dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
2701
share rss forum feed

tgp1994

join:2010-10-06

1 edit

Computer may be compromised

Hello everyone,

I think my computer may be compromised. About a month ago, my debit card was being used to make unauthorized purchases on itunes. A support agent (accidentally) divulged the email address associated with the purchase, and it seemed to be an email from china (a yahoo.cn domain, with what appeared to be a Chinese name in the address). That certainly doesn't sound good.

Then just today, a contact on my outlook contact list received an email that I had never sent. The email appeared to originate from someone else on the yahoo email network, but they were using my full name.

Both of those events seem linked, and I'm afraid that it may be due to malware on my pc.

I'm currently running Windows Vista Ultimate SP2, and until about a week ago I was using Microsoft Security Essentials for antimalware. I then changed to AVG Free, although that hasn't detected anything new.

Now, for the pre-cleaning steps that I've taken:

•Hidden files and folders are shown. Vista does not seem to have a checkbox for "displaying the contents of system folders", although I haven't had any reason to go poking around in there anyways.
•Notepad has wordwrap unchecked
•Windows Defender is disabled
•AVG's Resident shield is disabled
•TFC has been run
•MBAM was run
•OTL was run
•ESET online scan was run (did not produce a log, although I saved a file of the three files that were detected).

MBAM Log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.30.11

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Glen :: GLENVISTA [administrator]

7/30/2012 8:19:24 PM
mbam-log-2012-07-30 (20-19-24).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 647791
Time elapsed: 1 hour(s), 28 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

checkup.txt:

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Disabled!
AVG Internet Security 2012
Antivirus up to date! (On Access scanning disabled!)
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.62.0.1300
Adobe Flash Player 11.3.300.268
Mozilla Firefox 13.0.1 [color=red]Firefox out of Date![/color]
[u]````````Process Check: objlist.exe by Laurent````````[/u]
AVG avgwdsvc.exe
AVG avgtray.exe
Glen AppData Roaming uTorrent\VirusGuard\BitTorrentAntivirus.exe
Glen Desktop Malware SecurityCheck.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 2 % [color=red]Defragment your hard drive soon![/color]
[u]````````````````````End of Log``````````````````````[/u]

Online antivirus scan log:

C:\Program Files (x86)\Steam\steamapps\tgp1994\garrysmod\garrysmod\temp_html_page.htmlHTML/Iframe.B.Gen virusdeleted - quarantined
C:\Program Files (x86)\Steam\steamapps\tgp1994\garrysmod\garrysmod\data\ulx\motd.txtHTML/Iframe.B.Gen virusdeleted - quarantined
C:\Program Files (x86)\UV Realtime\UV Realtime.exea variant of MSIL/Packed.CryptoObfuscator.C applicationcleaned by deleting - quarantined

Note: None of those three files should be harmful. False positives, afaik.

I hope these may help you help me. Many thanks in advance!


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast

OTL

*Please don't code files..they need to be opened for easier analysis. Thanks

OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Glen\Desktop\Malware
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.22 Gb Available Physical Memory | 53.60% Memory free
12.21 Gb Paging File | 9.10 Gb Available in Paging File | 74.51% Paging File free
Paging file location(s): f:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 12.07 Gb Free Space | 5.18% Space Free | Partition Type: NTFS
Drive D: | 5.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 931.51 Gb Total Space | 118.56 Gb Free Space | 12.73% Space Free | Partition Type: NTFS

Computer Name: GLENVISTA | User Name: Glen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/07/30 21:43:07 | 000,162,816 | ---- | M] () -- C:\Users\Glen\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe
PRC - [2012/07/30 21:38:18 | 000,896,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/07/30 20:59:38 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Glen\Desktop\Malware\OTL.exe
PRC - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/06/09 19:56:08 | 000,334,488 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012/06/09 19:56:04 | 000,113,304 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2012/06/09 19:55:24 | 000,129,688 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2012/06/09 19:55:18 | 000,404,120 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012/06/09 18:30:12 | 000,539,288 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Glen\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/14 11:28:22 | 006,149,120 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/07/30 21:44:07 | 000,056,224 | ---- | M] () -- \\?\C:\Users\Glen\AppData\Roaming\uTorrent\VirusGuard\avxdisk.dll
MOD - [2012/07/30 21:43:07 | 000,162,816 | ---- | M] () -- C:\Users\Glen\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2011/10/31 05:49:32 | 000,301,720 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/04/11 12:25:24 | 000,062,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nfsclnt.exe -- (NfsClnt)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2008/01/20 22:51:10 | 000,521,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ntmssvc.dll -- (NtmsSvc)
SRV:64bit: - [2008/01/20 22:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 22:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/30 17:54:04 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 11:58:10 | 000,529,232 | ---- | M] (Valve Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/17 13:40:56 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/06/09 19:56:08 | 000,334,488 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/06/09 19:56:04 | 000,113,304 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/06/09 19:55:18 | 000,404,120 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012/06/09 18:30:12 | 000,539,288 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/19 07:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/02/29 20:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/05 11:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Disabled | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011/09/06 02:33:56 | 003,547,648 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe -- (GJService)
SRV - [2011/08/07 08:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/06/22 23:49:10 | 000,075,136 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/04/11 12:24:52 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\AudioCoder x64\SysInfoX64.sys -- (CrystalSysInfo)
DRV:64bit: - [2012/06/09 19:56:52 | 000,068,760 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012/06/09 19:56:40 | 000,081,048 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012/06/09 19:54:56 | 000,031,896 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012/06/09 19:54:50 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012/06/09 18:30:08 | 000,038,552 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012/06/09 16:06:56 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012/06/09 16:06:56 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012/05/22 14:26:10 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/15 15:35:48 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/15 13:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/10/31 05:50:12 | 000,013,464 | ---- | M] (Paramount Software UK Ltd) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSVolAcc.sys -- (PSVolAcc)
DRV:64bit: - [2011/10/31 05:49:46 | 000,040,600 | ---- | M] (Macrium Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psmounter.sys -- (PSMounter)
DRV:64bit: - [2011/09/06 02:28:48 | 000,059,512 | ---- | M] (SlySoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\maploml.sys -- (MaplomL)
DRV:64bit: - [2011/09/06 02:28:32 | 000,034,936 | ---- | M] (SlySoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\maplom.sys -- (Maplom)
DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys -- (LHidEqd)
DRV:64bit: - [2011/07/17 00:25:35 | 000,017,224 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\Drivers\Dbgv.sys -- (Dbgv)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/03/04 15:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/08/24 13:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 13:28:24 | 000,030,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2010/08/10 19:56:48 | 000,029,696 | ---- | M] (Leaf Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\leafnets.sys -- (leafnets)
DRV:64bit: - [2010/07/01 13:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/05 15:18:32 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 12:25:24 | 000,252,416 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\nfsrdr.sys -- (NfsRdr)
DRV:64bit: - [2009/04/11 12:25:24 | 000,089,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rpcxdr.sys -- (RpcXdr)
DRV:64bit: - [2009/04/08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/01/20 22:46:34 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
DRV:64bit: - [2008/01/20 22:46:34 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008/01/20 22:46:34 | 000,017,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avcstrm.sys -- (AVCSTRM)
DRV:64bit: - [2008/01/20 22:46:08 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mstape.sys -- (MSTAPE)
DRV:64bit: - [2008/01/20 22:46:06 | 000,054,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2008/01/20 22:46:05 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008/01/20 22:46:01 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)
DRV:64bit: - [2006/11/01 00:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2010/08/19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 F6 F9 57 C5 6D CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {F6E0DF0B-58AB-4992-8A9C-B8209D80BBB5}
IE - HKCU\..\SearchScopes\{F6E0DF0B-58AB-4992-8A9C-B8209D80BBB5}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.72.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2012/07/02 00:57:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/25 09:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/23 12:39:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/23 12:39:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/23 12:39:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/23 12:39:20 | 000,000,000 | ---D | M]

[2010/11/21 16:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Glen\AppData\Roaming\Mozilla\Extensions
[2012/07/30 20:58:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\scx7yf13.default\extensions
[2012/07/08 15:10:21 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\scx7yf13.default\extensions\support@lastpass.com
[2012/01/17 17:53:18 | 000,002,281 | ---- | M] () -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\scx7yf13.default\searchplugins\s-amazon.xml
[2011/11/08 16:46:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/25 09:04:42 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/07/02 00:57:18 | 000,000,000 | ---D | M] (FiddlerHook) -- C:\PROGRAM FILES (X86)\FIDDLER2\FIDDLERHOOK
[2012/06/17 13:38:54 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES (X86)\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
[2012/07/30 20:58:53 | 000,195,889 | ---- | M] () (No name found) -- C:\USERS\GLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SCX7YF13.DEFAULT\EXTENSIONS\{37FA1426-B82D-11DB-8314-0800200C9A66}.XPI
[2012/02/06 22:05:50 | 000,007,240 | ---- | M] () (No name found) -- C:\USERS\GLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SCX7YF13.DEFAULT\EXTENSIONS\YOUTUBE-COMMENT-SNOB@EFINKE.COM.XPI
[2010/11/22 22:32:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/06/17 13:40:56 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/04 00:29:57 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/06 23:56:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/06 23:56:28 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/01/27 16:00:57 | 000,001,211 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Glen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: LastPass - file://C:\Users\Glen\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\Glen\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: LastPass - file://C:\Users\Glen\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Glen\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33921D60-5DCA-45F8-B8B5-2D4636D4C750}: NameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\WINDOWS\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/16 06:51:33 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009/09/21 15:58:35 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{0c71f140-12b5-11e1-8067-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0c71f140-12b5-11e1-8067-806e6f6e6963}\Shell\AutoRun\command - "" = G:\RunGame.exe
O33 - MountPoints2\{1058922b-12ab-11e0-b8cb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1058922b-12ab-11e0-b8cb-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009/10/16 06:51:33 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{1058922c-12ab-11e0-b8cb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1058922c-12ab-11e0-b8cb-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CDSAMPLE\AUTORUN\AUTORUN.EXE
O33 - MountPoints2\{127b5719-d987-11e0-8b53-005056c00001}\Shell - "" = AutoRun
O33 - MountPoints2\{127b5719-d987-11e0-8b53-005056c00001}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{1633801e-f5a9-11df-90a1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1633801e-f5a9-11df-90a1-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{25b3c640-9788-11e0-ba6c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{25b3c640-9788-11e0-ba6c-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{34d3504b-f5af-11df-b602-0019dbe74e00}\Shell - "" = AutoRun
O33 - MountPoints2\{34d3504b-f5af-11df-b602-0019dbe74e00}\Shell\AutoRun\command - "" = E:\Setup\rsrc\Autorun.exe
O33 - MountPoints2\{34d3504b-f5af-11df-b602-0019dbe74e00}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe
O33 - MountPoints2\{bde3acca-1a82-11e0-916a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bde3acca-1a82-11e0-916a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009/10/16 06:51:33 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{e54f0e30-049c-11e0-b507-0019dbe74e00}\Shell - "" = AutoRun
O33 - MountPoints2\{e54f0e30-049c-11e0-b507-0019dbe74e00}\Shell\AutoRun\command - "" = H:\Autorun.exe
O33 - MountPoints2\{e54f0e30-049c-11e0-b507-0019dbe74e00}\Shell\dinstall\command - "" = Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/07/30 21:38:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/07/30 21:37:43 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Roaming\uTorrent
[2012/07/30 20:23:08 | 000,000,000 | ---D | C] -- C:\Users\Glen\Desktop\Malware
[2012/07/30 18:14:49 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Roaming\Malwarebytes
[2012/07/30 18:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/30 18:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/30 18:14:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/30 18:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/30 14:21:01 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Roaming\JDeveloper
[2012/07/30 09:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
[2012/07/30 09:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy
[2012/07/30 09:52:32 | 000,000,000 | ---D | C] -- C:\jdeveloper
[2012/07/25 13:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2012/07/25 09:05:54 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Roaming\AVG2012
[2012/07/25 09:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/25 09:05:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/07/25 09:04:35 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/07/25 09:04:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/07/25 09:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/07/25 09:03:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/07/25 09:00:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/25 09:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/07/25 08:42:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Electronic Arts
[2012/07/24 19:29:41 | 000,000,000 | ---D | C] -- C:\Users\Glen\Documents\Expresso Projects
[2012/07/24 19:29:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ultrapico
[2012/07/24 19:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Expresso
[2012/07/24 09:30:11 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Local\SMS
[2012/07/24 09:28:14 | 000,000,000 | ---D | C] -- C:\Users\Glen\Documents\CARS
[2012/07/21 18:33:31 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FAKEFACTORY CM11
[2012/07/17 18:36:12 | 000,000,000 | ---D | C] -- C:\Users\Glen\winamp_visual
[2012/07/16 09:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Xilisoft
[2012/07/15 16:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2012/07/15 16:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
[2012/07/15 16:02:32 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2012/07/15 16:02:32 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2012/07/15 16:02:32 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2012/07/15 16:02:32 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2012/07/15 16:02:32 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2012/07/15 16:02:32 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2012/07/15 16:02:32 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2012/07/15 16:02:31 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2012/07/15 16:02:31 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2012/07/15 16:02:29 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2012/07/15 16:02:29 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2012/07/14 18:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Traffic Simulator Configuration Tool
[2012/07/14 18:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Addon Mod
[2012/07/14 16:04:58 | 000,000,000 | ---D | C] -- C:\Users\Glen\.grasp_settings
[2012/07/14 15:50:09 | 000,955,800 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/07/14 15:50:09 | 000,268,680 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/07/14 15:49:45 | 000,189,424 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/07/14 15:49:45 | 000,188,912 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/07/14 15:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/07/14 09:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
[2012/07/14 09:34:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis
[2012/07/11 09:27:37 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/11 09:27:37 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 09:27:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/11 09:27:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 09:27:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/11 09:27:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 09:27:34 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/11 09:27:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 09:27:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 09:27:32 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/11 09:27:32 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/11 09:27:31 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 09:27:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 09:17:25 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/08 10:20:03 | 014,690,376 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2012/07/08 10:19:44 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
[2012/07/08 10:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
[2012/07/08 10:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LastPass
[2012/07/04 14:54:48 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Roaming\vlc
[2012/07/04 14:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/07/03 23:50:36 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Roaming\SpyStudio
[2012/07/03 23:50:32 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Local\Nektra
[2012/07/03 12:49:40 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Local\rohitab.com
[2012/07/03 12:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rohitab.com
[2012/07/03 12:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\rohitab.com
[2012/07/02 00:57:33 | 000,000,000 | ---D | C] -- C:\Users\Glen\Documents\Fiddler2
[2012/07/02 00:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fiddler2
[2012/07/01 16:06:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CE Remote Tools
[6 C:\Users\Glen\AppData\Local\*.tmp files -> C:\Users\Glen\AppData\Local\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/07/30 21:52:23 | 000,008,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 21:52:23 | 000,008,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 21:38:18 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/07/30 21:26:24 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/30 20:23:44 | 000,000,592 | ---- | M] () -- C:\Users\Glen\Desktop\JDeveloper.lnk
[2012/07/30 20:10:28 | 000,017,558 | ---- | M] () -- C:\Users\Glen\AppData\Local\recently-used.xbel
[2012/07/30 19:00:32 | 102,599,076 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/30 18:14:43 | 000,000,958 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/30 17:54:03 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/30 17:54:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/30 17:52:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/29 14:20:32 | 004,941,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/29 14:08:20 | 000,001,251 | ---- | M] () -- C:\CoreTemp.ini
[2012/07/28 23:00:55 | 000,241,152 | ---- | M] () -- C:\Users\Glen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/25 09:05:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/07/25 09:05:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/07/25 09:05:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/07/25 08:59:39 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/25 08:58:50 | 000,693,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/25 08:58:50 | 000,138,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/24 12:29:48 | 000,000,352 | ---- | M] () -- C:\Users\Glen\AppData\Roaming\Network Meter_Settings.ini
[2012/07/20 19:44:59 | 000,000,600 | ---- | M] () -- C:\Users\Glen\AppData\Local\PUTTY.RND
[2012/07/20 11:23:36 | 000,834,070 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/18 19:21:18 | 000,001,961 | ---- | M] () -- C:\Users\Glen\Documents\ax_files.xml
[2012/07/14 15:49:30 | 000,189,424 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/07/14 15:49:29 | 000,188,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/07/14 09:35:35 | 000,002,006 | ---- | M] () -- C:\Users\Glen\Desktop\SimCity 4 Deluxe.lnk
[2012/07/14 09:34:19 | 000,000,741 | ---- | M] () -- C:\Windows\eReg.dat
[2012/07/13 17:01:17 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/12 13:35:38 | 000,000,880 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2012/07/08 15:10:27 | 014,690,376 | ---- | M] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2012/07/08 00:43:20 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW
[2012/07/04 14:53:50 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/04 12:42:57 | 000,682,898 | ---- | M] () -- C:\Users\Glen\Documents\TrainzAPIScanning.xml
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/02 00:37:47 | 000,104,864 | ---- | M] () -- C:\Users\Glen\Documents\AuranRequest.xml
[2012/07/01 00:16:08 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Buzz.lnk
[6 C:\Users\Glen\AppData\Local\*.tmp files -> C:\Users\Glen\AppData\Local\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/07/30 21:38:18 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/07/30 20:23:44 | 000,000,592 | ---- | C] () -- C:\Users\Glen\Desktop\JDeveloper.lnk
[2012/07/30 20:10:28 | 000,017,558 | ---- | C] () -- C:\Users\Glen\AppData\Local\recently-used.xbel
[2012/07/30 19:00:32 | 102,599,076 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/30 18:14:43 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/29 14:19:47 | 004,941,696 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/25 09:05:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/07/25 09:05:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/07/25 09:05:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/07/15 16:02:32 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax
[2012/07/15 16:02:32 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012/07/15 16:02:31 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2012/07/15 16:02:31 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2012/07/15 16:02:31 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2012/07/15 16:02:30 | 000,195,584 | RHS- | C] () -- C:\Windows\SysWow64\MatroskaDX.ax
[2012/07/15 16:02:30 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2012/07/15 16:02:30 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2012/07/15 16:02:29 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2012/07/15 16:02:29 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2012/07/15 16:02:29 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2012/07/14 09:35:34 | 000,002,006 | ---- | C] () -- C:\Users\Glen\Desktop\SimCity 4 Deluxe.lnk
[2012/07/08 00:43:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW
[2012/07/04 14:53:50 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/04 11:45:17 | 000,682,898 | ---- | C] () -- C:\Users\Glen\Documents\TrainzAPIScanning.xml
[2012/07/02 00:57:18 | 000,001,737 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler2.lnk
[2012/07/02 00:37:47 | 000,104,864 | ---- | C] () -- C:\Users\Glen\Documents\AuranRequest.xml
[2012/06/26 23:32:15 | 000,197,621 | ---- | C] () -- C:\Users\Glen\AppData\Local\census.cache
[2012/06/26 23:31:54 | 000,163,126 | ---- | C] () -- C:\Users\Glen\AppData\Local\ars.cache
[2012/06/26 23:18:16 | 000,000,036 | ---- | C] () -- C:\Users\Glen\AppData\Local\housecall.guid.cache
[2012/06/15 20:17:24 | 000,042,432 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/06/06 18:35:37 | 000,000,741 | ---- | C] () -- C:\Windows\eReg.dat
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/01/13 14:37:09 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2011/11/25 13:29:32 | 000,000,410 | ---- | C] () -- C:\Users\Glen\AppData\Roaming\hexplorer.dat
[2011/11/25 13:29:32 | 000,000,004 | ---- | C] () -- C:\Users\Glen\AppData\Roaming\mclip.dat
[2011/11/19 21:42:50 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/11/19 21:42:50 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/10/27 17:27:01 | 000,000,600 | ---- | C] () -- C:\Users\Glen\AppData\Local\PUTTY.RND
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/20 18:29:05 | 000,039,894 | ---- | C] () -- C:\ProgramData\HKCU.reg
[2011/07/29 04:08:25 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011/07/28 23:02:04 | 000,000,033 | ---- | C] () -- C:\Windows\Caligari.ini
[2011/07/02 00:19:00 | 000,000,352 | ---- | C] () -- C:\Users\Glen\AppData\Roaming\Network Meter_Settings.ini
[2011/06/22 23:49:11 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/06/22 23:49:10 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/06/12 11:28:21 | 000,000,035 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/06/03 18:33:06 | 000,024,226 | ---- | C] () -- C:\Users\Glen\AppData\Roaming\UserTile.png
[2011/05/26 15:47:07 | 000,000,339 | ---- | C] () -- C:\Users\Glen\AppData\Roaming\Drives Meter_Settings.ini
[2011/04/18 16:23:48 | 000,000,011 | ---- | C] () -- C:\Users\Glen\Plugins.ini
[2011/04/16 11:45:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/06 23:19:24 | 000,001,356 | ---- | C] () -- C:\Users\Glen\AppData\Local\d3d9caps.dat
[2011/01/07 14:53:20 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/12/12 15:42:33 | 000,000,533 | ---- | C] () -- C:\Windows\Tcsofla.INI
[2010/12/12 01:45:32 | 000,000,172 | ---- | C] () -- C:\Users\Glen\AppData\Local\rahistory.xml
[2010/12/10 22:36:10 | 000,000,600 | ---- | C] () -- C:\Windows\Rtcw.INI
[2010/12/10 18:02:08 | 000,000,160 | ---- | C] () -- C:\Windows\wininit.ini
[2010/12/03 18:33:34 | 000,848,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/23 16:18:01 | 000,241,152 | ---- | C] () -- C:\Users\Glen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/21 14:09:59 | 000,000,363 | ---- | C] () -- C:\Users\Glen\AppData\Roaming\GPU Monitor_Settings.ini
[2010/11/21 13:25:15 | 000,000,552 | ---- | C] () -- C:\Users\Glen\AppData\Local\d3d8caps.dat
[2010/11/21 13:04:34 | 000,001,460 | ---- | C] () -- C:\Users\Glen\AppData\Local\d3d9caps64.dat

[color=#E56717]========== LOP Check ==========[/color]

[2012/06/17 13:44:54 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\.minecraft
[2010/12/11 23:49:06 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Armagetron
[2012/07/25 21:04:00 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Audacity
[2011/05/03 18:08:08 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Auslogics
[2012/07/25 09:05:54 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\AVG2012
[2011/07/29 04:41:11 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Blender Foundation
[2011/08/11 01:00:05 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Broad Intelligence
[2012/04/21 17:06:43 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/27 17:00:33 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\CheckPoint
[2011/12/01 19:18:05 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/10 15:18:51 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\DAEMON Tools Lite
[2012/07/30 21:21:58 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Dropbox
[2012/05/11 14:07:14 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\EurekaLog
[2012/07/23 22:08:18 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\FileZilla
[2012/07/30 20:56:09 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\foobar2000
[2012/07/30 22:00:30 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Free Download Manager
[2012/01/18 18:06:26 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\gtk-2.0
[2012/06/30 19:48:37 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Hex-Rays
[2011/05/10 01:05:34 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\ImgBurn
[2012/07/30 14:21:01 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\JDeveloper
[2011/04/18 16:16:46 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Jeskola
[2010/11/21 16:48:24 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Leadertech
[2011/05/31 21:11:17 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\MPEG Streamclip
[2012/02/12 20:02:02 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Mumble
[2012/07/30 16:53:50 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Notepad++
[2011/12/01 19:20:41 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\PACE Anti-Piracy
[2011/06/03 18:33:05 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\PeerNetworking
[2011/05/02 23:56:13 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\PilotEdit
[2011/07/05 11:02:43 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Polac
[2012/06/24 15:36:47 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Process Hacker 2
[2011/04/21 21:30:40 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Publish Providers
[2011/04/21 21:30:15 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Sony
[2012/07/03 23:50:36 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\SpyStudio
[2011/12/01 19:29:42 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/12/13 17:18:08 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Subversion
[2011/07/05 11:08:27 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\SumatraPDF
[2012/06/07 18:05:08 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\TeamViewer
[2012/07/29 14:00:48 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\TeraCopy
[2012/07/24 09:37:18 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\TS3Client
[2012/07/30 22:00:35 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\uTorrent
[2012/02/25 18:54:20 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Wireshark
[2010/12/27 14:41:30 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\X-Chat 2
[2012/07/30 17:50:13 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 1283 bytes -> C:\Users\Glen\AppData\Local\OV83tPpmIzoIa:Kt4K1hRGbwtriOYAADw
@Alternate Data Stream - 1262 bytes -> C:\Users\Glen\AppData\Local\Temp:ukeFErMOdkH9eij4t72WHGfdZ
@Alternate Data Stream - 1136 bytes -> C:\Users\Glen\AppData\Local\Temp:hhVURVFe6k4oXYI55ylONxKrj8P

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast

EXTRAS

OTL Extras logfile created on: 7/30/2012 9:58:32 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Glen\Desktop\Malware
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.22 Gb Available Physical Memory | 53.60% Memory free
12.21 Gb Paging File | 9.10 Gb Available in Paging File | 74.51% Paging File free
Paging file location(s): f:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 12.07 Gb Free Space | 5.18% Space Free | Partition Type: NTFS
Drive D: | 5.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 931.51 Gb Total Space | 118.56 Gb Free Space | 12.73% Space Free | Partition Type: NTFS

Computer Name: GLENVISTA | User Name: Glen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = 00 AF B5 BE C4 BA C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08858A51-0D61-4BC4-9F56-7F47068AC017}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0CD8B6EE-D677-4A67-84DE-012199608454}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1001F82D-B2A0-4510-BC30-85CA53B2BAB3}" = rport=139 | protocol=6 | dir=out | app=system |
"{10F7C7A6-BFE6-4A93-886F-86E2929C6EE1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11009817-EE01-4592-A148-2BC1A61987D6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{14977FF0-8785-4062-A41C-517B1DB635F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F4772FA-4378-45EB-9E21-9C1418AF23A3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2A04CEE0-FDAE-48FD-B6B1-A98E8E0A513F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3AECE7CF-E349-4840-9792-A9495DE1D3E6}" = rport=137 | protocol=17 | dir=out | app=system |
"{47727EBE-9BA2-45E9-A967-BB67050B2B84}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4A470CF7-271A-4EEC-AAEC-F594D3F66884}" = lport=2869 | protocol=6 | dir=in | app=system |
"{508EB982-C4EE-4990-BE20-1CD8D8A1858C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{64DA1896-4ECA-4212-A814-3A1147476BF9}" = lport=56714 | protocol=17 | dir=in | name=pando media booster |
"{66C7FFD1-3563-4887-ADB0-BC82FDDE18A6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{701F219D-DA49-45F6-8EEC-A2FAE2A73C37}" = rport=445 | protocol=6 | dir=out | app=system |
"{81653568-CD32-484C-ADF9-F7A4EC7D2A6C}" = lport=445 | protocol=6 | dir=in | app=system |
"{A5FA4545-3F5D-447C-ADAA-0EC4E88131EE}" = lport=139 | protocol=6 | dir=in | app=system |
"{ABEB6F06-7DED-4D24-A781-E1051329B708}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{ACE0EC78-E1FC-4AC4-9460-8FBAD14DEFC5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B08DFA23-1068-46C2-AA6F-E74A1B216BA7}" = lport=56714 | protocol=6 | dir=in | name=pando media booster |
"{B2DB2E2B-A863-43FB-B495-AE171019DD63}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9D8E4F3-FB99-4C61-A071-39EC5BF02860}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBB80621-98DC-4DDC-8E2C-97ABA5D4B7E0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CEE6AD5D-B79D-4DD5-85D7-0F99FE3EABDE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D2718699-1800-4A2B-BDFE-CBE654DB4A22}" = rport=138 | protocol=17 | dir=out | app=system |
"{D2DD25AB-D7D1-408A-A57E-E12C584F264F}" = lport=138 | protocol=17 | dir=in | app=system |
"{D975BDAE-D560-4DC6-AF8E-5F070470652D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DED8A9E2-76F7-4BBD-B05F-929A2AF56205}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E141A808-0417-4DBC-9173-42390573C8B1}" = lport=137 | protocol=17 | dir=in | app=system |
"{E80784A6-11A4-4C14-8003-08E184EF5C7C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042C7FA1-9E3F-4C20-AB1F-010A691A69DC}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{050AA9C4-AD74-4041-9B4B-29BB904536DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0679236C-9B1B-4550-9359-F5FD62203A82}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{0A8A986A-F8B9-4C01-9EC9-D1AB84441CF0}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{10FFB1DC-2D0A-4895-9954-C3FACB445C03}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\tgp1994\synergy\hl2.exe |
"{113780D1-9D55-4BE2-BA01-B8A21496B641}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{148AFF69-F6A2-4946-BFF2-26B9C700CDB5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1A82327B-A35F-4884-AB9B-98F4F822388E}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{1DB8B814-755A-4078-AB6E-5702A3B72A74}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{201C4B36-0A3F-4914-9BD6-C98383483C90}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\tgp1994\synergy\hl2.exe |
"{24606B19-F0E8-41C6-89E1-2168C660953C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{295468F8-2B9B-4EE6-9BE8-177414830CCE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2A047047-315A-4D46-A2BD-1BA855BEB484}" = protocol=17 | dir=in | app=c:\users\glen\appdata\roaming\dropbox\bin\dropbox.exe |
"{2C988AD1-2955-41BD-A4FF-B829B84B8B6D}" = dir=in | app=c:\program files (x86)\microsoft xna\xna game studio\v3.1\bin\xnaliveproxy.exe |
"{2DF07F84-2CE2-414F-822A-7A0AF85A30F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2F6AF5FE-F27C-499D-9BE4-EA06D36DD9FE}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{3208D3CD-84B7-4CDB-B550-E49919614707}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{342E5417-AEEC-473E-9825-2C72B2FFF47B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{36F36CEB-0741-4DB4-9458-7F9B72DEDC48}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39CE15F2-8BB4-4C3E-9BEE-465BA4AE88E8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{3B8D7DDB-F09C-4C93-B465-081B35DA81E2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3BE6390F-FB7A-4940-AC7A-C1C9B22107D0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3CA79757-9365-4375-8438-AA8D56BCB179}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{40F05482-651F-4BD3-A127-030868D3B8B3}" = protocol=6 | dir=in | app=f:\games\mass effect\masseffectlauncher.exe |
"{440D3A58-831F-46C3-8FB8-97788B02D4D7}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{4765D531-B351-4FBD-BB57-F5AFD8AFE390}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{47740CF5-8ECB-498C-938F-3A98BA6511F9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{486A1E16-238D-43B1-A3BD-B6B1EB42EB6F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{4A433ECB-15C1-40DC-9ED4-033CF7A8D78F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{4BE56C14-7548-4197-AFD7-A6CD15EBE4C8}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5112EDB0-AF07-4E35-98DD-5FF4C7F1953D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{56FC7BB4-F05C-4BAE-A54E-9C9809CC229B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5754F2E8-88A5-401F-A3E9-183E3C0ACCC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5CF4D92C-6E3B-4B6F-915E-53036809B813}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\tgp1994\synergy\hl2.exe |
"{5D2E788B-7DC2-42F9-81DE-0E576CCB9770}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5DC82865-3402-46F5-A324-0B2E38402A62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\tgp1994\synergy dedicated server\srcds.exe |
"{6055DFB4-8D2E-4447-A91D-28FE27E570B9}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{615830FF-8768-4E53-ABC3-93DBBDD5A780}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{62EFCB94-7E1D-4117-8DDD-AB718C3D7B15}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ava\reactor.exe |
"{666D5D2A-672D-481E-A115-E5D6415B0255}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{6886E52A-DCD7-4202-8934-499F676325DD}" = protocol=6 | dir=in | app=c:\program files (x86)\alcohol soft\alcohol 52\starwind\starwindserviceae.exe |
"{6983BDE4-FFC0-4F0C-BF05-493E2EAF3555}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{698A4F88-059B-4350-829A-B06A2E46DAE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D9540C1-4F26-4265-93DF-AE9B71D058D4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{6DD0A52D-2C93-4177-8918-909089DF9CBC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{72BB8399-2E72-4C6F-A53F-9BB78A2E9226}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{76665847-D187-43AD-A2F2-854C5841DE54}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{7770E0B4-71AA-4601-B017-EF350E14EC71}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{77B753EA-D7B5-4D06-B7F9-3BF79BF64102}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{7833A1DD-BCD1-44B3-9345-9ACDB769A3DD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{7C3E800D-EE98-4401-B904-EDCEB3D45B4D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railroad tycoon 2 platinum\rt2_plat.exe |
"{832BFC65-3618-4AC4-B184-ED5F1DB5251C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railroad tycoon 2 platinum\rt2_plat.exe |
"{836ACB29-19D8-44BB-9ABD-6CA80E64336A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{83D2F26F-EE99-4AFA-AC6B-A72B4550BB2F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{851ABAD5-FB84-4C03-9C78-DB49AFF1FC68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{89F3568F-DB21-46F0-9CFA-1297C9E42345}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8DFF23D4-A338-43E5-900A-9D3D0340B907}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\tgp1994\synergy\hl2.exe |
"{91CA113D-7DA0-4DE3-A933-E4E6A3A4ADD3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ava\reactor.exe |
"{93D8C644-7769-44AA-8A86-5A2E5A776A98}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9754CB21-2966-434D-84E3-071D83620543}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A0845D7-6D54-4475-BCDA-EA0953DA5158}" = protocol=17 | dir=in | app=f:\games\mass effect\binaries\masseffect.exe |
"{9D7AE598-B2B4-4859-9075-4DE805204930}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A1EFC9D7-A4C1-4C24-9C67-FA0EC61F34ED}" = protocol=6 | dir=out | app=system |
"{A3CA5181-87B1-4C4B-BC1F-9D56E34C86A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A51ACEE9-8492-43CF-AA2D-F333ED44BE8B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A7581C61-A8B5-4977-B20F-0CFB8055F738}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB628168-CE43-46D2-9E5E-FA4C7EA78EF0}" = protocol=6 | dir=in | app=f:\games\mass effect\binaries\masseffect.exe |
"{AF925A33-E769-4D19-9868-2BEBA9D442EA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B062B884-C44C-4FC3-87C5-90683D0502A3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B91F3432-015B-42C6-8AEE-CE5AB0FDC601}" = protocol=17 | dir=in | app=c:\program files (x86)\alcohol soft\alcohol 52\starwind\starwindserviceae.exe |
"{BC4EF5BE-1BBF-4F8B-961C-58E0E608FBC8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{C385371D-1C2C-4BAE-A8B4-36A7EA04DFB2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C65E0EA6-AEE6-4EF0-B510-38A978A42816}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C8B4C320-7B90-4BB9-9F85-560D06BE596A}" = protocol=17 | dir=in | app=f:\games\mass effect\masseffectlauncher.exe |
"{C97C34B7-B4CC-4BFE-9C16-B839B70E3C8D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{CB4BE3D7-8197-4C24-9D96-F82CE820B961}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D409D75E-CC17-43EA-8341-0E68A857D83E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{DA442A5F-6B06-4C4E-AEF4-3E4E49B38F69}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railroad tycoon 2 platinum\rt2_plat.exe |
"{DE644B20-7581-4930-AA2D-642C78855215}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{E0832FDC-8984-4FED-AE82-6434A5818AC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\tgp1994\synergy dedicated server\srcds.exe |
"{E2FFC9DF-7B75-4AAC-A3BA-E44F0FD3D427}" = protocol=6 | dir=in | app=c:\users\glen\appdata\roaming\dropbox\bin\dropbox.exe |
"{E3E7A331-DD43-4BCC-A570-C451CBC9715E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E7ECEF4E-D7AD-44D5-92C3-1D4547A16E02}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railroad tycoon 2 platinum\rt2_plat.exe |
"{E8BC7910-F9B9-449C-95C1-BFA162D563E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EF108387-4D59-4C21-AD7C-432B55334391}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{F647C440-BD17-49D5-9F82-6CF2957CBFDD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{FB96DB5E-EB67-494D-8246-223D30070033}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{FE683409-8EC5-422E-A13A-B13B5F962349}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FFC34CCD-E3DF-4B27-9DCF-B1C9494FCF44}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"TCP Query User{33C8251F-2405-4243-BBF6-8173DC631CDC}C:\program files (x86)\steam\steamapps\tgp1994\synergy dedicated server\srcds.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\tgp1994\synergy dedicated server\srcds.exe |
"TCP Query User{3781053F-09F0-4ECC-A268-29C28BA3138D}C:\users\glen\appdata\local\roblox\versions\version-3f2bb30af20140a4\robloxapp.exe" = protocol=6 | dir=in | app=c:\users\glen\appdata\local\roblox\versions\version-3f2bb30af20140a4\robloxapp.exe |
"TCP Query User{53041434-CDCF-4FEB-BEFF-A22B16AACFF5}F:\srcds\orangebox\srcds.exe" = protocol=6 | dir=in | app=f:\srcds\orangebox\srcds.exe |
"TCP Query User{7953616B-D85C-4BE0-9BE9-C6486EBCD36A}C:\program files\java\jdk1.7.0_05\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_05\bin\java.exe |
"TCP Query User{8044D759-3771-4FEE-886F-7028D708E7E4}C:\program files (x86)\steam\steamapps\tgp1994\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\tgp1994\source sdk base\hl2.exe |
"TCP Query User{BBB384A4-2A01-4E42-AAF2-FAC30121AE9C}C:\program files (x86)\saints row 2\sr2_pc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\saints row 2\sr2_pc.exe |
"TCP Query User{C7603FF9-BF2F-4F7C-9622-478A83A27A50}C:\program files (x86)\free download manager\fdmwi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\free download manager\fdmwi.exe |
"TCP Query User{D8DC3F9C-7F94-434D-90F1-A947C09C126D}C:\users\glen\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\glen\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{EEC21CCF-3499-490C-A934-C2FA8D448C6C}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{F3FEC530-CB83-4BA3-A60B-53BE52C10057}F:\srcds\orangebox\srcds.exe" = protocol=6 | dir=in | app=f:\srcds\orangebox\srcds.exe |
"TCP Query User{F5132281-26DE-41D9-9A34-90B6D37F8848}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"UDP Query User{2D04E26C-76D7-4ABF-8C7F-077D3B37F856}C:\program files (x86)\free download manager\fdmwi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\free download manager\fdmwi.exe |
"UDP Query User{2ED0C5BA-2FC3-4AE6-A0AC-C88CE9684E31}C:\users\glen\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\glen\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{32C5C182-32C4-4D2D-84F5-EC238399B8C8}C:\program files (x86)\steam\steamapps\tgp1994\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\tgp1994\source sdk base\hl2.exe |
"UDP Query User{605B58E3-7FC2-4C40-8D34-4BDD194DBB4A}F:\srcds\orangebox\srcds.exe" = protocol=17 | dir=in | app=f:\srcds\orangebox\srcds.exe |
"UDP Query User{785B152F-2593-4125-BD34-514DD5C9FBC1}C:\users\glen\appdata\local\roblox\versions\version-3f2bb30af20140a4\robloxapp.exe" = protocol=17 | dir=in | app=c:\users\glen\appdata\local\roblox\versions\version-3f2bb30af20140a4\robloxapp.exe |
"UDP Query User{7BA91BE7-433D-4EA4-BA30-18B317EAA0CC}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{9B378C51-FDDC-4FEE-8806-C1E0E3408565}F:\srcds\orangebox\srcds.exe" = protocol=17 | dir=in | app=f:\srcds\orangebox\srcds.exe |
"UDP Query User{D4A15237-24A6-49A1-B393-BAD2627CFE59}C:\program files (x86)\steam\steamapps\tgp1994\synergy dedicated server\srcds.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\tgp1994\synergy dedicated server\srcds.exe |
"UDP Query User{E48F8B49-8E32-4BC9-8744-47161B0C3211}C:\program files\java\jdk1.7.0_05\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_05\bin\java.exe |
"UDP Query User{EC50A242-811C-4A02-B0C9-37AFA43323E5}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"UDP Query User{F6E24B18-FF1E-4556-A527-2611CF26DDF8}C:\program files (x86)\saints row 2\sr2_pc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\saints row 2\sr2_pc.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1111706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 (64-bit)
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2222706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 SDK (64-bit)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{45EF12B0-F531-4A2C-A1C0-6B1495698E30}" = TortoiseSVN 1.6.15.21042 (64 bit)
"{4EE61784-10C6-4B7C-A0B2-5BED17B05741}" = Oracle VM VirtualBox 4.1.18
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{64A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5 (64-bit)
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EFA597E4-73D3-4142-90DB-BE28E5589F99}_is1" = Device Remover
"{F344D1BA-3AF2-476C-9B44-C8E4D698ED58}" = API Monitor v2 (Alpha)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD66A549-5110-48C8-ACE6-3F52AB3BF100}" = Macrium Reflect - Free Edition
"AVG" = AVG 2012
"Blender" = Blender
"CCleaner" = CCleaner
"Game Jackal v4_is1" = Game Jackal v4.1.1.7 (64 bit)
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger SP1 - ENU
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"NVIDIA Drivers" = NVIDIA Drivers
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"sp6" = Logitech SetPoint 6.32
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeraCopy_is1" = TeraCopy 2.27
"UltSounds" = Windows Sound Schemes
"Unlocker" = Unlocker 1.9.1-x64
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007BECB0-17DD-4230-9D2F-185287262B14}" = Microsoft XNA Game Studio 3.1 (Platformer)
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}" = Adobe Premiere Pro CS5.5
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0DC16794-7E69-4534-82FA-9DD0500FF338}" = Microsoft XNA Game Studio 3.1 (Redists)
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{2515EAA9-AE9F-4F0A-8301-B40034838B8A}" = Livestream Procaster
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E402AA9-5C0E-45E7-8E70-C23FA0F265D5}" = Microsoft XNA Game Studio 3.1 (devenv)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
"{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5A4B3F22-A5DF-43D7-89A7-6121F5431F32}" = UV Realtime
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}" = The Sims™ Castaway Stories
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}" = Microsoft XNA Game Studio 3.1 Documentation
"{82419258-BAA2-4214-824C-836FDFCE8FA8}" = AnkhSVN 2.1.10129.17
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F311E2E-C275-4CF0-8154-B63991832668}_is1" = SUPER © v2012.build.52 (July 7, 2012) version v2012.build.52
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A4D77A09-10EA-4574-8C09-9B6E1A21C95F}" = VirusGuard
"{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}" = Microsoft XNA Game Studio 3.1 (Shared Components)
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BED4CEEC-863F-4AB3-BA23-541764E2D2CE}" = Microsoft XNA Game Studio Platform Tools
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{CF59774A-CE9D-454D-AF29-1556367E1AC7}" = Transcode
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}" = Microsoft XNA Game Studio 3.1 (XnaLiveProxy)
"{E0990010-9FC0-47CB-0095-C4F40C9432A9}" = The Sims 2 University
"{E1D78366-91DA-4AD0-B417-28155743CC22}" = Microsoft XNA Game Studio 3.1 (ARP entry)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E3EB518B-A8D0-4C86-847C-A86AF0FC8D11}" = Expresso
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AuranTS2009_is1" = Trainz Simulator 12
"Buzz_is1" = Buzz build 1466
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EAX Unified" = EAX Unified
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FAKEFACTORY CM11V11.00" = FAKEFACTORY Cinematic Mod V11
"Fiddler2" = Fiddler2
"FileZilla Client" = FileZilla Client 3.5.3
"foobar2000" = foobar2000 v1.1.13
"Fraps" = Fraps (remove only)
"Free Download Manager_is1" = Free Download Manager 3.9
"ImgBurn" = ImgBurn
"LastPass" = LastPass (uninstall only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"SimPE_is1" = SimPE 0.72 (alpha)
"Sims2Pack Clean Installer" = Sims2Pack Clean Installer
"Steam App 102700" = Alliance of Valiant Arms
"Steam App 4010" = Garry's Mod 13
"Steam App 620" = Portal 2
"SumatraPDF" = SumatraPDF
"TeamViewer 7" = TeamViewer 7
"Universal Extractor_is1" = Universal Extractor 1.6.1
"uTorrent" = µTorrent
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 2.0.2
"VMware_Workstation" = VMware Workstation
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.5
"Xfire" = Xfire (remove only)
"XNA Game Studio 3.1" = Microsoft XNA Game Studio 3.1

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Network Addon Mod" = Network Addon Mod Version 30 with Essentials r132
"WinDirStat" = WinDirStat 1.1.2

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 7/26/2012 6:37:03 PM | Computer Name = GlenVista | Source = Perflib | ID = 1010
Description =

Error - 7/27/2012 9:17:44 AM | Computer Name = GlenVista | Source = Perflib | ID = 1008
Description =

Error - 7/27/2012 6:40:38 PM | Computer Name = GlenVista | Source = Perflib | ID = 1010
Description =

Error - 7/28/2012 7:07:49 PM | Computer Name = GlenVista | Source = Perflib | ID = 1008
Description =

Error - 7/28/2012 7:07:50 PM | Computer Name = GlenVista | Source = Perflib | ID = 1010
Description =

Error - 7/28/2012 7:07:52 PM | Computer Name = GlenVista | Source = Perflib | ID = 1008
Description =

Error - 7/29/2012 7:14:02 PM | Computer Name = GlenVista | Source = Perflib | ID = 1010
Description =

Error - 7/30/2012 9:09:24 AM | Computer Name = GlenVista | Source = Perflib | ID = 1008
Description =

Error - 7/30/2012 5:54:14 PM | Computer Name = GlenVista | Source = Perflib | ID = 1008
Description =

Error - 7/30/2012 7:14:49 PM | Computer Name = GlenVista | Source = Perflib | ID = 1010
Description =

Error - 7/30/2012 9:47:15 PM | Computer Name = GlenVista | Source = Windows Search Service | ID = 3013
Description = The entry
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

[ OSession Events ]
Error - 4/25/2011 7:11:25 PM | Computer Name = GlenVista | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 64
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/17/2011 12:29:05 AM | Computer Name = GlenVista | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 31
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/28/2011 11:52:03 AM | Computer Name = GlenVista | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 209
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/5/2011 5:57:29 PM | Computer Name = GlenVista | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 137
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/30/2012 9:20:48 AM | Computer Name = GlenVista | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.

Error - 7/30/2012 9:20:54 AM | Computer Name = GlenVista | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.

Error - 7/30/2012 4:30:05 PM | Computer Name = GlenVista | Source = Service Control Manager | ID = 7011
Description =

Error - 7/30/2012 5:38:17 PM | Computer Name = GlenVista | Source = Service Control Manager | ID = 7011
Description =

Error - 7/30/2012 5:49:23 PM | Computer Name = GlenVista | Source = Service Control Manager | ID = 7034
Description =

Error - 7/30/2012 5:52:29 PM | Computer Name = GlenVista | Source = Service Control Manager | ID = 7023
Description =

Error - 7/30/2012 5:52:29 PM | Computer Name = GlenVista | Source = Service Control Manager | ID = 7023
Description =

Error - 7/30/2012 5:52:29 PM | Computer Name = GlenVista | Source = Service Control Manager | ID = 7026
Description =

Error - 7/30/2012 5:54:38 PM | Computer Name = GlenVista | Source = Service Control Manager | ID = 7038
Description =

Error - 7/30/2012 5:54:38 PM | Computer Name = GlenVista | Source = Service Control Manager | ID = 7000
Description =

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to tgp1994

Re: Computer may be compromised

First:
Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, copy and paste the contents of the following box:


:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Resethosts]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Once you see a message box "Fix complete! Click OK to open the fix log."
[*]Click the OK button
[*]The log will open in Notepad (your default text editor).
{*]Save the log. Post a copy of that log in your next reply.


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Second:

Download and run GMER. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

tgp1994

join:2010-10-06

1 edit
Thanks LPP, here are the results:

OTL custom:

[tags removed]
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Glen
->Temp folder emptied: 121440 bytes
->Temporary Internet Files folder emptied: 6310090 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 194191932 bytes
->Flash cache emptied: 1427 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Sims
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 218487 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 3195622217 bytes

Total Files Cleaned = 3,239.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Glen
->Flash cache emptied: 0 bytes

User: Guest

User: Public

User: Sims
->Flash cache emptied: 0 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.55.0 log created on 07312012_124340

Files\Folders moved on Reboot...
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2224.log moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2224.log not found!
[2012/07/31 12:44:38 | 000,000,098 | ---- | M] () C:\Windows\System32\drivers\etc\Hosts : MD5=F9C056369E96130CEAD3623A430D925F

Registry entries deleted on Reboot...
[/code]

OTL post reboot (looks like it's exactly the same thing):

[code]
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Glen
->Temp folder emptied: 121440 bytes
->Temporary Internet Files folder emptied: 6310090 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 194191932 bytes
->Flash cache emptied: 1427 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Sims
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 218487 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 3195622217 bytes

Total Files Cleaned = 3,239.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Glen
->Flash cache emptied: 0 bytes

User: Guest

User: Public

User: Sims
->Flash cache emptied: 0 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.55.0 log created on 07312012_124340

Files\Folders moved on Reboot...
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2224.log moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2224.log not found!
[2012/07/31 12:44:38 | 000,000,098 | ---- | M] () C:\Windows\System32\drivers\etc\Hosts : MD5=F9C056369E96130CEAD3623A430D925F

Registry entries deleted on Reboot...
[/code]

gmer.log:

[code]
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-31 14:59:42
Windows 6.0.6002 Service Pack 2
Running: xyv00n0z.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x70 0x43 0x8B 0xED ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF6 0x5B 0xE7 0x96 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x70 0x43 0x8B 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF6 0x5B 0xE7 0x96 ...

---- EOF - GMER 1.0.15 ----
[/code]

GMER results (copied from program, which, again, looks like it's exactly the same as the previous log):

[code]
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-31 14:59:53
Windows 6.0.6002 Service Pack 2
Running: xyv00n0z.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x70 0x43 0x8B 0xED ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF6 0x5B 0xE7 0x96 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x70 0x43 0x8B 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF6 0x5B 0xE7 0x96 ...

---- EOF - GMER 1.0.15 ----

If I were to add my two cents on the output of OTL, it looks like it was just removing references to some mysterious toolbars for internet explorer, right? And on GMER, I'm pretty sure SPTD is used for cd drive emulation, although I could be wrong.

I hope this is what you were looking for, LoPhatPhuud.


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast
reply to tgp1994
The logs are all clean. No sign of anything so far. One more program to run. I expect it to be negative, but it will give me a report on the OS files.

Download and run TDSS Killer, posting the log in this thread. Please post the log, even if nothing is detected.

You'll find the link(s) and instruction(s) here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

tgp1994

join:2010-10-06

3 edits
[code]
tags removed ~lil

Here it is LoPhatPhuud,

16:44:25.0106 2940TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
16:44:27.0040 2940============================================================
16:44:27.0040 2940Current date / time: 2012/07/31 16:44:27.0040
16:44:27.0040 2940SystemInfo:
16:44:27.0040 2940
16:44:27.0040 2940OS Version: 6.0.6002 ServicePack: 2.0
16:44:27.0040 2940Product type: Workstation
16:44:27.0040 2940ComputerName: GLENVISTA
16:44:27.0040 2940UserName: Glen
16:44:27.0040 2940Windows directory: C:\Windows
16:44:27.0040 2940System windows directory: C:\Windows
16:44:27.0040 2940Running under WOW64
16:44:27.0040 2940Processor architecture: Intel x64
16:44:27.0040 2940Number of processors: 2
16:44:27.0040 2940Page size: 0x1000
16:44:27.0040 2940Boot type: Normal boot
16:44:27.0040 2940============================================================
16:44:28.0350 2940Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:44:28.0350 2940Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:44:28.0366 2940============================================================
16:44:28.0366 2940\Device\Harddisk1\DR1:
16:44:28.0366 2940MBR partitions:
16:44:28.0366 2940\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C5000
16:44:28.0366 2940\Device\Harddisk0\DR0:
16:44:28.0366 2940MBR partitions:
16:44:28.0366 2940\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
16:44:28.0366 2940============================================================
16:44:28.0413 2940C: \Device\Harddisk1\DR1\Partition0
16:44:28.0428 2940F: \Device\Harddisk0\DR0\Partition0
16:44:28.0428 2940============================================================
16:44:28.0428 2940Initialize success
16:44:28.0428 2940============================================================
16:44:32.0110 0312============================================================
16:44:32.0110 0312Scan started
16:44:32.0110 0312Mode: Manual;
16:44:32.0110 0312============================================================
16:44:33.0623 031261883 (78e902fb660bd5003fe726b9bef300b6) C:\Windows\system32\DRIVERS\61883.sys
16:44:33.0623 031261883 - ok
16:44:33.0686 0312ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
16:44:33.0686 0312ACPI - ok
16:44:33.0842 0312AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:44:33.0842 0312AdobeFlashPlayerUpdateSvc - ok
16:44:33.0888 0312adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
16:44:33.0904 0312adp94xx - ok
16:44:33.0935 0312adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
16:44:33.0935 0312adpahci - ok
16:44:33.0951 0312adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
16:44:33.0951 0312adpu160m - ok
16:44:33.0951 0312adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
16:44:33.0966 0312adpu320 - ok
16:44:34.0013 0312AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
16:44:34.0013 0312AeLookupSvc - ok
16:44:34.0060 0312AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
16:44:34.0076 0312AFD - ok
16:44:34.0076 0312agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
16:44:34.0076 0312agp440 - ok
16:44:34.0091 0312aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
16:44:34.0091 0312aic78xx - ok
16:44:34.0122 0312ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
16:44:34.0122 0312ALG - ok
16:44:34.0122 0312aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
16:44:34.0122 0312aliide - ok
16:44:34.0138 0312amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
16:44:34.0138 0312amdide - ok
16:44:34.0138 0312AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
16:44:34.0154 0312AmdK8 - ok
16:44:34.0185 0312Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
16:44:34.0185 0312Appinfo - ok
16:44:34.0200 0312AppMgmt (3da98c07b18a676180fe7eed924d1673) C:\Windows\System32\appmgmts.dll
16:44:34.0200 0312AppMgmt - ok
16:44:34.0216 0312arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
16:44:34.0216 0312arc - ok
16:44:34.0232 0312arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
16:44:34.0232 0312arcsas - ok
16:44:34.0325 0312AsIO (68726474c69b738eac3a62e06b33addc) C:\Windows\syswow64\drivers\AsIO.sys
16:44:34.0325 0312AsIO - ok
16:44:34.0450 0312aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:44:34.0450 0312aspnet_state - ok
16:44:34.0481 0312AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
16:44:34.0481 0312AsyncMac - ok
16:44:34.0512 0312atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
16:44:34.0512 0312atapi - ok
16:44:34.0559 0312AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
16:44:34.0559 0312AudioEndpointBuilder - ok
16:44:34.0559 0312AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
16:44:34.0575 0312AudioSrv - ok
16:44:34.0606 0312Avc (295fa2878ff499c0edfa0ebcc8c6ec66) C:\Windows\system32\DRIVERS\avc.sys
16:44:34.0606 0312Avc - ok
16:44:34.0622 0312AVCSTRM (044320c8073293e02d000671e1e7a592) C:\Windows\system32\DRIVERS\avcstrm.sys
16:44:34.0622 0312AVCSTRM - ok
16:44:34.0684 0312Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
16:44:34.0684 0312Avgfwfd - ok
16:44:34.0949 0312avgfws (bd5d11cedbcde4fa97d2387e7069b1ff) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
16:44:34.0965 0312avgfws - ok
16:44:35.0074 0312AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
16:44:35.0074 0312AVGIDSHA - ok
16:44:35.0136 0312Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
16:44:35.0136 0312Avgldx64 - ok
16:44:35.0168 0312Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
16:44:35.0168 0312Avgmfx64 - ok
16:44:35.0214 0312Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
16:44:35.0214 0312Avgrkx64 - ok
16:44:35.0246 0312Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
16:44:35.0246 0312Avgtdia - ok
16:44:36.0010 0312avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
16:44:36.0010 0312avgwd - ok
16:44:36.0104 0312AxAutoMntSrv (7692f4b242e45870873caf4cb85cf769) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
16:44:36.0104 0312AxAutoMntSrv - ok
16:44:36.0150 0312BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
16:44:36.0182 0312BFE - ok
16:44:36.0275 0312BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
16:44:36.0275 0312BITS - ok
16:44:36.0338 0312blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
16:44:36.0338 0312blbdrive - ok
16:44:36.0447 0312Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
16:44:36.0447 0312Bonjour Service - ok
16:44:36.0525 0312bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
16:44:36.0525 0312bowser - ok
16:44:36.0556 0312BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
16:44:36.0556 0312BrFiltLo - ok
16:44:36.0556 0312BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
16:44:36.0556 0312BrFiltUp - ok
16:44:36.0618 0312Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
16:44:36.0618 0312Browser - ok
16:44:36.0634 0312Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
16:44:36.0634 0312Brserid - ok
16:44:36.0665 0312BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
16:44:36.0665 0312BrSerWdm - ok
16:44:36.0665 0312BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
16:44:36.0665 0312BrUsbMdm - ok
16:44:36.0681 0312BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
16:44:36.0681 0312BrUsbSer - ok
16:44:36.0681 0312BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
16:44:36.0696 0312BTHMODEM - ok
16:44:36.0712 0312cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
16:44:36.0728 0312cdfs - ok
16:44:36.0743 0312cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
16:44:36.0743 0312cdrom - ok
16:44:36.0774 0312CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
16:44:36.0774 0312CertPropSvc - ok
16:44:36.0806 0312circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
16:44:36.0806 0312circlass - ok
16:44:36.0852 0312CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
16:44:36.0852 0312CLFS - ok
16:44:36.0930 0312clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:44:36.0930 0312clr_optimization_v2.0.50727_32 - ok
16:44:36.0977 0312clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:44:36.0977 0312clr_optimization_v2.0.50727_64 - ok
16:44:37.0040 0312clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:44:37.0040 0312clr_optimization_v4.0.30319_32 - ok
16:44:37.0071 0312clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:44:37.0071 0312clr_optimization_v4.0.30319_64 - ok
16:44:37.0102 0312cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
16:44:37.0118 0312cmdide - ok
16:44:37.0118 0312Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
16:44:37.0118 0312Compbatt - ok
16:44:37.0118 0312COMSysApp - ok
16:44:37.0149 0312crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
16:44:37.0149 0312crcdisk - ok
16:44:37.0430 0312CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
16:44:37.0430 0312CryptSvc - ok
16:44:37.0492 0312CrystalSysInfo - ok
16:44:37.0866 0312CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
16:44:37.0866 0312CSC - ok
16:44:38.0116 0312CscService (1b5f256d31836ed2ba60b3a6c800200c) C:\Windows\System32\cscsvc.dll
16:44:38.0147 0312CscService - ok
16:44:38.0194 0312Dbgv (1088034b39366dbbc793551b9b338062) C:\Windows\system32\Drivers\Dbgv.sys
16:44:38.0194 0312Dbgv - ok
16:44:38.0319 0312DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
16:44:38.0334 0312DcomLaunch - ok
16:44:38.0397 0312DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
16:44:38.0397 0312DfsC - ok
16:44:38.0444 0312Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
16:44:38.0459 0312Dhcp - ok
16:44:38.0475 0312disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
16:44:38.0475 0312disk - ok
16:44:38.0537 0312Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
16:44:38.0537 0312Dnscache - ok
16:44:38.0802 0312dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
16:44:38.0818 0312dot3svc - ok
16:44:38.0912 0312Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
16:44:38.0912 0312Dot4 - ok
16:44:38.0943 0312Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:44:38.0943 0312Dot4Print - ok
16:44:38.0958 0312dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
16:44:38.0958 0312dot4usb - ok
16:44:38.0990 0312DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
16:44:39.0005 0312DPS - ok
16:44:39.0021 0312drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
16:44:39.0021 0312drmkaud - ok
16:44:39.0130 0312DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
16:44:39.0130 0312DXGKrnl - ok
16:44:39.0208 0312E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
16:44:39.0208 0312E1G60 - ok
16:44:39.0224 0312EagleX64 - ok
16:44:39.0255 0312EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
16:44:39.0270 0312EapHost - ok
16:44:39.0286 0312Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
16:44:39.0302 0312Ecache - ok
16:44:39.0458 0312ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
16:44:39.0458 0312ehRecvr - ok
16:44:39.0473 0312ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
16:44:39.0473 0312ehSched - ok
16:44:39.0504 0312ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
16:44:39.0504 0312ehstart - ok
16:44:39.0567 0312elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
16:44:39.0582 0312elxstor - ok
16:44:39.0676 0312EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
16:44:39.0676 0312EMDMgmt - ok
16:44:39.0723 0312ErrDev (c2d322c84530db37d3e8e1c7e011bf16) C:\Windows\system32\drivers\errdev.sys
16:44:39.0723 0312ErrDev - ok
16:44:39.0785 0312EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
16:44:39.0785 0312EventSystem - ok
16:44:39.0863 0312exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
16:44:39.0863 0312exfat - ok
16:44:39.0894 0312fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
16:44:39.0894 0312fastfat - ok
16:44:39.0941 0312fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
16:44:39.0941 0312fdc - ok
16:44:39.0972 0312fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
16:44:39.0972 0312fdPHost - ok
16:44:39.0972 0312FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
16:44:39.0972 0312FDResPub - ok
16:44:40.0004 0312FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
16:44:40.0004 0312FileInfo - ok
16:44:40.0019 0312Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
16:44:40.0019 0312Filetrace - ok
16:44:40.0019 0312flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:44:40.0035 0312flpydisk - ok
16:44:40.0066 0312FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
16:44:40.0082 0312FltMgr - ok
16:44:40.0440 0312FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
16:44:40.0440 0312FontCache - ok
16:44:40.0955 0312FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:44:40.0955 0312FontCache3.0.0.0 - ok
16:44:41.0018 0312Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
16:44:41.0033 0312Fs_Rec - ok
16:44:41.0111 0312fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
16:44:41.0111 0312fvevol - ok
16:44:41.0127 0312Fwleaf - ok
16:44:41.0174 0312gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
16:44:41.0174 0312gagp30kx - ok
16:44:41.0220 0312GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:44:41.0220 0312GEARAspiWDM - ok
16:44:42.0484 0312GJService (31b9b4005253b64f0684ba55d3ff1d81) C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe
16:44:42.0593 0312GJService - ok
16:44:42.0749 0312gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
16:44:42.0749 0312gpsvc - ok
16:44:42.0796 0312hcmon (204128a9751105db8794bbe13813f3a0) C:\Windows\system32\drivers\hcmon.sys
16:44:42.0812 0312hcmon - ok
16:44:42.0843 0312HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
16:44:42.0843 0312HdAudAddService - ok
16:44:42.0921 0312HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:44:42.0952 0312HDAudBus - ok
16:44:42.0968 0312HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
16:44:42.0968 0312HidBth - ok
16:44:42.0968 0312HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
16:44:42.0968 0312HidIr - ok
16:44:43.0014 0312hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
16:44:43.0014 0312hidserv - ok
16:44:43.0030 0312HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
16:44:43.0030 0312HidUsb - ok
16:44:43.0077 0312hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
16:44:43.0077 0312hkmsvc - ok
16:44:43.0092 0312HpCISSs (a27e8af2caac5e2693e6d4e2fce9b54f) C:\Windows\system32\drivers\hpcisss.sys
16:44:43.0108 0312HpCISSs - ok
16:44:43.0155 0312HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
16:44:43.0170 0312HTTP - ok
16:44:43.0170 0312i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
16:44:43.0170 0312i2omp - ok
16:44:43.0186 0312i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
16:44:43.0202 0312i8042prt - ok
16:44:43.0233 0312iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
16:44:43.0233 0312iaStorV - ok
16:44:43.0311 0312IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:44:43.0311 0312IDriverT - ok
16:44:43.0420 0312idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:44:43.0451 0312idsvc - ok
16:44:43.0467 0312iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
16:44:43.0467 0312iirsp - ok
16:44:43.0514 0312IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
16:44:43.0545 0312IKEEXT - ok
16:44:43.0670 0312IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
16:44:43.0685 0312IntcAzAudAddService - ok
16:44:43.0794 0312intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
16:44:43.0794 0312intelide - ok
16:44:43.0810 0312intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
16:44:43.0810 0312intelppm - ok
16:44:43.0841 0312IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
16:44:43.0841 0312IPBusEnum - ok
16:44:43.0872 0312IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:44:43.0872 0312IpFilterDriver - ok
16:44:43.0919 0312iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
16:44:43.0919 0312iphlpsvc - ok
16:44:43.0950 0312IPMIDRV (e41dd7038db14ae9d35b47b10bdce58a) C:\Windows\system32\drivers\ipmidrv.sys
16:44:43.0950 0312IPMIDRV - ok
16:44:43.0966 0312IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
16:44:43.0966 0312IPNAT - ok
16:44:44.0091 0312iPod Service (a3bda1a8a016b5e5a525bcf684894ebe) C:\Program Files\iPod\bin\iPodService.exe
16:44:44.0106 0312iPod Service - ok
16:44:44.0106 0312IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
16:44:44.0122 0312IRENUM - ok
16:44:44.0122 0312isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
16:44:44.0122 0312isapnp - ok
16:44:44.0169 0312iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
16:44:44.0169 0312iScsiPrt - ok
16:44:44.0169 0312iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
16:44:44.0169 0312iteatapi - ok
16:44:44.0184 0312iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
16:44:44.0184 0312iteraid - ok
16:44:44.0184 0312kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
16:44:44.0184 0312kbdclass - ok
16:44:44.0200 0312kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
16:44:44.0200 0312kbdhid - ok
16:44:44.0231 0312KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
16:44:44.0231 0312KeyIso - ok
16:44:44.0278 0312KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
16:44:44.0294 0312KSecDD - ok
16:44:44.0294 0312ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
16:44:44.0294 0312ksthunk - ok
16:44:44.0356 0312KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
16:44:44.0372 0312KtmRm - ok
16:44:44.0387 0312L1E (073508533e422ce8bcee234eb35ceebf) C:\Windows\system32\DRIVERS\L1E60x64.sys
16:44:44.0403 0312L1E - ok
16:44:44.0418 0312L8042Kbd (df6b07438c9709336b32481feb57dd21) C:\Windows\system32\DRIVERS\L8042Kbd.sys
16:44:44.0418 0312L8042Kbd - ok
16:44:44.0465 0312LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
16:44:44.0465 0312LanmanServer - ok
16:44:44.0512 0312LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
16:44:44.0512 0312LanmanWorkstation - ok
16:44:44.0668 0312LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
16:44:44.0684 0312LBTServ - ok
16:44:44.0715 0312leafnets (83ec58ed3aca5028919028667babf490) C:\Windows\system32\DRIVERS\leafnets.sys
16:44:44.0730 0312leafnets - ok
16:44:44.0762 0312LEqdUsb (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
16:44:44.0762 0312LEqdUsb - ok
16:44:44.0762 0312LHidEqd (3267bc698e29474a8381e68904eb0390) C:\Windows\system32\DRIVERS\LHidEqd.Sys
16:44:44.0762 0312LHidEqd - ok
16:44:44.0793 0312LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:44:44.0793 0312LHidFilt - ok
16:44:44.0840 0312lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
16:44:44.0840 0312lltdio - ok
16:44:44.0886 0312lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
16:44:44.0886 0312lltdsvc - ok
16:44:44.0918 0312lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
16:44:44.0918 0312lmhosts - ok
16:44:44.0949 0312LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:44:44.0949 0312LMouFilt - ok
16:44:44.0964 0312LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
16:44:44.0964 0312LSI_FC - ok
16:44:44.0980 0312LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
16:44:44.0980 0312LSI_SAS - ok
16:44:45.0011 0312LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
16:44:45.0011 0312LSI_SCSI - ok
16:44:45.0058 0312luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
16:44:45.0058 0312luafv - ok
16:44:45.0089 0312Maplom (f2ae2c6b72f272ae696e22d6a9f1dafc) C:\Windows\system32\drivers\Maplom.sys
16:44:45.0089 0312Maplom - ok
16:44:45.0105 0312MaplomL (405460f392de8311c1fcc65da77ed4ab) C:\Windows\system32\drivers\MaplomL.sys
16:44:45.0120 0312MaplomL - ok
16:44:45.0152 0312mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
16:44:45.0167 0312mcdbus - ok
16:44:45.0198 0312Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
16:44:45.0198 0312Mcx2Svc - ok
16:44:45.0230 0312megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
16:44:45.0230 0312megasas - ok
16:44:45.0276 0312MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
16:44:45.0276 0312MegaSR - ok
16:44:45.0308 0312MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
16:44:45.0323 0312MMCSS - ok
16:44:45.0323 0312Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
16:44:45.0323 0312Modem - ok
16:44:45.0370 0312monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
16:44:45.0370 0312monitor - ok
16:44:45.0370 0312mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
16:44:45.0370 0312mouclass - ok
16:44:45.0386 0312mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
16:44:45.0386 0312mouhid - ok
16:44:45.0417 0312MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
16:44:45.0417 0312MountMgr - ok
16:44:45.0526 0312MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:44:45.0526 0312MozillaMaintenance - ok
16:44:45.0573 0312mpio (cbb01a298cb24d250017cea54884bba8) C:\Windows\system32\drivers\mpio.sys
16:44:45.0588 0312mpio - ok
16:44:45.0635 0312mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
16:44:45.0635 0312mpsdrv - ok
16:44:45.0682 0312MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
16:44:45.0698 0312MpsSvc - ok
16:44:45.0698 0312Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
16:44:45.0698 0312Mraid35x - ok
16:44:45.0729 0312MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
16:44:45.0744 0312MRxDAV - ok
16:44:45.0776 0312mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:44:45.0776 0312mrxsmb - ok
16:44:45.0807 0312mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:44:45.0807 0312mrxsmb10 - ok
16:44:45.0822 0312mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:44:45.0822 0312mrxsmb20 - ok
16:44:45.0838 0312msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\DRIVERS\msahci.sys
16:44:45.0838 0312msahci - ok
16:44:45.0869 0312msdsm (0db324146494d45417905b7009858937) C:\Windows\system32\drivers\msdsm.sys
16:44:45.0869 0312msdsm - ok
16:44:45.0900 0312MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
16:44:45.0900 0312MSDTC - ok
16:44:45.0947 0312MSDV (df674ba7da5a4753d839a905b66d2fd9) C:\Windows\system32\DRIVERS\msdv.sys
16:44:45.0947 0312MSDV - ok
16:44:45.0947 0312Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
16:44:45.0947 0312Msfs - ok
16:44:45.0963 0312msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
16:44:45.0978 0312msisadrv - ok
16:44:46.0010 0312MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
16:44:46.0025 0312MSiSCSI - ok
16:44:46.0025 0312msiserver - ok
16:44:46.0056 0312MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
16:44:46.0056 0312MSKSSRV - ok
16:44:46.0056 0312MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
16:44:46.0056 0312MSPCLOCK - ok
16:44:46.0056 0312MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
16:44:46.0056 0312MSPQM - ok
16:44:46.0103 0312MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
16:44:46.0103 0312MsRPC - ok
16:44:46.0134 0312mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
16:44:46.0134 0312mssmbios - ok
16:44:46.0228 0312MSSQL$SQLEXPRESS - ok
16:44:46.0259 0312MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
16:44:46.0259 0312MSSQLServerADHelper - ok
16:44:46.0306 0312MSTAPE (7d1f9672aa6d98d896fe22314442c36f) C:\Windows\system32\DRIVERS\mstape.sys
16:44:46.0322 0312MSTAPE - ok
16:44:46.0353 0312MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
16:44:46.0353 0312MSTEE - ok
16:44:47.0273 0312msvsmon90 (cb4a082af58d1a0969f931816d5cfb05) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
16:44:47.0398 0312msvsmon90 - ok
16:44:47.0694 0312MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
16:44:47.0694 0312MTsensor - ok
16:44:47.0757 0312Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
16:44:47.0757 0312Mup - ok
16:44:47.0975 0312napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
16:44:47.0991 0312napagent - ok
16:44:48.0053 0312NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
16:44:48.0069 0312NativeWifiP - ok
16:44:48.0194 0312NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
16:44:48.0194 0312NDIS - ok
16:44:48.0240 0312NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
16:44:48.0256 0312NdisTapi - ok
16:44:48.0287 0312Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
16:44:48.0287 0312Ndisuio - ok
16:44:48.0318 0312NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
16:44:48.0318 0312NdisWan - ok
16:44:48.0334 0312NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
16:44:48.0334 0312NDProxy - ok
16:44:48.0350 0312NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
16:44:48.0350 0312NetBIOS - ok
16:44:48.0365 0312netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
16:44:48.0381 0312netbt - ok
16:44:48.0428 0312Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
16:44:48.0428 0312Netlogon - ok
16:44:48.0599 0312Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
16:44:48.0599 0312Netman - ok
16:44:49.0020 0312NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:44:49.0020 0312NetMsmqActivator - ok
16:44:49.0020 0312NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:44:49.0020 0312NetPipeActivator - ok
16:44:49.0067 0312netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
16:44:49.0067 0312netprofm - ok
16:44:49.0067 0312NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:44:49.0067 0312NetTcpActivator - ok
16:44:49.0067 0312NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:44:49.0067 0312NetTcpPortSharing - ok
16:44:49.0161 0312nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
16:44:49.0161 0312nfrd960 - ok
16:44:49.0192 0312NfsClnt (e29e99919fb2e6d81679a264313ac6ca) C:\Windows\system32\nfsclnt.exe
16:44:49.0192 0312NfsClnt - ok
16:44:49.0208 0312NfsRdr (710c0296c14d25018875ce9d30563963) C:\Windows\system32\drivers\nfsrdr.sys
16:44:49.0208 0312NfsRdr - ok
16:44:49.0270 0312NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
16:44:49.0270 0312NlaSvc - ok
16:44:49.0317 0312NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
16:44:49.0317 0312NPF - ok
16:44:49.0332 0312Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
16:44:49.0332 0312Npfs - ok
16:44:49.0348 0312npggsvc - ok
16:44:49.0379 0312nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
16:44:49.0379 0312nsi - ok
16:44:49.0473 0312nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
16:44:49.0488 0312nsiproxy - ok
16:44:49.0644 0312Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
16:44:49.0644 0312Ntfs - ok
16:44:50.0284 0312NtmsSvc (96e310ec2bb1fc55fa4d32839aa990a2) C:\Windows\system32\ntmssvc.dll
16:44:50.0284 0312NtmsSvc - ok
16:44:50.0424 0312Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
16:44:50.0424 0312Null - ok
16:44:52.0000 0312nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:44:52.0078 0312nvlddmkm - ok
16:44:52.0234 0312NVNET - ok
16:44:52.0281 0312nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
16:44:52.0296 0312nvraid - ok
16:44:52.0296 0312nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
16:44:52.0296 0312nvsmu - ok
16:44:52.0312 0312nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
16:44:52.0312 0312nvstor - ok
16:44:52.0406 0312nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
16:44:52.0406 0312nvsvc - ok
16:44:52.0624 0312nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:44:52.0686 0312nvUpdatusService - ok
16:44:52.0827 0312nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
16:44:52.0842 0312nv_agp - ok
16:44:52.0920 0312odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:44:52.0936 0312odserv - ok
16:44:52.0983 0312ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
16:44:52.0983 0312ohci1394 - ok
16:44:53.0092 0312ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:44:53.0108 0312ose - ok
16:44:53.0217 0312p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
16:44:53.0217 0312p2pimsvc - ok
16:44:53.0232 0312p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
16:44:53.0232 0312p2psvc - ok
16:44:53.0279 0312Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
16:44:53.0279 0312Parport - ok
16:44:53.0310 0312partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
16:44:53.0310 0312partmgr - ok
16:44:53.0326 0312PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
16:44:53.0342 0312PcaSvc - ok
16:44:53.0342 0312pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
16:44:53.0357 0312pci - ok
16:44:53.0388 0312pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
16:44:53.0404 0312pciide - ok
16:44:53.0420 0312pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
16:44:53.0435 0312pcmcia - ok
16:44:53.0482 0312PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
16:44:53.0498 0312PEAUTH - ok
16:44:53.0576 0312PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
16:44:53.0576 0312PerfHost - ok
16:44:53.0700 0312pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
16:44:53.0747 0312pla - ok
16:44:53.0794 0312PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
16:44:53.0794 0312PlugPlay - ok
16:44:53.0810 0312PnkBstrA - ok
16:44:53.0872 0312PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
16:44:53.0872 0312PNRPAutoReg - ok
16:44:53.0888 0312PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
16:44:53.0888 0312PNRPsvc - ok
16:44:53.0950 0312PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
16:44:53.0966 0312PolicyAgent - ok
16:44:54.0059 0312PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
16:44:54.0059 0312PptpMiniport - ok
16:44:54.0075 0312Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
16:44:54.0075 0312Processor - ok
16:44:54.0137 0312ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
16:44:54.0137 0312ProfSvc - ok
16:44:54.0168 0312ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
16:44:54.0168 0312ProtectedStorage - ok
16:44:54.0184 0312PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
16:44:54.0184 0312PSched - ok
16:44:54.0231 0312PSMounter (7a25f37c8f3e7d3d86758cb4a44df1df) C:\Windows\system32\drivers\psmounter.sys
16:44:54.0231 0312PSMounter - ok
16:44:54.0246 0312PSVolAcc (69a5d755c182b1c39b4cbbffdfef9634) C:\Windows\system32\drivers\PSVolAcc.sys
16:44:54.0246 0312PSVolAcc - ok
16:44:54.0278 0312PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:44:54.0278 0312PxHlpa64 - ok
16:44:54.0371 0312ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
16:44:54.0418 0312ql2300 - ok
16:44:54.0434 0312ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
16:44:54.0434 0312ql40xx - ok
16:44:54.0480 0312QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
16:44:54.0496 0312QWAVE - ok
16:44:54.0512 0312QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
16:44:54.0512 0312QWAVEdrv - ok
16:44:54.0527 0312RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
16:44:54.0527 0312RasAcd - ok
16:44:54.0543 0312RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
16:44:54.0543 0312RasAuto - ok
16:44:54.0558 0312Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:44:54.0574 0312Rasl2tp - ok
16:44:54.0621 0312RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
16:44:54.0636 0312RasMan - ok
16:44:54.0636 0312RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
16:44:54.0636 0312RasPppoe - ok
16:44:54.0652 0312RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
16:44:54.0652 0312RasSstp - ok
16:44:54.0683 0312rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
16:44:54.0683 0312rdbss - ok
16:44:54.0699 0312RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:44:54.0699 0312RDPCDD - ok
16:44:54.0730 0312rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
16:44:54.0746 0312rdpdr - ok
16:44:54.0746 0312RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
16:44:54.0746 0312RDPENCDD - ok
16:44:54.0808 0312RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
16:44:54.0808 0312RDPWD - ok
16:44:54.0917 0312ReflectService (bc1184233839ad2f1c4c741cd95b1617) C:\Program Files\Macrium\Reflect\ReflectService.exe
16:44:54.0917 0312ReflectService - ok
16:44:54.0964 0312RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
16:44:54.0964 0312RemoteAccess - ok
16:44:55.0026 0312RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
16:44:55.0026 0312RemoteRegistry - ok
16:44:55.0198 0312rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
16:44:55.0198 0312rpcapd - ok
16:44:55.0229 0312RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
16:44:55.0229 0312RpcLocator - ok
16:44:55.0307 0312RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
16:44:55.0307 0312RpcSs - ok
16:44:55.0385 0312RpcXdr (4808d87a10455cc5575034b3b33b1732) C:\Windows\system32\drivers\rpcxdr.sys
16:44:55.0385 0312RpcXdr - ok
16:44:55.0416 0312rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
16:44:55.0432 0312rspndr - ok
16:44:55.0463 0312SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
16:44:55.0463 0312SamSs - ok
16:44:55.0494 0312sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
16:44:55.0494 0312sbp2port - ok
16:44:55.0526 0312SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
16:44:55.0541 0312SCardSvr - ok
16:44:55.0604 0312Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
16:44:55.0619 0312Schedule - ok
16:44:55.0650 0312SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
16:44:55.0650 0312SCPolicySvc - ok
16:44:55.0666 0312SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
16:44:55.0666 0312SDRSVC - ok
16:44:55.0697 0312secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:44:55.0697 0312secdrv - ok
16:44:55.0713 0312seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
16:44:55.0713 0312seclogon - ok
16:44:55.0744 0312SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
16:44:55.0744 0312SENS - ok
16:44:55.0775 0312Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
16:44:55.0775 0312Serenum - ok
16:44:55.0791 0312Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
16:44:55.0791 0312Serial - ok
16:44:55.0806 0312sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
16:44:55.0806 0312sermouse - ok
16:44:55.0853 0312SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
16:44:55.0853 0312SessionEnv - ok
16:44:55.0853 0312sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\drivers\sffdisk.sys
16:44:55.0853 0312sffdisk - ok
16:44:55.0853 0312sffp_mmc (dbbd3fd8af718966af768a754e07e8c0) C:\Windows\system32\drivers\sffp_mmc.sys
16:44:55.0853 0312sffp_mmc - ok
16:44:55.0869 0312sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\drivers\sffp_sd.sys
16:44:55.0869 0312sffp_sd - ok
16:44:55.0869 0312sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
16:44:55.0869 0312sfloppy - ok
16:44:55.0916 0312SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
16:44:55.0916 0312SharedAccess - ok
16:44:55.0947 0312ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
16:44:55.0947 0312ShellHWDetection - ok
16:44:55.0962 0312SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
16:44:55.0962 0312SiSRaid2 - ok
16:44:55.0962 0312SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
16:44:55.0962 0312SiSRaid4 - ok
16:44:56.0025 0312SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
16:44:56.0025 0312SkypeUpdate - ok
16:44:56.0306 0312slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
16:44:56.0321 0312slsvc - ok
16:44:56.0446 0312SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
16:44:56.0446 0312SLUINotify - ok
16:44:56.0524 0312Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
16:44:56.0524 0312Smb - ok
16:44:56.0555 0312SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
16:44:56.0555 0312SNMPTRAP - ok
16:44:56.0571 0312spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
16:44:56.0571 0312spldr - ok
16:44:56.0618 0312Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
16:44:56.0618 0312Spooler - ok
16:44:56.0711 0312sptd (a15860e920b02c9a7ce8f3a6c2ff1e3a) C:\Windows\System32\Drivers\sptd.sys
16:44:56.0711 0312sptd - ok
16:44:56.0836 0312SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:44:56.0836 0312SQLBrowser - ok
16:44:56.0930 0312SQLWriter (3c432a96363097870995e2a3c8b66abd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:44:56.0945 0312SQLWriter - ok
16:44:56.0992 0312srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
16:44:56.0992 0312srv - ok
16:44:57.0023 0312srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
16:44:57.0023 0312srv2 - ok
16:44:57.0054 0312srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
16:44:57.0070 0312srvnet - ok
16:44:57.0148 0312SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
16:44:57.0148 0312SSDPSRV - ok
16:44:57.0164 0312SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
16:44:57.0164 0312SstpSvc - ok
16:44:57.0273 0312StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
16:44:57.0288 0312StarWindServiceAE - ok
16:44:57.0320 0312Steam Client Service - ok
16:44:57.0398 0312Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:44:57.0398 0312Stereo Service - ok
16:44:57.0460 0312stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
16:44:57.0460 0312stisvc - ok
16:44:57.0507 0312swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
16:44:57.0507 0312swenum - ok
16:44:57.0616 0312SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:44:57.0632 0312SwitchBoard - ok
16:44:57.0678 0312swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
16:44:57.0678 0312swprv - ok
16:44:57.0710 0312Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
16:44:57.0710 0312Symc8xx - ok
16:44:57.0741 0312Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
16:44:57.0741 0312Sym_hi - ok
16:44:57.0756 0312Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
16:44:57.0756 0312Sym_u3 - ok
16:44:57.0819 0312SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
16:44:57.0834 0312SysMain - ok
16:44:57.0866 0312TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
16:44:57.0866 0312TabletInputService - ok
16:44:57.0928 0312tap0901 (f9be29d5e097f03f81d3cd12b794cb66) C:\Windows\system32\DRIVERS\tap0901.sys
16:44:57.0928 0312tap0901 - ok
16:44:57.0975 0312TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
16:44:57.0990 0312TapiSrv - ok
16:44:58.0006 0312TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
16:44:58.0006 0312TBS - ok
16:44:58.0100 0312Tcpip (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\drivers\tcpip.sys
16:44:58.0115 0312Tcpip - ok
16:44:58.0302 0312Tcpip6 (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\DRIVERS\tcpip.sys
16:44:58.0318 0312Tcpip6 - ok
16:44:58.0380 0312tcpipreg (fd8fde859e38e40a20085ebb0c22b416) C:\Windows\system32\drivers\tcpipreg.sys
16:44:58.0380 0312tcpipreg - ok
16:44:58.0412 0312TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
16:44:58.0412 0312TDPIPE - ok
16:44:58.0427 0312TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
16:44:58.0427 0312TDTCP - ok
16:44:58.0443 0312tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
16:44:58.0458 0312tdx - ok
16:44:58.0692 0312TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
16:44:58.0786 0312TeamViewer7 - ok
16:44:58.0895 0312TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
16:44:58.0895 0312TermDD - ok
16:44:58.0958 0312TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
16:44:58.0989 0312TermService - ok
16:44:59.0036 0312Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
16:44:59.0036 0312Themes - ok
16:44:59.0082 0312THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
16:44:59.0082 0312THREADORDER - ok
16:44:59.0114 0312TPM (270308efb59976157755c768b8544b5f) C:\Windows\system32\drivers\tpm.sys
16:44:59.0129 0312TPM - ok
16:44:59.0145 0312TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
16:44:59.0145 0312TrkWks - ok
16:44:59.0207 0312TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
16:44:59.0207 0312TrustedInstaller - ok
16:44:59.0238 0312tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:44:59.0238 0312tssecsrv - ok
16:44:59.0270 0312tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
16:44:59.0270 0312tunmp - ok
16:44:59.0301 0312tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
16:44:59.0301 0312tunnel - ok
16:44:59.0316 0312uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
16:44:59.0316 0312uagp35 - ok
16:44:59.0348 0312udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
16:44:59.0363 0312udfs - ok
16:44:59.0441 0312ufad-ws60 (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
16:44:59.0457 0312ufad-ws60 - ok
16:44:59.0519 0312UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
16:44:59.0519 0312UI0Detect - ok
16:44:59.0550 0312uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
16:44:59.0550 0312uliagpkx - ok
16:44:59.0582 0312uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
16:44:59.0597 0312uliahci - ok
16:44:59.0613 0312UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
16:44:59.0613 0312UlSata - ok
16:44:59.0628 0312ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
16:44:59.0628 0312ulsata2 - ok
16:44:59.0644 0312umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
16:44:59.0660 0312umbus - ok
16:44:59.0675 0312UmRdpService (dc5e34f189b827199b9cc8481c648269) C:\Windows\System32\umrdp.dll
16:44:59.0691 0312UmRdpService - ok
16:44:59.0753 0312UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
16:44:59.0769 0312UnlockerDriver5 - ok
16:44:59.0800 0312upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
16:44:59.0800 0312upnphost - ok
16:44:59.0800 0312USBAAPL64 - ok
16:44:59.0831 0312usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
16:44:59.0847 0312usbaudio - ok
16:44:59.0847 0312usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
16:44:59.0862 0312usbccgp - ok
16:44:59.0894 0312usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
16:44:59.0894 0312usbcir - ok
16:44:59.0925 0312usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
16:44:59.0925 0312usbehci - ok
16:44:59.0940 0312usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
16:44:59.0956 0312usbhub - ok
16:44:59.0987 0312usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
16:44:59.0987 0312usbohci - ok
16:45:00.0018 0312usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
16:45:00.0018 0312usbprint - ok
16:45:00.0050 0312USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:45:00.0050 0312USBSTOR - ok
16:45:00.0081 0312usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
16:45:00.0081 0312usbuhci - ok
16:45:00.0128 0312UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
16:45:00.0128 0312UxSms - ok
16:45:00.0221 0312VBoxDrv (ed492636ee26ec43daa4baa7ef0da7ad) C:\Windows\system32\DRIVERS\VBoxDrv.sys
16:45:00.0221 0312VBoxDrv - ok
16:45:00.0268 0312VBoxNetAdp (48630b4530c80aaf3dde9633e4291d8c) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
16:45:00.0284 0312VBoxNetAdp - ok
16:45:00.0315 0312VBoxNetFlt (5160910ce602710d7e87f1b35487e7db) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
16:45:00.0315 0312VBoxNetFlt - ok
16:45:00.0362 0312VBoxUSB (815e54e21908488bc545659a76d57d2f) C:\Windows\system32\Drivers\VBoxUSB.sys
16:45:00.0362 0312VBoxUSB - ok
16:45:00.0393 0312VBoxUSBMon (99906a079a6c24d4b8b0dbed02b7869b) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
16:45:00.0393 0312VBoxUSBMon - ok
16:45:00.0471 0312vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
16:45:00.0471 0312vds - ok
16:45:00.0502 0312vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
16:45:00.0502 0312vga - ok
16:45:00.0518 0312VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
16:45:00.0518 0312VgaSave - ok
16:45:00.0533 0312viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
16:45:00.0533 0312viaide - ok
16:45:00.0627 0312VMAuthdService (a1952a4701a30cbb81aecf1daf45da83) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
16:45:00.0627 0312VMAuthdService - ok
16:45:00.0658 0312vmci (dbe772987c8305df4f93dbecb9daba4f) C:\Windows\system32\drivers\vmci.sys
16:45:00.0658 0312vmci - ok
16:45:00.0689 0312vmkbd (8218c887f0e98fe77bddae248632c1b8) C:\Windows\system32\drivers\VMkbd.sys
16:45:00.0689 0312vmkbd - ok
16:45:00.0705 0312VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
16:45:00.0705 0312VMnetAdapter - ok
16:45:00.0736 0312VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
16:45:00.0736 0312VMnetBridge - ok
16:45:00.0736 0312VMnetDHCP - ok
16:45:00.0752 0312VMnetuserif (58d6362f4bcfaad926d4f5a997d49d19) C:\Windows\system32\drivers\vmnetuserif.sys
16:45:00.0752 0312VMnetuserif - ok
16:45:00.0830 0312VMUSBArbService (8e83621c5f05e4e9b09cf81da0e55620) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
16:45:00.0830 0312VMUSBArbService - ok
16:45:00.0830 0312VMware NAT Service - ok
16:45:00.0861 0312vmx86 (1b8c80cc59a8e9567c4ec0e296a2b062) C:\Windows\system32\drivers\vmx86.sys
16:45:00.0861 0312vmx86 - ok
16:45:00.0923 0312volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
16:45:00.0923 0312volmgr - ok
16:45:00.0939 0312volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
16:45:00.0954 0312volmgrx - ok
16:45:00.0970 0312volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
16:45:00.0970 0312volsnap - ok
16:45:00.0970 0312vsdatant7 - ok
16:45:01.0032 0312vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
16:45:01.0032 0312vsmraid - ok
16:45:01.0173 0312VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
16:45:01.0188 0312VSS - ok
16:45:01.0251 0312vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
16:45:01.0251 0312vstor2-ws60 - ok
16:45:01.0438 0312W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
16:45:01.0454 0312W32Time - ok
16:45:01.0485 0312WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
16:45:01.0485 0312WacomPen - ok
16:45:01.0516 0312Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:45:01.0532 0312Wanarp - ok
16:45:01.0532 0312Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:45:01.0532 0312Wanarpv6 - ok
16:45:01.0610 0312wbengine (48eee289df9e4989128b2283f3eeacc6) C:\Windows\system32\wbengine.exe
16:45:01.0625 0312wbengine - ok
16:45:01.0656 0312wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
16:45:01.0672 0312wcncsvc - ok
16:45:01.0688 0312WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
16:45:01.0688 0312WcsPlugInService - ok
16:45:01.0750 0312Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
16:45:01.0750 0312Wd - ok
16:45:01.0797 0312Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
16:45:01.0797 0312Wdf01000 - ok
16:45:01.0828 0312WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
16:45:01.0828 0312WdiServiceHost - ok
16:45:01.0828 0312WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
16:45:01.0844 0312WdiSystemHost - ok
16:45:01.0875 0312WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
16:45:01.0875 0312WebClient - ok
16:45:01.0906 0312Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
16:45:01.0906 0312Wecsvc - ok
16:45:01.0953 0312wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
16:45:01.0953 0312wercplsupport - ok
16:45:01.0968 0312WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
16:45:01.0968 0312WerSvc - ok
16:45:02.0031 0312WinDefend - ok
16:45:02.0078 0312WinHttpAutoProxySvc - ok
16:45:02.0202 0312Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
16:45:02.0218 0312Winmgmt - ok
16:45:02.0343 0312WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
16:45:02.0358 0312WinRM - ok
16:45:02.0530 0312Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
16:45:02.0546 0312Wlansvc - ok
16:45:02.0577 0312WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:45:02.0577 0312WmiAcpi - ok
16:45:02.0639 0312wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
16:45:02.0655 0312wmiApSrv - ok
16:45:02.0702 0312WMPNetworkSvc - ok
16:45:02.0748 0312WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
16:45:02.0748 0312WPCSvc - ok
16:45:02.0795 0312WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
16:45:02.0795 0312WPDBusEnum - ok
16:45:02.0842 0312WpdUsb (5


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to tgp1994
All clean. Nothing more to do except cleanup.

I expect there may have been a compromised website that got your financial information. There are no indicators in the logs of any malware remnants.

Cleaning Up:

Delete TFC:
  • Delete the TFC icon on your Desktop

Delete OTL:
  • Double click the OTL icon on your Desktop
  • Press the 'Cleanup' button

Delete Security Check:
  • Delete the SecurityCheck icon on your Desktop

Delete Malware Bytes:
  • We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.

Delete Sophos AntiRootkit
  • If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.

Other Programs:
  • If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

tgp1994

join:2010-10-06
Hmm... Alright, I suppose that makes sense. Maybe they also lifted my address book too, explaining the strange email that was supposedly sent from me.

Thank you for the help, LoPhatPhuud.