1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer is very, very slow and internet crashes frequently

Discussion in 'Virus & Other Malware Removal' started by bandcclare, Jan 17, 2013.

Thread Status:
Not open for further replies.
  1. bandcclare

    bandcclare Thread Starter

    Joined:
    Jan 13, 2013
    Messages:
    1
    My computer is only 6 months old and I'm already having crashing and freezing problems. It takes about 7-8 minutes to boot up.

    1. Copy and paste the HijackThis log.
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:20:08 PM, on 1/13/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll
    O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\IPS\IPSBHO.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Price Check by AOL - {D25B97E9-62B2-40CE-BECF-E43A7B879072} - C:\Program Files (x86)\Price Check by AOL\aolpricecheck.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://yourconferencing.webex.com/client/T27L10NSP21EP5/webex/ieatgpc1.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: Norton Anti-Theft (NAT) - Symantec Corporation - C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe
    O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
    O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 11727 bytes

    2. Copy and paste the contents of the dds.txt file.
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457
    Run by Caroline at 15:21:19 on 2013-01-13
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3681.2123 [GMT -5:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\atieclxx.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
    C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
    C:\windows\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\windows\system32\svchost.exe -k HPService
    C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
    C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\windows\system32\wuauclt.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\windows\system32\svchost.exe -k SDRSVC
    C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\SysWOW64\NOTEPAD.EXE
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://start.toshiba.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uProxyOverride = <local>;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coieplg.dll
    BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ips\ipsbho.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Price Check by AOL: {D25B97E9-62B2-40CE-BECF-E43A7B879072} - C:\Program Files (x86)\Price Check by AOL\aolpricecheck.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coieplg.dll
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://yourconferencing.webex.com/client/T27L10NSP21EP5/webex/ieatgpc1.cab
    TCP: NameServer = 192.168.1.1 71.242.0.12
    TCP: Interfaces\{27B7D16E-7F1A-4410-90C4-958989EFB8E0} : DHCPNameServer = 192.168.1.1 71.242.0.12
    TCP: Interfaces\{27B7D16E-7F1A-4410-90C4-958989EFB8E0}\44D2C496E6B6 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{27B7D16E-7F1A-4410-90C4-958989EFB8E0}\84543434F5055726C69636F575962756C6563737 : DHCPNameServer = 10.20.10.6 8.8.8.8
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-10-2 30568]
    R1 ccSet_NAT;Norton Anti-Theft Settings Manager;C:\windows\System32\drivers\NATx64\0106000.011\ccSetx64.sys [2012-10-11 168096]
    R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-5-22 235520]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 NAT;Norton Anti-Theft;C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe [2012-10-11 143928]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccsvchst.exe [2012-10-29 143928]
    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-8-11 131512]
    R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [2012-5-22 126392]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2012-2-9 295360]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
    R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-5-22 95248]
    R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130107.001\BHDrvx64.sys [2013-1-10 1384608]
    R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\drivers\NISx64\1402000.013\ccsetx64.sys [2012-10-29 168096]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912]
    R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-5-22 9216]
    R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130113.001\IDSviA64.sys [2013-1-13 513184]
    R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-5-22 38096]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2012-5-22 313448]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-5-22 565352]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-5-22 1145448]
    R3 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1402000.013\symds64.sys [2012-10-29 493216]
    R3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1402000.013\symefa64.sys [2012-10-29 1133216]
    R3 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1402000.013\ironx64.sys [2012-10-29 224416]
    R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1402000.013\symnets.sys [2012-10-29 432800]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-5-22 57216]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2012-2-24 138152]
    S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-12-14 833976]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-19 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-01-10 23:39:21 750592 ----a-w- C:\windows\System32\win32spl.dll
    2013-01-10 23:39:21 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
    2013-01-10 23:39:03 2002432 ----a-w- C:\windows\System32\msxml6.dll
    2013-01-10 23:39:03 1882624 ----a-w- C:\windows\System32\msxml3.dll
    2013-01-10 23:39:03 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll
    2013-01-10 23:39:03 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
    2013-01-10 23:39:02 307200 ----a-w- C:\windows\System32\ncrypt.dll
    2013-01-10 23:39:01 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
    2013-01-10 23:39:00 800768 ----a-w- C:\windows\System32\usp10.dll
    2013-01-10 23:39:00 626688 ----a-w- C:\windows\SysWow64\usp10.dll
    2013-01-10 23:33:51 424448 ----a-w- C:\windows\System32\KernelBase.dll
    2012-12-28 14:39:21 46080 ----a-w- C:\windows\System32\atmlib.dll
    2012-12-28 14:39:21 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
    2012-12-28 14:39:18 367616 ----a-w- C:\windows\System32\atmfd.dll
    2012-12-28 14:39:18 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
    .
    ==================== Find3M ====================
    .
    2013-01-10 23:53:11 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-10 23:53:11 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:26:31 3149824 ----a-w- C:\windows\System32\win32k.sys
    2012-11-23 03:13:57 68608 ----a-w- C:\windows\System32\taskhost.exe
    2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2012-11-08 23:57:14 30568 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
    2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
    2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll
    .
    ============= FINISH: 15:22:05.43 ===============


    3. Copy and paste the attach.txt file. There is no need to zip and attach it as suggested in the DDS instructions
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/17/2012 12:05:09 PM
    System Uptime: 1/13/2013 2:43:31 PM (1 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics | Socket FT1 | 1400/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 283 GiB total, 235.621 GiB free.
    D: is CDROM ()
    E: is FIXED (FAT32) - 466 GiB total, 429.84 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart D110 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart D110 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP29: 11/14/2012 8:47:35 PM - Scheduled Checkpoint
    RP30: 11/17/2012 7:12:41 AM - Windows Update
    RP31: 11/28/2012 5:00:28 AM - Windows Update
    RP32: 12/12/2012 8:56:09 PM - Windows Update
    RP33: 12/13/2012 3:58:10 PM - Windows Update
    RP34: 12/28/2012 9:36:08 AM - Windows Update
    RP35: 1/10/2013 9:10:12 PM - Windows Update
    RP36: 1/13/2013 1:08:28 PM - Windows Backup
    RP37: 1/13/2013 2:06:15 PM - Windows Backup
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4) MUI
    Amazon Links
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Media Foundation Decoders
    AMD Steady Video Plug-In
    AMD VISION Engine Control Center
    Apple Software Update
    AVG Security Toolbar
    Bejeweled 3
    Bonjour
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
    Download Updater (AOL Inc.)
    FATE
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    HP Photosmart D110 All-In-One Driver 14.0 Rel. 7
    Java Auto Updater
    Java(TM) 6 Update 25
    Junk Mail filter update
    Letters from Nowhere 2
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Office 32-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 32-bit MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Store Download Manager
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network64
    Norton Anti-Theft
    Norton Internet Security
    Norton PC Checkup
    Penguins!
    Picasa 3
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime amd64
    PlayReady PC Runtime x86
    Polar Bowler
    Price Check by AOL
    PS_AIO_07_D110_SW_Min
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Reader Driver
    Realtek WLAN Driver
    Safari
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
    Skype¬ô 5.10
    Snagit 11
    Synaptics Pointing Device Driver
    Toolbox
    TOSHIBA Application Installer
    TOSHIBA Assist
    TOSHIBA Audio Enhancement
    Toshiba Book Place
    TOSHIBA Bulletin Board
    TOSHIBA Disc Creator
    TOSHIBA eco Utility
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    Toshiba Laptop Checkup
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    Toshiba Online Backup
    TOSHIBA PC Health Monitor
    TOSHIBA Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA ReelTime
    Toshiba Security Dashboard
    TOSHIBA Service Station
    TOSHIBA Supervisor Password
    TOSHIBA User's Guide
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    TOSHIBARegistration
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
    Update Installer for WildTangent Games App
    WebEx
    WildTangent Games
    WildTangent Games App (Toshiba Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== End Of File ===========================

    4. Copy and paste the contents of the ark.txt file
    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-17 02:28:46
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MQ01ABD032 rev.AX002M 298.09GB
    Running: dh5ynn2f.exe; Driver: C:\Users\Caroline\AppData\Local\Temp\uxdyrkod.sys

    ---- User code sections - GMER 2.0 ----
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e31401 2 bytes [E3, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e31419 2 bytes [E3, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e31431 2 bytes [E3, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e3144a 2 bytes [E3, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e314dd 2 bytes [E3, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e314f5 2 bytes [E3, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e3150d 2 bytes [E3, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e31525 2 bytes [E3, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e3153d 2 bytes [E3, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e31555 2 bytes [E3, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e3156d 2 bytes [E3, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e31585 2 bytes [E3, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e3159d 2 bytes [E3, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e315b5 2 bytes [E3, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e315cd 2 bytes [E3, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e316b2 2 bytes [E3, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e316bd 2 bytes [E3, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4660] C:\windows\syswow64\USER32.dll!EnableWindow 0000000076c62da4 5 bytes JMP 000000016b599eb4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4660] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076c7cbf3 5 bytes JMP 000000016b6e8fb6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4660] C:\windows\syswow64\USER32.dll!DialogBoxParamW 0000000076c7cfca 5 bytes JMP 000000016b4f1893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4660] C:\windows\syswow64\USER32.dll!DialogBoxParamA 0000000076c9cb0c 5 bytes JMP 000000016b6e8f51
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4660] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076c9ce64 5 bytes JMP 000000016b6e901b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4660] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076cafbd1 5 bytes JMP 000000016b6e8ed8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4660] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076cafc9d 5 bytes JMP 000000016b6e8e5f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4660] C:\windows\syswow64\USER32.dll!MessageBoxExA 0000000076cafcd6 5 bytes JMP 000000016b6e8dfb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4660] C:\windows\syswow64\USER32.dll!MessageBoxExW 0000000076cafcfa 5 bytes JMP 000000016b6e8d97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4660] C:\windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000772593ec 5 bytes JMP 000000016b6e91d0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077df25fd 6 bytes JMP 000000016b5b8042
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077e02a63 6 bytes JMP 000000016b559805
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\kernel32.dll!CreateThread 0000000076fb34b5 5 bytes JMP 000000016b5575db
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000076c58a29 5 bytes JMP 000000016b5c03cf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!CreateWindowExA 0000000076c5d22e 5 bytes JMP 000000016b56363b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!GetKeyState 0000000076c6291f 5 bytes JMP 000000016b53ddab
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!EnableWindow 0000000076c62da4 5 bytes JMP 000000016b599eb4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!CallNextHookEx 0000000076c66285 5 bytes JMP 000000016b5b7fdf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c67603 5 bytes JMP 000000016b5925ac
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000076c6b029 5 bytes JMP 000000016b6e9358
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000076c6c63e 5 bytes JMP 000000016b6e9390
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!IsDialogMessage 0000000076c750ed 5 bytes JMP 000000016b6e9a52
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!CreateDialogParamA 0000000076c75246 5 bytes JMP 000000016b6e92e8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!EndDialog 0000000076c7b99c 5 bytes JMP 000000016b6e9d26
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!IsDialogMessageW 0000000076c7c701 5 bytes JMP 000000016b6e9a7a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076c7cbf3 5 bytes JMP 000000016b6e8fb6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!DialogBoxParamW 0000000076c7cfca 5 bytes JMP 000000016b4f1893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076c7eb96 3 bytes JMP 000000016b53ded5
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!GetAsyncKeyState + 4 0000000076c7eb9a 1 byte [F4]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c7f52b 5 bytes JMP 000000016b5ded00
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!SendInput 0000000076c7ff4a 5 bytes JMP 000000016b6ea2e9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!CreateDialogParamW 0000000076c810dc 5 bytes JMP 000000016b6e9320
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!SetKeyboardState 0000000076c814b2 5 bytes JMP 000000016b6ea341
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!SetCursorPos 0000000076c99cfd 5 bytes JMP 000000016b6ea3c2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!DialogBoxParamA 0000000076c9cb0c 5 bytes JMP 000000016b6e8f51
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076c9ce64 5 bytes JMP 000000016b6e901b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076cafbd1 5 bytes JMP 000000016b6e8ed8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076cafc9d 5 bytes JMP 000000016b6e8e5f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!MessageBoxExA 0000000076cafcd6 5 bytes JMP 000000016b6e8dfb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!MessageBoxExW 0000000076cafcfa 5 bytes JMP 000000016b6e8d97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!keybd_event 0000000076cb02bf 5 bytes JMP 000000016b6ea2a6
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077ddfc90 5 bytes JMP 000000010011091c
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077ddfdf4 5 bytes JMP 0000000100110048
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077ddfe88 5 bytes JMP 00000001001102ee
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077ddffe4 5 bytes JMP 00000001001104b2
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077de0018 5 bytes JMP 00000001001109fe
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077de0048 5 bytes JMP 0000000100110ae0
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077de0064 5 bytes JMP 000000010002004c
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077de077c 5 bytes JMP 000000010011012a
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077de086c 5 bytes JMP 0000000100110758
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077de0884 5 bytes JMP 0000000100110676
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077de0dd4 5 bytes JMP 00000001001103d0
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077de1900 5 bytes JMP 0000000100110594
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077de1bc4 5 bytes JMP 000000010011083a
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077de1d50 5 bytes JMP 000000010011020c
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076ca1492 7 bytes JMP 000000010012059e
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e31401 2 bytes [E3, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e31419 2 bytes [E3, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e31431 2 bytes [E3, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e3144a 2 bytes [E3, 76]
    .text ... * 9
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e314dd 2 bytes [E3, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e314f5 2 bytes [E3, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e3150d 2 bytes [E3, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e31525 2 bytes [E3, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e3153d 2 bytes [E3, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e31555 2 bytes [E3, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e3156d 2 bytes [E3, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e31585 2 bytes [E3, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e3159d 2 bytes [E3, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e315b5 2 bytes [E3, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e315cd 2 bytes [E3, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e316b2 2 bytes [E3, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e316bd 2 bytes [E3, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077df25fd 6 bytes JMP 000000016b5b8042
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077e02a63 6 bytes JMP 000000016b559805
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\kernel32.dll!CreateThread 0000000076fb34b5 5 bytes JMP 000000016b5575db
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000076c58a29 5 bytes JMP 000000016b5c03cf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!CreateWindowExA 0000000076c5d22e 5 bytes JMP 000000016b56363b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!GetKeyState 0000000076c6291f 5 bytes JMP 000000016b53ddab
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!EnableWindow 0000000076c62da4 5 bytes JMP 000000016b599eb4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!CallNextHookEx 0000000076c66285 5 bytes JMP 000000016b5b7fdf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c67603 5 bytes JMP 000000016b5925ac
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000076c6b029 5 bytes JMP 000000016b6e9358
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000076c6c63e 5 bytes JMP 000000016b6e9390
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!IsDialogMessage 0000000076c750ed 5 bytes JMP 000000016b6e9a52
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!CreateDialogParamA 0000000076c75246 5 bytes JMP 000000016b6e92e8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!EndDialog 0000000076c7b99c 5 bytes JMP 000000016b6e9d26
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!IsDialogMessageW 0000000076c7c701 5 bytes JMP 000000016b6e9a7a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076c7cbf3 5 bytes JMP 000000016b6e8fb6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!DialogBoxParamW 0000000076c7cfca 5 bytes JMP 000000016b4f1893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076c7eb96 3 bytes JMP 000000016b53ded5
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!GetAsyncKeyState + 4 0000000076c7eb9a 1 byte [F4]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c7f52b 5 bytes JMP 000000016b5ded00
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!SendInput 0000000076c7ff4a 5 bytes JMP 000000016b6ea2e9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!CreateDialogParamW 0000000076c810dc 5 bytes JMP 000000016b6e9320
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!SetKeyboardState 0000000076c814b2 5 bytes JMP 000000016b6ea341
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!SetCursorPos 0000000076c99cfd 5 bytes JMP 000000016b6ea3c2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!DialogBoxParamA 0000000076c9cb0c 5 bytes JMP 000000016b6e8f51
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076c9ce64 5 bytes JMP 000000016b6e901b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076cafbd1 5 bytes JMP 000000016b6e8ed8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076cafc9d 5 bytes JMP 000000016b6e8e5f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!MessageBoxExA 0000000076cafcd6 5 bytes JMP 000000016b6e8dfb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!MessageBoxExW 0000000076cafcfa 5 bytes JMP 000000016b6e8d97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!keybd_event 0000000076cb02bf 5 bytes JMP 000000016b6ea2a6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\ole32.dll!OleLoadFromStream 0000000076e46143 5 bytes JMP 000000016b6e9784
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\OLEAUT32.dll!SysFreeString 00000000771f3e59 5 bytes JMP 000000016b6e987c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\OLEAUT32.dll!VariantClear 00000000771f3eae 5 bytes JMP 000000016b6e98fa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000771f4731 5 bytes JMP 000000016b6e97ee
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000771f5dee 5 bytes JMP 000000016b6e989a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000772593ec 5 bytes JMP 000000016b6e91d0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000727d388e 5 bytes JMP 000000016b6e9080
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000072877922 5 bytes JMP 000000016b6e9128
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\comdlg32.dll!PrintDlgW 0000000075c333a3 5 bytes JMP 000000016b6e946c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075c42694 5 bytes JMP 000000016b6e93c8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\comdlg32.dll!PrintDlgA 0000000075c4e8ff 5 bytes JMP 000000016b6e9538
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077ddfc90 5 bytes JMP 00000001001d091c
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077ddfdf4 5 bytes JMP 00000001001d0048
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077ddfe88 5 bytes JMP 00000001001d02ee
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077ddffe4 5 bytes JMP 00000001001d04b2
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077de0018 5 bytes JMP 00000001001d09fe
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077de0048 5 bytes JMP 00000001001d0ae0
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077de0064 5 bytes JMP 000000010003004c
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077de077c 5 bytes JMP 00000001001d012a
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077de086c 5 bytes JMP 00000001001d0758
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077de0884 5 bytes JMP 00000001001d0676
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077de0dd4 5 bytes JMP 00000001001d03d0
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077de1900 5 bytes JMP 00000001001d0594
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077de1bc4 5 bytes JMP 00000001001d083a
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077de1d50 5 bytes JMP 00000001001d020c
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076ca1492 7 bytes JMP 00000001001e04bc
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000774a524f 7 bytes JMP 00000001001d0f52
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000774a53d0 7 bytes JMP 00000001001e0210
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000774a5677 1 byte JMP 00000001001e0048
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000774a5679 5 bytes {JMP 0xffffffff88d3a9d1}
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000774a589a 7 bytes JMP 00000001001d0ca6
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000774a5a1d 7 bytes JMP 00000001001e03d8
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000774a5c9b 7 bytes JMP 00000001001e012c
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000774a5d87 7 bytes JMP 00000001001e02f4
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000774a7240 7 bytes JMP 00000001001d0e6e
    ? C:\windows\system32\mssprxy.dll [4216] entry point in ".rdata" section 0000000074ee71e6
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077ddfc90 5 bytes JMP 000000010028091c
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077ddfdf4 5 bytes JMP 0000000100280048
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077ddfe88 5 bytes JMP 00000001002802ee
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077ddffe4 5 bytes JMP 00000001002804b2
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077de0018 5 bytes JMP 00000001002809fe
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077de0048 5 bytes JMP 0000000100280ae0
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077de0064 5 bytes JMP 000000010002004c
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077de077c 5 bytes JMP 000000010028012a
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077de086c 5 bytes JMP 0000000100280758
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077de0884 5 bytes JMP 0000000100280676
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077de0dd4 5 bytes JMP 00000001002803d0
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077de1900 5 bytes JMP 0000000100280594
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077de1bc4 5 bytes JMP 000000010028083a
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077de1d50 5 bytes JMP 000000010028020c
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000774a524f 7 bytes JMP 0000000100280f52
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000774a53d0 7 bytes JMP 0000000100290210
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000774a5677 1 byte JMP 0000000100290048
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000774a5679 5 bytes {JMP 0xffffffff88dea9d1}
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000774a589a 7 bytes JMP 0000000100280ca6
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000774a5a1d 7 bytes JMP 00000001002903d8
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000774a5c9b 7 bytes JMP 000000010029012c
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000774a5d87 7 bytes JMP 00000001002902f4
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000774a7240 7 bytes JMP 0000000100280e6e
    .text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076ca1492 7 bytes JMP 00000001002904bc
    ---- Threads - GMER 2.0 ----
    Thread C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe [4032:5048] 0000000071d4a3e0
    Thread C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe [4684:4408] 0000000000020060
    Thread C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe [3508:3640] 0000000000030060
    Thread C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [4676:1956] 0000000000020060
    Thread C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [4468:4948] 0000000000030060
    Thread C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [5384:5612] 0000000000020060
    Thread C:\Program Files (x86)\Google\Update\Install\{09209A1E-9614-4E32-ABBB-13D5BF70C684}\24.0.1312.52_23.0.1271.97_chrome_updater.exe [5240:5368] 0000000000020060
    Thread C:\windows\TEMP\CR_C5C1F.tmp\setup.exe [3576:1080] 0000000000020060
    Thread C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe [5232:5752] 0000000000020060
    ---- Processes - GMER 2.0 ----
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe [4032] 0000000071560000
    Library C:\windows\TEMP\CR_C5C1F.tmp\setup.exe (*** suspicious ***) @ C:\windows\TEMP\CR_C5C1F.tmp\setup.exe [3576] 0000000000c90000
    ---- Registry - GMER 2.0 ----
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{94643BF6-08FC-48FE-9C68-F1CC4EB066F7}\[email protected] isatap.{7112DC61-31B1-4B67-A696-600D1998BFEF}
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\{471110ED-6A05-491D-A91E-5E268B6E2D5E}?\Device\{79815809-60A6-4CC7-9728-B130EB369237}?\Device\{94643BF6-08FC-48FE-9C68-F1CC4EB066F7}?\Device\{80D8BF29-C3CA-477B-8AD2-80A216FD117B}?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] "{471110ED-6A05-491D-A91E-5E268B6E2D5E}"?"{79815809-60A6-4CC7-9728-B130EB369237}"?"{94643BF6-08FC-48FE-9C68-F1CC4EB066F7}"?"{80D8BF29-C3CA-477B-8AD2-80A216FD117B}"?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\TCPIP6TUNNEL_{471110ED-6A05-491D-A91E-5E268B6E2D5E}?\Device\TCPIP6TUNNEL_{79815809-60A6-4CC7-9728-B130EB369237}?\Device\TCPIP6TUNNEL_{94643BF6-08FC-48FE-9C68-F1CC4EB066F7}?\Device\TCPIP6TUNNEL_{80D8BF29-C3CA-477B-8AD2-80A216FD117B}?
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{94643BF6-08FC-48FE-9C68-F1CC4EB066F7}@InterfaceName isatap.{7112DC61-31B1-4B67-A696-600D1998BFEF}
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{94643BF6-08FC-48FE-9C68-F1CC4EB066F7}@ReusableType 0
    ---- EOF - GMER 2.0 ----
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085618

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice