~Xc2lwcgA=~Codec.011~Xc2lwcgA=~Codec.012~XbHBjSgA=~Codec.013~XMDVfNgA=}{IndexNumber~N0~LoadMultiple~N1~Version~N1610650908~Copyright~S(c) 1999-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks Internet Video Recording Manager Plugin~DRMId~SRAV2~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_SOURCE_HANDLER~SOURCE_HANDLER_GUID~SA672077B-2DB6-492B-A079096204BF1B28~SourceHandlerType~SSOURCE_HANDLER_DRM}{IndexNumber~N1~LoadMultiple~N1~Renderer_Granularity~N100~Version~N0~Copyright~S(c) 1995-2008 RealNetworks, All rights reserved.~Description~Sivr-null Renderer Plugin~PlgCopy~Shttp
[HKEY_CURRENT_USER\Software\RealNetworks\RealTrimmer\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo4]
@="Type~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-rmadriver|application/rma-driver}{IndexNumber~N2~LoadMultiple~N1~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Brush File Format Plugin~FileExtensions~Sbsh~FileMime~Stext/brush~FileOpenNames~SBrush Files (*.bsh)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N3~LoadMultiple~N1~Renderer_Granularity~N200~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Brush Renderer Plugin~PlgCopy~Shttp
[HKEY_CURRENT_USER\Software\RealNetworks\RealTrimmer\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo5]
@="y~N20~Version~N-1610600884~Copyright~SContains Windows Media Decoder Technology by Microsoft, Inc.
This product is protected by certain intellectual property rights of Microsoft.
Use or distribution of such technology outside of this product is prohibited without a license from Microsoft.
Copyright(c) 2005-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks Windows Media Video Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Swmvrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/x-hx-wmv}{IndexNumber~N0~LoadMultiple~N0~Version~N1610650278~Copyright~S(c) 1995-2002 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks Zip Container File System~FileProtocol~Szip~FileShort~Srn-zip~PlgCopy~Shttp://www.real.com~PluginFilename~Szipf3260.dll~PluginType~SPLUGIN_FILE_SYSTEM}50830"
[HKEY_CURRENT_USER\Software\RealNetworks\RealTrimmer\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N4114~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~S3GPP Timed Text Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~S3gppttrenderer.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/X-RN-3GPP-TEXT}{IndexNumber~N0~LoadMultiple~N1~Version~N4114~Copyright~SCopyright(c) RealNetworks, Inc. 2003-2005. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA AAC Audio Format~FileExtensions~SAAC~FileMime~Saudio/aac|audio/aacp~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saacff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N4114~Copyri
[HKEY_CURRENT_USER\Software\RealNetworks\RealTrimmer\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo1]
@="_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N4114~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RFC 2397 Data Scheme File System~FileProtocol~Sdata|tone~FileShort~Spn-datafsys~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{PluginFilename~Shxmedplyeng.dll~ComponentCLSID~XAwQAAAEJ0RGLBgCgJEBtWQ==}{PluginFilename~Shxnetwksvc.dll~ComponentCLSID~XWo5XqUd82BGLywACs2WHIA==}{IndexNumber~N0~LoadMultiple~N1~Version~N4114~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks SDP Stream Description Plugi
[HKEY_CURRENT_USER\Software\RealNetworks\RealTrimmer\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo2]
@="rity~N50~Version~N0~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks MPEG Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3render.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/X-MP3-draft-00|audio/X-MP3-draft-00-RN|audio/MPEG-ELEMENTARY|audio/MPEG-ELEMENTARY-RN|audio/MPEG-ELEMENTARY-RAW|audio/rn-mpeg|audio/mpa-robust|audio/MPA|audio/mp1s|audio/mp2p|audio/vnd.rn-mp1s|audio/vnd.rn-mp2p}{IndexNumber~N0~LoadMultiple~N1~Version~N4114~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SHelix MP3 File Writer Plugin~FileExtensions~Smp3~Fil
[HKEY_CURRENT_USER\Software\RealNetworks\RealTrimmer\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo3]
@="ranularity~N100~Version~N0~Copyright~S(c) 1995-2008 RealNetworks, All rights reserved.~Description~Sivr-null Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sivr-null}{IndexNumber~N0~LoadMultiple~N1~Version~N4114~Copyright~S(c) 1995,1996,1997 RealNetworks, All rights reserved.~Description~SRecord File Format Plugin~FileExtensions~Srec|ivr~FileMime~Sapplication/x-pn-recordfileformat~FileOpenNames~SInternet Video Recording (*.ivr)~PlgCopy~Shttp://www.real.com~PluginFilename~Srecf3260.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610612736~Copyright~S(c) 1995-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks RealMedia File Format Plugin~FileExtensions~Sra|rm|rmd|rmj|rms|mnd|rmc|rmvb|mns|mrc|rax|rvx|rv~FileMime~Saudio/x-pn-realaudio|application/x-pn-realmedia|video/x-pn-
[HKEY_CURRENT_USER\Software\RealNetworks\RealTrimmer\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo4]
@="escription~SRealNetworks Brush Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-brushstream}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N100~Version~N4114~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Synchronized Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmmrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/x-pn-realevent|syncMM/x-pn-realvideo|application/x-pn-realad}{IndexNumber~N0~LoadMultiple~N1~Version~N4114~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source L
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\communitychev.com]
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealConverter\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~S3GPP Timed Text Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~S3gppttrenderer.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/X-RN-3GPP-TEXT}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 2003-2005. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA AAC Audio Format~FileExtensions~SAAC~FileMime~Saudio/aac|audio/aacp~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saacff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealConverter\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo1]
@="_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RFC 2397 Data Scheme File System~FileProtocol~Sdata|tone~FileShort~Spn-datafsys~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{PluginFilename~Shxmedplyeng.dll~ComponentCLSID~XAwQAAAEJ0RGLBgCgJEBtWQ==}{PluginFilename~Shxnetwksvc.dll~ComponentCLSID~XWo5XqUd82BGLywACs2WHIA==}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SR
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealConverter\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo2]
@="rity~N50~Version~N0~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks MPEG Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3render.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/X-MP3-draft-00|audio/X-MP3-draft-00-RN|audio/MPEG-ELEMENTARY|audio/MPEG-ELEMENTARY-RN|audio/MPEG-ELEMENTARY-RAW|audio/rn-mpeg|audio/mpa-robust|audio/MPA|audio/mp1s|audio/mp2p|audio/vnd.rn-mp1s|audio/vnd.rn-mp2p}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SHelix MP3 Fi
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealConverter\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo3]
@="ranularity~N100~Version~N0~Copyright~S(c) 1995-2008 RealNetworks, All rights reserved.~Description~Sivr-null Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sivr-null}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~S(c) 1995,1996,1997 RealNetworks, All rights reserved.~Description~SRecord File Format Plugin~FileExtensions~Srec|ivr~FileMime~Sapplication/x-pn-recordfileformat~FileOpenNames~SInternet Video Recording (*.ivr)~PlgCopy~Shttp://www.real.com~PluginFilename~Srecf3260.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610612736~Copyright~S(c) 1995-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks RealMedia File Format Plugin~FileExtensions~Sra|rm|rmd|rmj|rms|mnd|rmc|rmvb|mns|mrc|rax|rvx|rv~FileMime~Saudio/x-pn-realaudi
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealConverter\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo4]
@="escription~SRealNetworks Brush Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-brushstream}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N100~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Synchronized Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmmrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/x-pn-realevent|syncMM/x-pn-realvideo|application/x-pn-realad}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is availabl
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealDownloader\1.3\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Version~N271589404~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SHelix FLV File Format Plugin~FileExtensions~Sflv~FileMime~Svideo/x-flv~FileOpenNames~SFlash Video Files (*.flv)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Sflvff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N20~Version~N-1610605245~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SHelix Flash Video Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Sflvrender.dll~
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealDownloader\1.3\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo1]
@="ginFilename~Smp4fformat.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N20~Version~N-1610597568~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks MPEG-4 Video Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp4vrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/MP4V-ES|video/X-RN-MP4|video/X-HX-AVC1|video/X-HX-DIVX|video/H264|video/H264ES|video/x-hx-flv}{IndexNumber~N0~LoadMultiple~N1~Version~N271589404~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~S3GPP Timed Text Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~S3gppttrenderer.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/X-RN-3GPP-TEXT}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 2003-2005. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA AAC Audio Format~FileExtensions~SAAC~FileMime~Saudio/aac|audio/aacp~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saacff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo1]
@="_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RFC 2397 Data Scheme File System~FileProtocol~Sdata|tone~FileShort~Spn-datafsys~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{PluginFilename~Shxmedplyeng.dll~ComponentCLSID~XAwQAAAEJ0RGLBgCgJEBtWQ==}{PluginFilename~Shxnetwksvc.dll~ComponentCLSID~XWo5XqUd82BGLywACs2WHIA==}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SReal
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo2]
@="rity~N50~Version~N0~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks MPEG Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3render.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/X-MP3-draft-00|audio/X-MP3-draft-00-RN|audio/MPEG-ELEMENTARY|audio/MPEG-ELEMENTARY-RN|audio/MPEG-ELEMENTARY-RAW|audio/rn-mpeg|audio/mpa-robust|audio/MPA|audio/mp1s|audio/mp2p|audio/vnd.rn-mp1s|audio/vnd.rn-mp2p}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SHelix MP3 File
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo3]
@="ranularity~N100~Version~N0~Copyright~S(c) 1995-2008 RealNetworks, All rights reserved.~Description~Sivr-null Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sivr-null}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~S(c) 1995,1996,1997 RealNetworks, All rights reserved.~Description~SRecord File Format Plugin~FileExtensions~Srec|ivr~FileMime~Sapplication/x-pn-recordfileformat~FileOpenNames~SInternet Video Recording (*.ivr)~PlgCopy~Shttp://www.real.com~PluginFilename~Srecf3260.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610612736~Copyright~S(c) 1995-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks RealMedia File Format Plugin~FileExtensions~Sra|rm|rmd|rmj|rms|mnd|rmc|rmvb|mns|mrc|rax|rvx|rv~FileMime~Saudio/x-pn-realaudio|a
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo4]
@="escription~SRealNetworks Brush Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-brushstream}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N100~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Synchronized Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmmrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/x-pn-realevent|syncMM/x-pn-realvideo|application/x-pn-realad}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available u
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\RealMediaSDK\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~S3GPP Timed Text Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~S3gppttrenderer.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/X-RN-3GPP-TEXT}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 2003-2005. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA AAC Audio Format~FileExtensions~SAAC~FileMime~Saudio/aac|audio/aacp~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saacff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\RealMediaSDK\PluginHandlerData\PluginInfo1]
@="_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RFC 2397 Data Scheme File System~FileProtocol~Sdata|tone~FileShort~Spn-datafsys~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{PluginFilename~Shxmedplyeng.dll~ComponentCLSID~XAwQAAAEJ0RGLBgCgJEBtWQ==}{PluginFilename~Shxnetwksvc.dll~ComponentCLSID~XWo5XqUd82BGLywACs2WHIA==}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRe
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\RealMediaSDK\PluginHandlerData\PluginInfo2]
@="rity~N50~Version~N0~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks MPEG Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3render.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/X-MP3-draft-00|audio/X-MP3-draft-00-RN|audio/MPEG-ELEMENTARY|audio/MPEG-ELEMENTARY-RN|audio/MPEG-ELEMENTARY-RAW|audio/rn-mpeg|audio/mpa-robust|audio/MPA|audio/mp1s|audio/mp2p|audio/vnd.rn-mp1s|audio/vnd.rn-mp2p}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SHelix MP3 Fil
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\RealMediaSDK\PluginHandlerData\PluginInfo3]
@="ranularity~N100~Version~N0~Copyright~S(c) 1995-2008 RealNetworks, All rights reserved.~Description~Sivr-null Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sivr-null}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~S(c) 1995,1996,1997 RealNetworks, All rights reserved.~Description~SRecord File Format Plugin~FileExtensions~Srec|ivr~FileMime~Sapplication/x-pn-recordfileformat~FileOpenNames~SInternet Video Recording (*.ivr)~PlgCopy~Shttp://www.real.com~PluginFilename~Srecf3260.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610612736~Copyright~S(c) 1995-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks RealMedia File Format Plugin~FileExtensions~Sra|rm|rmd|rmj|rms|mnd|rmc|rmvb|mns|mrc|rax|rvx|rv~FileMime~Saudio/x-pn-realaudio
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealPlayer\16.0\Preferences\MountPoints\RealMediaSDK\PluginHandlerData\PluginInfo4]
@="escription~SRealNetworks Brush Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-brushstream}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N100~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Synchronized Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmmrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/x-pn-realevent|syncMM/x-pn-realvideo|application/x-pn-realad}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealShare\12.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N-1073737062~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~S3GPP Timed Text Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~S3gppttrenderer.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/X-RN-3GPP-TEXT}{IndexNumber~N0~LoadMultiple~N1~Version~N-1073737062~Copyright~SCopyright(c) RealNetworks, Inc. 2003-2005. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA AAC Audio Format~FileExtensions~SAAC~FileMime~Saudio/aac|audio/aacp~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saacff.dll~PluginType~SPLUGIN_FILE_FORMAT}{I
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealShare\12.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo1]
@="ndexNumber~N0~LoadMultiple~N1~Version~N-1073737062~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks HTTP File System with CHTTP Support~FileProtocol~Shttp|chttp~FileShort~Spn-http~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N-1073737062~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RFC 2397 Data Scheme File System~FileProtocol~Sdata|tone~FileShort~Spn-datafsys~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~S
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealShare\12.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo2]
@="ions~Smp3|mp2|mpa|mp1|mpga|mpg|mpeg|mpv|dat~FileMime~Saudio/rn-mpeg|audio/mpeg|audio/mpg|audio/mp3|audio/x-mpeg|audio/x-mpg|audio/x-mp3~FileOpenNames~SMPEG Audio Files (.mp3;.mp2;.mpa;.mp1;.mpga)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3fformat.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N-1073737062~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RealMedia MP3 Playlist File Format Plugin~FileExtensions~Sm3u|pls|xpl~FileMime~Saudio/mpegurl|audio/x-mpegurl|audio/scpls|audio/x-scpls~FileOpenNames~SMP3 Playlist Files (*.m3u,*.pls,*.xpl)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3metaff.dll~PluginType~SPLUGIN_FILE_FORMAT
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealShare\12.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo3]
@="me~Srarender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/x-pn-realaudio|audio/x-pn-multirate-realaudio|audio/x-pn-multirate-realaudio-live|audio/x-pn-realaudio-ivr|audio/x-pn-multirate-realaudio-ivr|audio/x-pn-multirate-realaudio-live-ivr~Codec.000~XZG5ldAA=~Codec.001~XZG5ldAA=~Codec.002~XZG5ldAA=~Codec.003~XZG5ldAA=~Codec.004~Xc2lwcgA=~Codec.005~XZG5ldAA=~Codec.006~XMjhfOAA=~Codec.007~XZG5ldAA=~Codec.008~Xc2lwcgA=~Codec.009~XZG5ldAA=~Codec.010~Xc2lwcgA=~Codec.011~Xc2lwcgA=~Codec.012~XbHBjSgA=~Codec.013~XMDVfNgA=}{IndexNumber~N0~LoadMultiple~N1~Version~N1610650908~Copyright~S(c) 1999-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks Internet Video Recording Manager Plugin~DRMId~SRAV2~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_SOURCE_HANDLER~SOURCE_HANDLER_GUID~SA672077B-2DB6-492B-A079096
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealShare\12.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo4]
@="er the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RMA Driver Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-rmadriver|application/rma-driver}{IndexNumber~N2~LoadMultiple~N1~Version~N-1073737062~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Brush File Format Plugin~FileExtensions~Sbsh~FileMime~Stext/brush~FileOpenNames~SBrush Files (*.bsh)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N3~LoadMultiple~N1~Renderer_Granularity~N200~Version~N-1073737062~Copyright~SCopy
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealShare\12.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo5]
@="l~PluginType~SPLUGIN_SOURCE_HANDLER~SOURCE_HANDLER_GUID~S656512C7-B931-47D8-BFE2FBEB12D79A4A}{IndexNumber~N1~LoadMultiple~N1~Version~N268438477~Copyright~S(c) 1995-2007 RealNetworks, Inc. All rights reserved.~Description~SWindows Media Secure Source Handler~PlgCopy~Shttp://www.real.com~PluginFilename~Swmsechnd.dll~PluginType~SPLUGIN_SOURCE_HANDLER~SOURCE_HANDLER_GUID~S8D270AF3-D1BF-4D7C-B2509CAD085E95CE}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N20~Version~N-1610600884~Copyright~SContains Windows Media Decoder Technology by Microsoft, Inc.
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Possible virus,mutiple process running unknown.

Unread postby rmrrar » October 21st, 2013, 12:21 pm

This product is protected by certain intellectual property rights of Microsoft.
Use or distribution of such technology outside of this product is prohibited without a license from Microsoft.
Copyright(c) 2005-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks Windows Media Video Ren
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~S3GPP Timed Text Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~S3gppttrenderer.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/X-RN-3GPP-TEXT}{IndexNumber~N0~LoadMultiple~N1~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 2003-2005. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA AAC Audio Format~FileExtensions~SAAC~FileMime~Saudio/aac|audio/aacp~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saacff.dll~PluginType~SPLUGIN_FILE_FORMAT}{Ind
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo1]
@="ginFilename~Sh263render.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/H263-2000|video/h263-1998|video/h263|video/X-RN-3GPP-H263}{IndexNumber~N0~LoadMultiple~N1~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks HTTP File System with CHTTP Support~FileProtocol~Shttp|chttp~FileShort~Spn-http~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks R
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo2]
@="Shttp://www.helixcommunity.org~PluginFilename~Smp3fformat.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RealMedia MP3 Playlist File Format Plugin~FileExtensions~Sm3u|pls|xpl~FileMime~Saudio/mpegurl|audio/x-mpegurl|audio/scpls|audio/x-scpls~FileOpenNames~SMP3 Playlist Files (*.m3u,*.pls,*.xpl)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3metaff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N0~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetwo
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo3]
@="-realaudio-ivr|audio/x-pn-multirate-realaudio-live-ivr~Codec.000~XZG5ldAA=~Codec.001~XZG5ldAA=~Codec.002~XZG5ldAA=~Codec.003~XZG5ldAA=~Codec.004~Xc2lwcgA=~Codec.005~XZG5ldAA=~Codec.006~XMjhfOAA=~Codec.007~XZG5ldAA=~Codec.008~Xc2lwcgA=~Codec.009~XZG5ldAA=~Codec.010~Xc2lwcgA=~Codec.011~Xc2lwcgA=~Codec.012~XbHBjSgA=~Codec.013~XMDVfNgA=}{IndexNumber~N0~LoadMultiple~N1~Version~N1610650908~Copyright~S(c) 1999-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks Internet Video Recording Manager Plugin~DRMId~SRAV2~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_SOURCE_HANDLER~SOURCE_HANDLER_GUID~SA672077B-2DB6-492B-A079096204BF1B28~SourceHandlerType~SSOURCE_HANDLER_DRM}{IndexNumber~N1~LoadMultiple~N1~Renderer_Granularity~N100~Version~N0~Copyright~S(c) 1995-2008 RealNetworks, All rights reserved.~Description~Siv
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo4]
@="Type~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-rmadriver|application/rma-driver}{IndexNumber~N2~LoadMultiple~N1~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Brush File Format Plugin~FileExtensions~Sbsh~FileMime~Stext/brush~FileOpenNames~SBrush Files (*.bsh)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N3~LoadMultiple~N1~Renderer_Granularity~N200~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo5]
@="y~N20~Version~N-1610600884~Copyright~SContains Windows Media Decoder Technology by Microsoft, Inc.
This product is protected by certain intellectual property rights of Microsoft.
Use or distribution of such technology outside of this product is prohibited without a license from Microsoft.
Copyright(c) 2005-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks Windows Media Video Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Swmvrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/x-hx-wmv}{IndexNumber~N0~LoadMultiple~N0~Version~N1610650278~Copyright~S(c) 1995-2002 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks Zip Container File System~FileProtocol~Szip~FileShort~Srn-zip~PlgCopy~Shttp://www.real.com~PluginFilename~Szipf3260.dll~PluginType~SPLUGIN_FILE_SYSTEM}50830"
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealShare\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~S3GPP Timed Text Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~S3gppttrenderer.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/X-RN-3GPP-TEXT}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 2003-2005. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA AAC Audio Format~FileExtensions~SAAC~FileMime~Saudio/aac|audio/aacp~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saacff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealShare\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo1]
@="_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RFC 2397 Data Scheme File System~FileProtocol~Sdata|tone~FileShort~Spn-datafsys~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{PluginFilename~Shxmedplyeng.dll~ComponentCLSID~XAwQAAAEJ0RGLBgCgJEBtWQ==}{PluginFilename~Shxnetwksvc.dll~ComponentCLSID~XWo5XqUd82BGLywACs2WHIA==}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealN
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealShare\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo2]
@="rity~N50~Version~N0~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks MPEG Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3render.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/X-MP3-draft-00|audio/X-MP3-draft-00-RN|audio/MPEG-ELEMENTARY|audio/MPEG-ELEMENTARY-RN|audio/MPEG-ELEMENTARY-RAW|audio/rn-mpeg|audio/mpa-robust|audio/MPA|audio/mp1s|audio/mp2p|audio/vnd.rn-mp1s|audio/vnd.rn-mp2p}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SHelix MP3 File W
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealShare\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo3]
@="ranularity~N100~Version~N0~Copyright~S(c) 1995-2008 RealNetworks, All rights reserved.~Description~Sivr-null Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sivr-null}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~S(c) 1995,1996,1997 RealNetworks, All rights reserved.~Description~SRecord File Format Plugin~FileExtensions~Srec|ivr~FileMime~Sapplication/x-pn-recordfileformat~FileOpenNames~SInternet Video Recording (*.ivr)~PlgCopy~Shttp://www.real.com~PluginFilename~Srecf3260.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610612736~Copyright~S(c) 1995-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks RealMedia File Format Plugin~FileExtensions~Sra|rm|rmd|rmj|rms|mnd|rmc|rmvb|mns|mrc|rax|rvx|rv~FileMime~Saudio/x-pn-realaudio|ap
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealShare\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo4]
@="escription~SRealNetworks Brush Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-brushstream}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N100~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Synchronized Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmmrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/x-pn-realevent|syncMM/x-pn-realvideo|application/x-pn-realad}{IndexNumber~N0~LoadMultiple~N1~Version~N8224~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available un
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealTrimmer\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~S3GPP Timed Text Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~S3gppttrenderer.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/X-RN-3GPP-TEXT}{IndexNumber~N0~LoadMultiple~N1~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 2003-2005. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA AAC Audio Format~FileExtensions~SAAC~FileMime~Saudio/aac|audio/aacp~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saacff.dll~PluginType~SPLUGIN_FILE_FORMAT}{I
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealTrimmer\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo1]
@="ginFilename~Sh263render.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/H263-2000|video/h263-1998|video/h263|video/X-RN-3GPP-H263}{IndexNumber~N0~LoadMultiple~N1~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks HTTP File System with CHTTP Support~FileProtocol~Shttp|chttp~FileShort~Spn-http~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealTrimmer\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo2]
@="Shttp://www.helixcommunity.org~PluginFilename~Smp3fformat.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RealMedia MP3 Playlist File Format Plugin~FileExtensions~Sm3u|pls|xpl~FileMime~Saudio/mpegurl|audio/x-mpegurl|audio/scpls|audio/x-scpls~FileOpenNames~SMP3 Playlist Files (*.m3u,*.pls,*.xpl)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3metaff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N0~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNet
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealTrimmer\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo3]
@="-realaudio-ivr|audio/x-pn-multirate-realaudio-live-ivr~Codec.000~XZG5ldAA=~Codec.001~XZG5ldAA=~Codec.002~XZG5ldAA=~Codec.003~XZG5ldAA=~Codec.004~Xc2lwcgA=~Codec.005~XZG5ldAA=~Codec.006~XMjhfOAA=~Codec.007~XZG5ldAA=~Codec.008~Xc2lwcgA=~Codec.009~XZG5ldAA=~Codec.010~Xc2lwcgA=~Codec.011~Xc2lwcgA=~Codec.012~XbHBjSgA=~Codec.013~XMDVfNgA=}{IndexNumber~N0~LoadMultiple~N1~Version~N1610650908~Copyright~S(c) 1999-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks Internet Video Recording Manager Plugin~DRMId~SRAV2~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_SOURCE_HANDLER~SOURCE_HANDLER_GUID~SA672077B-2DB6-492B-A079096204BF1B28~SourceHandlerType~SSOURCE_HANDLER_DRM}{IndexNumber~N1~LoadMultiple~N1~Renderer_Granularity~N100~Version~N0~Copyright~S(c) 1995-2008 RealNetworks, All rights reserved.~Description~S
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealTrimmer\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo4]
@="Type~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-rmadriver|application/rma-driver}{IndexNumber~N2~LoadMultiple~N1~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Brush File Format Plugin~FileExtensions~Sbsh~FileMime~Stext/brush~FileOpenNames~SBrush Files (*.bsh)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N3~LoadMultiple~N1~Renderer_Granularity~N200~Version~N-268410866~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetwor
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealTrimmer\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo5]
@="y~N20~Version~N-1610600884~Copyright~SContains Windows Media Decoder Technology by Microsoft, Inc.
This product is protected by certain intellectual property rights of Microsoft.
Use or distribution of such technology outside of this product is prohibited without a license from Microsoft.
Copyright(c) 2005-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks Windows Media Video Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Swmvrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/x-hx-wmv}{IndexNumber~N0~LoadMultiple~N0~Version~N1610650278~Copyright~S(c) 1995-2002 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks Zip Container File System~FileProtocol~Szip~FileShort~Srn-zip~PlgCopy~Shttp://www.real.com~PluginFilename~Szipf3260.dll~PluginType~SPLUGIN_FILE_SYSTEM}50830"
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealTrimmer\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N4114~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~S3GPP Timed Text Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~S3gppttrenderer.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/X-RN-3GPP-TEXT}{IndexNumber~N0~LoadMultiple~N1~Version~N4114~Copyright~SCopyright(c) RealNetworks, Inc. 2003-2005. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA AAC Audio Format~FileExtensions~SAAC~FileMime~Saudio/aac|audio/aacp~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saacff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealTrimmer\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo1]
@="_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N4114~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RFC 2397 Data Scheme File System~FileProtocol~Sdata|tone~FileShort~Spn-datafsys~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{PluginFilename~Shxmedplyeng.dll~ComponentCLSID~XAwQAAAEJ0RGLBgCgJEBtWQ==}{PluginFilename~Shxnetwksvc.dll~ComponentCLSID~XWo5XqUd82BGLywACs2WHIA==}{IndexNumber~N0~LoadMultiple~N1~Version~N4114~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRea
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealTrimmer\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo2]
@="rity~N50~Version~N0~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks MPEG Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3render.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/X-MP3-draft-00|audio/X-MP3-draft-00-RN|audio/MPEG-ELEMENTARY|audio/MPEG-ELEMENTARY-RN|audio/MPEG-ELEMENTARY-RAW|audio/rn-mpeg|audio/mpa-robust|audio/MPA|audio/mp1s|audio/mp2p|audio/vnd.rn-mp1s|audio/vnd.rn-mp2p}{IndexNumber~N0~LoadMultiple~N1~Version~N4114~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SHelix MP3 File
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealTrimmer\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo3]
@="ranularity~N100~Version~N0~Copyright~S(c) 1995-2008 RealNetworks, All rights reserved.~Description~Sivr-null Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sivr-null}{IndexNumber~N0~LoadMultiple~N1~Version~N4114~Copyright~S(c) 1995,1996,1997 RealNetworks, All rights reserved.~Description~SRecord File Format Plugin~FileExtensions~Srec|ivr~FileMime~Sapplication/x-pn-recordfileformat~FileOpenNames~SInternet Video Recording (*.ivr)~PlgCopy~Shttp://www.real.com~PluginFilename~Srecf3260.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610612736~Copyright~S(c) 1995-2007 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks RealMedia File Format Plugin~FileExtensions~Sra|rm|rmd|rmj|rms|mnd|rmc|rmvb|mns|mrc|rax|rvx|rv~FileMime~Saudio/x-pn-realaudio|
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\RealNetworks\RealTrimmer\16.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo4]
@="escription~SRealNetworks Brush Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-brushstream}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N100~Version~N4114~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Synchronized Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmmrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/x-pn-realevent|syncMM/x-pn-realvideo|application/x-pn-realad}{IndexNumber~N0~LoadMultiple~N1~Version~N4114~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_njljkdinboobkmkihgcohanchjnjpgjk]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_njljkdinboobkmkihgcohanchjnjpgjk]
"item"="ConduitFloatingPlugin_njljkdinboobkmkihgcohanchjnjpgjk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_njljkdinboobkmkihgcohanchjnjpgjk]
"command"=""C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3291326\plugins\TBVerifier.dll",RunConduitFloatingPlugin njljkdinboobkmkihgcohanchjnjpgjk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"FAEB67A6F1D637247AB9AD48012A5EB6"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\FAEB67A6F1D637247AB9AD48012A5EB6]
"File"="iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB1E579405BE28F46B2E7AAE9534B564]
"FAEB67A6F1D637247AB9AD48012A5EB6"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VBMZ]
"P1"="conduit"

Searching for "datamngr"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{38A6E5EA-6854-4F3C-AD6C-7FB6E92C5A8C}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{38A6E5EA-6854-4F3C-AD6C-7FB6E92C5A8C}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{38A6E5EA-6854-4F3C-AD6C-7FB6E92C5A8C}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{38A6E5EA-6854-4F3C-AD6C-7FB6E92C5A8C}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2807986~31bf3856ad364e35~amd64~~6.1.1.2]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2807986.cab_Temp\4BF79E42-52D4-45A7-96BD-C8F77ACC530B\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_3_for_KB2807986~31bf3856ad364e35~amd64~~6.1.1.2]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2807986.cab_Temp\4BF79E42-52D4-45A7-96BD-C8F77ACC530B\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_5_for_KB2807986~31bf3856ad364e35~amd64~~6.1.1.2]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2807986.cab_Temp\4BF79E42-52D4-45A7-96BD-C8F77ACC530B\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_6_for_KB2807986~31bf3856ad364e35~amd64~~6.1.1.2]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2807986.cab_Temp\4BF79E42-52D4-45A7-96BD-C8F77ACC530B\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_7_for_KB2807986~31bf3856ad364e35~amd64~~6.1.1.2]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2807986.cab_Temp\4BF79E42-52D4-45A7-96BD-C8F77ACC530B\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2807986_RTM~31bf3856ad364e35~amd64~~6.1.1.2]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2807986.cab_Temp\4BF79E42-52D4-45A7-96BD-C8F77ACC530B\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2807986_SP1~31bf3856ad364e35~amd64~~6.1.1.2]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2807986.cab_Temp\4BF79E42-52D4-45A7-96BD-C8F77ACC530B\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2807986~31bf3856ad364e35~amd64~~6.1.1.2]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2807986.cab_Temp\4BF79E42-52D4-45A7-96BD-C8F77ACC530B\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\IObit Malware Fighter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\RegistryDefragBoot]
"LogPath"="\??\C:\Program Files (x86)\IObit\Advanced SystemCare 6\BootTimeLog\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{38A6E5EA-6854-4F3C-AD6C-7FB6E92C5A8C}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{38A6E5EA-6854-4F3C-AD6C-7FB6E92C5A8C}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"

Searching for "Iminent"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "Searchnu"
No data found.

Searching for "Sweetpacks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}"="C:\Program Files\Updater By SweetPacks\Firefox"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By SweetPacks]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By SweetPacks]

Searching for "Tarma"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:]

Searching for "vshare"
No data found.

Searching for "whitesmoke"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B760674538A35F241999134C94EA70A1]
"9C226B2701AA7D741AC073C79FCB5820"="C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Colors-Named\0129_WhiteSmoke.skm"

Searching for "Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-15E8_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-15E8_RASMANCS]

-= EOF =-
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Possible virus,mutiple process running unknown.

Unread postby wannabeageek » October 22nd, 2013, 10:04 am

Hi rmrrar,

Did you eliminate this file: upgradeconfiginfo_2337613.xm using AVAST? It does not appear in the scan I had you run.

Please run the following:

Step 1.
Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :Files
    C:\Users\ROBERT\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\50Z9G4DZ\app.mam.conduit[1].xml
    C:\Windows\System32\config\components.iobit
    C:\Windows\System32\config\default.iobit
    C:\Windows\System32\config\sam.iobit
    C:\Windows\System32\config\security.iobit
    C:\Windows\System32\config\software.iobit
    
    :Commands
    [EMPTYTEMP]
    
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.
C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


Step 2.
ESET online scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic. Scroll down to find your product.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scanner
  • Press the Blue Run ESET Online Scanner button on the left side of the page.
  • A popup box will open.
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • When the scan is completed and you would like the program removed, select Uninstall application on close. Be sure you have copied the log file first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Please include in your next reply:
  1. Answer about the file found by AVAST.
  2. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  3. Contents of C:\Program Files\ESET\EsetOnlineScanner\log.txt
  4. Any problem executing the instructions?
  5. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware