Computer may be compromised

Author	All Replies
tgp1994 join:2010-10-06 1 edit	Computer may be compromised Hello everyone, I think my computer may be compromised. About a month ago, my debit card was being used to make unauthorized purchases on itunes. A support agent (accidentally) divulged the email address associated with the purchase, and it seemed to be an email from china (a yahoo.cn domain, with what appeared to be a Chinese name in the address). That certainly doesn't sound good. Then just today, a contact on my outlook contact list received an email that I had never sent. The email appeared to originate from someone else on the yahoo email network, but they were using my full name. Both of those events seem linked, and I'm afraid that it may be due to malware on my pc. I'm currently running Windows Vista Ultimate SP2, and until about a week ago I was using Microsoft Security Essentials for antimalware. I then changed to AVG Free, although that hasn't detected anything new. Now, for the pre-cleaning steps that I've taken: •Hidden files and folders are shown. Vista does not seem to have a checkbox for "displaying the contents of system folders", although I haven't had any reason to go poking around in there anyways. •Notepad has wordwrap unchecked •Windows Defender is disabled •AVG's Resident shield is disabled •TFC has been run •MBAM was run •OTL was run •ESET online scan was run (did not produce a log, although I saved a file of the three files that were detected). MBAM Log: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.30.11 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Glen :: GLENVISTA [administrator] 7/30/2012 8:19:24 PM mbam-log-2012-07-30 (20-19-24).txt Scan type: Full scan (C:\\|) Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 647791 Time elapsed: 1 hour(s), 28 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) checkup.txt: Results of screen317's Security Check version 0.99.43 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 [u]``````````````Antivirus/Firewall Check:``````````````[/u] Windows Firewall Disabled! AVG Internet Security 2012 Antivirus up to date! (On Access scanning disabled!) [u]`````````Anti-malware/Other Utilities Check:`````````[/u] Malwarebytes Anti-Malware version 1.62.0.1300 Adobe Flash Player 11.3.300.268 Mozilla Firefox 13.0.1 [color=red]Firefox out of Date![/color] [u]````````Process Check: objlist.exe by Laurent````````[/u] AVG avgwdsvc.exe AVG avgtray.exe Glen AppData Roaming uTorrent\VirusGuard\BitTorrentAntivirus.exe Glen Desktop Malware SecurityCheck.exe [u]`````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C: 2 % [color=red]Defragment your hard drive soon![/color] [u]````````````````````End of Log``````````````````````[/u] Online antivirus scan log: C:\Program Files (x86)\Steam\steamapps\tgp1994\garrysmod\garrysmod\temp_html_page.htmlHTML/Iframe.B.Gen virusdeleted - quarantined C:\Program Files (x86)\Steam\steamapps\tgp1994\garrysmod\garrysmod\data\ulx\motd.txtHTML/Iframe.B.Gen virusdeleted - quarantined C:\Program Files (x86)\UV Realtime\UV Realtime.exea variant of MSIL/Packed.CryptoObfuscator.C applicationcleaned by deleting - quarantined Note: None of those three files should be harmful. False positives, afaik. I hope these may help you help me. Many thanks in advance!
	to forum · permalink · 2012-07-31 00:12:52 ·

lilhurricane So mote it be Premium,Mod join:2003-01-11 Purple Zone kudos:54 Reviews: ·Comcast Host: TV over IP Software RCN Inside Insight Cellphones, Provid..	OTL Please don't code files..they need to be opened for easier analysis. Thanks OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Glen\Desktop\Malware 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 6.00 Gb Total Physical Memory \| 3.22 Gb Available Physical Memory \| 53.60% Memory free 12.21 Gb Paging File \| 9.10 Gb Available in Paging File \| 74.51% Paging File free Paging file location(s): f:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 232.88 Gb Total Space \| 12.07 Gb Free Space \| 5.18% Space Free \| Partition Type: NTFS Drive D: \| 5.37 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: UDF Drive F: \| 931.51 Gb Total Space \| 118.56 Gb Free Space \| 12.73% Space Free \| Partition Type: NTFS Computer Name: GLENVISTA \| User Name: Glen \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/07/30 21:43:07 \| 000,162,816 \| ---- \| M] () -- C:\Users\Glen\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe PRC - [2012/07/30 21:38:18 \| 000,896,400 \| ---- \| M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe PRC - [2012/07/30 20:59:38 \| 000,597,504 \| ---- \| M] (OldTimer Tools) -- C:\Users\Glen\Desktop\Malware\OTL.exe PRC - [2012/06/13 03:48:50 \| 002,321,560 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe PRC - [2012/06/09 19:56:08 \| 000,334,488 \| ---- \| M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2012/06/09 19:56:04 \| 000,113,304 \| ---- \| M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2012/06/09 19:55:24 \| 000,129,688 \| ---- \| M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe PRC - [2012/06/09 19:55:18 \| 000,404,120 \| ---- \| M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2012/06/09 18:30:12 \| 000,539,288 \| ---- \| M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2012/05/24 14:39:22 \| 027,112,840 \| ---- \| M] (Dropbox, Inc.) -- C:\Users\Glen\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/05/14 11:28:22 \| 006,149,120 \| ---- \| M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe PRC - [2012/04/05 05:12:34 \| 002,587,008 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012/02/29 13:26:46 \| 000,382,272 \| ---- \| M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/02/14 04:53:38 \| 000,193,288 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/07/30 21:44:07 \| 000,056,224 \| ---- \| M] () -- \\?\C:\Users\Glen\AppData\Roaming\uTorrent\VirusGuard\avxdisk.dll MOD - [2012/07/30 21:43:07 \| 000,162,816 \| ---- \| M] () -- C:\Users\Glen\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:64bit:* - [2011/10/31 05:49:32 \| 000,301,720 \| ---- \| M] () [Disabled \| Stopped] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService) SRV:64bit: - [2011/09/27 15:04:08 \| 000,359,192 \| ---- \| M] (Logitech, Inc.) [Disabled \| Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2009/04/11 12:25:24 \| 000,062,976 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Windows\SysNative\nfsclnt.exe -- (NfsClnt) SRV:64bit: - [2008/07/29 13:20:28 \| 004,737,024 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV:64bit: - [2008/01/20 22:51:10 \| 000,521,216 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\ntmssvc.dll -- (NtmsSvc) SRV:64bit: - [2008/01/20 22:50:23 \| 000,195,584 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008/01/20 22:46:39 \| 000,383,544 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/07/30 17:54:04 \| 000,250,056 \| ---- \| M] (Adobe Systems Incorporated) [Disabled \| Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/06/19 11:58:10 \| 000,529,232 \| ---- \| M] (Valve Corporation) [Auto \| Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/06/17 13:40:56 \| 000,113,120 \| ---- \| M] (Mozilla Foundation) [On_Demand \| Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/06/13 03:48:50 \| 002,321,560 \| ---- \| M] (AVG Technologies CZ, s.r.o.) [Auto \| Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws) SRV - [2012/06/09 19:56:08 \| 000,334,488 \| ---- \| M] (VMware, Inc.) [Auto \| Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2012/06/09 19:56:04 \| 000,113,304 \| ---- \| M] (VMware, Inc.) [Auto \| Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2012/06/09 19:55:18 \| 000,404,120 \| ---- \| M] (VMware, Inc.) [Auto \| Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2012/06/09 18:30:12 \| 000,539,288 \| ---- \| M] (VMware, Inc.) [Auto \| Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2012/06/05 15:17:44 \| 000,160,944 \| R--- \| M] (Skype Technologies) [Auto \| Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/03/19 07:38:46 \| 002,666,880 \| ---- \| M] (TeamViewer GmbH) [Disabled \| Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012/02/29 20:02:00 \| 002,348,352 \| ---- \| M] (NVIDIA Corporation) [Auto \| Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/02/29 13:26:46 \| 000,382,272 \| ---- \| M] (NVIDIA Corporation) [Auto \| Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/02/14 04:53:38 \| 000,193,288 \| ---- \| M] (AVG Technologies CZ, s.r.o.) [Auto \| Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2012/01/05 11:42:34 \| 000,075,624 \| ---- \| M] (Alcohol Soft Development Team) [Disabled \| Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe -- (AxAutoMntSrv) SRV - [2011/09/06 02:33:56 \| 003,547,648 \| ---- \| M] () [On_Demand \| Stopped] -- C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe -- (GJService) SRV - [2011/08/07 08:40:00 \| 003,804,120 \| ---- \| M] (INCA Internet Co., Ltd.) [On_Demand \| Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2011/06/22 23:49:10 \| 000,075,136 \| ---- \| M] () [On_Demand \| Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010/08/19 13:57:14 \| 000,191,024 \| ---- \| M] (VMware, Inc.) [On_Demand \| Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60) SRV - [2010/06/25 13:07:20 \| 000,117,264 \| ---- \| M] (CACE Technologies, Inc.) [Disabled \| Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010/03/18 14:16:28 \| 000,130,384 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 14:37:14 \| 000,517,096 \| ---- \| M] (Adobe Systems Incorporated) [Disabled \| Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/12/23 17:34:20 \| 000,370,688 \| ---- \| M] (StarWind Software) [On_Demand \| Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009/04/11 12:24:52 \| 000,066,368 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:64bit: - File not found [Kernel \| On_Demand \| Stopped] -- C:\Program Files\AudioCoder x64\SysInfoX64.sys -- (CrystalSysInfo) DRV:64bit: - [2012/06/09 19:56:52 \| 000,068,760 \| ---- \| M] (VMware, Inc.) [Kernel \| Auto \| Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2012/06/09 19:56:40 \| 000,081,048 \| ---- \| M] (VMware, Inc.) [Kernel \| Auto \| Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2012/06/09 19:54:56 \| 000,031,896 \| ---- \| M] (VMware, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2012/06/09 19:54:50 \| 000,030,360 \| ---- \| M] (VMware, Inc.) [Kernel \| Auto \| Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2012/06/09 18:30:08 \| 000,038,552 \| ---- \| M] (VMware, Inc.) [Kernel \| Auto \| Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2012/06/09 16:06:56 \| 000,045,104 \| ---- \| M] (VMware, Inc.) [Kernel \| Auto \| Running] -- C:\Windows\SysNative\DRIVERS\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2012/06/09 16:06:56 \| 000,020,016 \| ---- \| M] (VMware, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2012/05/22 14:26:10 \| 000,147,288 \| ---- \| M] (Oracle Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012/04/19 04:50:26 \| 000,028,480 \| ---- \| M] (AVG Technologies CZ, s.r.o. ) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012/04/15 15:35:48 \| 000,560,184 \| ---- \| M] (Duplex Secure Ltd.) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2012/03/19 05:17:26 \| 000,383,808 \| ---- \| M] (AVG Technologies CZ, s.r.o.) [Kernel \| System \| Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012/02/29 09:52:46 \| 000,016,384 \| ---- \| M] (Microsoft Corporation) [Recognizer \| System \| Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/22 05:25:32 \| 000,289,872 \| ---- \| M] (AVG Technologies CZ, s.r.o.) [Kernel \| System \| Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012/01/31 04:46:48 \| 000,036,944 \| ---- \| M] (AVG Technologies CZ, s.r.o.) [File_System \| Boot \| Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011/12/23 13:32:14 \| 000,047,696 \| ---- \| M] (AVG Technologies CZ, s.r.o.) [File_System \| System \| Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011/12/15 13:29:42 \| 000,031,232 \| ---- \| M] (The OpenVPN Project) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901) DRV:64bit: - [2011/10/31 05:50:12 \| 000,013,464 \| ---- \| M] (Paramount Software UK Ltd) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\PSVolAcc.sys -- (PSVolAcc) DRV:64bit: - [2011/10/31 05:49:46 \| 000,040,600 \| ---- \| M] (Macrium Software) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\psmounter.sys -- (PSMounter) DRV:64bit: - [2011/09/06 02:28:48 \| 000,059,512 \| ---- \| M] (SlySoft Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\maploml.sys -- (MaplomL) DRV:64bit: - [2011/09/06 02:28:32 \| 000,034,936 \| ---- \| M] (SlySoft Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\maplom.sys -- (Maplom) DRV:64bit: - [2011/09/02 02:30:24 \| 000,076,056 \| ---- \| M] (Logitech, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys -- (LEqdUsb) DRV:64bit: - [2011/09/02 02:30:24 \| 000,066,840 \| ---- \| M] (Logitech, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011/09/02 02:30:24 \| 000,015,128 \| ---- \| M] (Logitech, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys -- (LHidEqd) DRV:64bit: - [2011/07/17 00:25:35 \| 000,017,224 \| ---- \| M] () [Kernel \| On_Demand \| Unknown] -- C:\Windows\SysNative\Drivers\Dbgv.sys -- (Dbgv) DRV:64bit: - [2011/05/23 01:03:28 \| 000,048,992 \| ---- \| M] (AVG Technologies CZ, s.r.o.) [Kernel \| System \| Running] -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys -- (Avgfwfd) DRV:64bit: - [2011/03/04 15:44:12 \| 000,055,856 \| ---- \| M] (Sonic Solutions) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010/11/06 22:24:34 \| 000,024,176 \| ---- \| M] () [Kernel \| On_Demand \| Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter) DRV:64bit: - [2010/08/24 13:29:32 \| 000,057,936 \| ---- \| M] (Logitech, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010/08/24 13:28:24 \| 000,030,800 \| ---- \| M] (Logitech, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd) DRV:64bit: - [2010/08/10 19:56:48 \| 000,029,696 \| ---- \| M] (Leaf Networks) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\DRIVERS\leafnets.sys -- (leafnets) DRV:64bit: - [2010/07/01 13:11:24 \| 000,012,352 \| ---- \| M] () [Kernel \| "Start" not found. \| Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV:64bit: - [2010/06/25 13:07:26 \| 000,035,344 \| ---- \| M] (CACE Technologies, Inc.) [Kernel \| Auto \| Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009/09/30 20:51:42 \| 000,046,592 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009/08/05 15:18:32 \| 000,057,856 \| ---- \| M] (Atheros Communications, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E) DRV:64bit: - [2009/05/18 13:17:08 \| 000,034,152 \| ---- \| M] (GEAR Software Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/04/11 12:25:24 \| 000,252,416 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\nfsrdr.sys -- (NfsRdr) DRV:64bit: - [2009/04/11 12:25:24 \| 000,089,600 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\rpcxdr.sys -- (RpcXdr) DRV:64bit: - [2009/04/08 15:28:46 \| 000,068,992 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21) DRV:64bit: - [2009/02/24 19:35:44 \| 000,255,552 \| ---- \| M] (MagicISO, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus) DRV:64bit: - [2008/01/20 22:46:34 \| 000,903,168 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc) DRV:64bit: - [2008/01/20 22:46:34 \| 000,048,768 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc) DRV:64bit: - [2008/01/20 22:46:34 \| 000,017,536 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\DRIVERS\avcstrm.sys -- (AVCSTRM) DRV:64bit: - [2008/01/20 22:46:08 \| 000,056,448 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\DRIVERS\mstape.sys -- (MSTAPE) DRV:64bit: - [2008/01/20 22:46:06 \| 000,054,840 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2008/01/20 22:46:05 \| 000,058,496 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883) DRV:64bit: - [2008/01/20 22:46:01 \| 000,061,568 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV) DRV:64bit: - [2006/11/01 00:23:42 \| 000,015,680 \| ---- \| M] () [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) DRV - [2010/08/19 13:56:38 \| 000,032,816 \| ---- \| M] (VMware, Inc.) [Kernel \| Auto \| Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···M=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···M=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = »www.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 F6 F9 57 C5 6D CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {F6E0DF0B-58AB-4992-8A9C-B8209D80BBB5} IE - HKCU\..\SearchScopes\{F6E0DF0B-58AB-4992-8A9C-B8209D80BBB5}: "URL" = »www.google.com/search?q={searchT···coding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.72.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2012/07/02 00:57:18 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/25 09:04:42 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/23 12:39:20 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/23 12:39:20 \| 000,000,000 \| ---D \| M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/23 12:39:20 \| 000,000,000 \| ---D \| M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/23 12:39:20 \| 000,000,000 \| ---D \| M] [2010/11/21 16:29:24 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Glen\AppData\Roaming\Mozilla\Extensions [2012/07/30 20:58:53 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\scx7yf13.default\extensions [2012/07/08 15:10:21 \| 000,000,000 \| ---D \| M] (LastPass) -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\scx7yf13.default\extensions\support@lastpass.com [2012/01/17 17:53:18 \| 000,002,281 \| ---- \| M] () -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\scx7yf13.default\searchplugins\s-amazon.xml [2011/11/08 16:46:03 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/07/25 09:04:42 \| 000,000,000 \| ---D \| M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK [2012/07/02 00:57:18 \| 000,000,000 \| ---D \| M] (FiddlerHook) -- C:\PROGRAM FILES (X86)\FIDDLER2\FIDDLERHOOK [2012/06/17 13:38:54 \| 000,000,000 \| ---D \| M] (Free Download Manager plugin) -- C:\PROGRAM FILES (X86)\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION [2012/07/30 20:58:53 \| 000,195,889 \| ---- \| M] () (No name found) -- C:\USERS\GLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SCX7YF13.DEFAULT\EXTENSIONS\{37FA1426-B82D-11DB-8314-0800200C9A66}.XPI [2012/02/06 22:05:50 \| 000,007,240 \| ---- \| M] () (No name found) -- C:\USERS\GLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SCX7YF13.DEFAULT\EXTENSIONS\YOUTUBE-COMMENT-SNOB@EFINKE.COM.XPI [2010/11/22 22:32:48 \| 000,000,000 \| ---D \| M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012/06/17 13:40:56 \| 000,085,472 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/09/04 00:29:57 \| 000,611,224 \| ---- \| M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/06/06 23:56:28 \| 000,002,252 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/06 23:56:28 \| 000,002,040 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2011/01/27 16:00:57 \| 000,001,211 \| ---- \| M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - Startup: C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Glen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0 O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: LastPass - file://C:\Users\Glen\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\Glen\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: LastPass - file://C:\Users\Glen\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Glen\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} »support.asus.com/select/asusTek_···trl3.cab (asusTek_sysctrl Class) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} »download.microsoft.com/download/···trol.cab (Windows Genuine Advantage Validation Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33921D60-5DCA-45F8-B8B5-2D4636D4C750}: NameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\WINDOWS\PROCEXP.EXE (Sysinternals - www.sysinternals.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/10/16 06:51:33 \| 000,054,544 \| R--- \| M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2009/09/21 15:58:35 \| 000,000,049 \| R--- \| M] () - D:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{0c71f140-12b5-11e1-8067-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0c71f140-12b5-11e1-8067-806e6f6e6963}\Shell\AutoRun\command - "" = G:\RunGame.exe O33 - MountPoints2\{1058922b-12ab-11e0-b8cb-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1058922b-12ab-11e0-b8cb-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009/10/16 06:51:33 \| 000,054,544 \| R--- \| M] (Electronic Arts) O33 - MountPoints2\{1058922c-12ab-11e0-b8cb-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1058922c-12ab-11e0-b8cb-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CDSAMPLE\AUTORUN\AUTORUN.EXE O33 - MountPoints2\{127b5719-d987-11e0-8b53-005056c00001}\Shell - "" = AutoRun O33 - MountPoints2\{127b5719-d987-11e0-8b53-005056c00001}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{1633801e-f5a9-11df-90a1-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1633801e-f5a9-11df-90a1-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{25b3c640-9788-11e0-ba6c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{25b3c640-9788-11e0-ba6c-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe O33 - MountPoints2\{34d3504b-f5af-11df-b602-0019dbe74e00}\Shell - "" = AutoRun O33 - MountPoints2\{34d3504b-f5af-11df-b602-0019dbe74e00}\Shell\AutoRun\command - "" = E:\Setup\rsrc\Autorun.exe O33 - MountPoints2\{34d3504b-f5af-11df-b602-0019dbe74e00}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe O33 - MountPoints2\{bde3acca-1a82-11e0-916a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{bde3acca-1a82-11e0-916a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009/10/16 06:51:33 \| 000,054,544 \| R--- \| M] (Electronic Arts) O33 - MountPoints2\{e54f0e30-049c-11e0-b507-0019dbe74e00}\Shell - "" = AutoRun O33 - MountPoints2\{e54f0e30-049c-11e0-b507-0019dbe74e00}\Shell\AutoRun\command - "" = H:\Autorun.exe O33 - MountPoints2\{e54f0e30-049c-11e0-b507-0019dbe74e00}\Shell\dinstall\command - "" = Directx\dxsetup.exe O34 - HKLM BootExecute: (autocheck autochk ) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit:* - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/07/30 21:38:18 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\uTorrent [2012/07/30 21:37:43 \| 000,000,000 \| ---D \| C] -- C:\Users\Glen\AppData\Roaming\uTorrent [2012/07/30 20:23:08 \| 000,000,000 \| ---D \| C] -- C:\Users\Glen\Desktop\Malware [2012/07/30 18:14:49 \| 000,000,000 \| ---D \| C] -- C:\Users\Glen\AppData\Roaming\Malwarebytes [2012/07/30 18:14:43 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/30 18:14:43 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2012/07/30 18:14:42 \| 000,024,904 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/07/30 18:14:42 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/07/30 14:21:01 \| 000,000,000 \| ---D \| C] -- C:\Users\Glen\AppData\Roaming\JDeveloper [2012/07/30 09:52:55 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy [2012/07/30 09:52:53 \| 000,000,000 \| ---D \| C] -- C:\Program Files\TeraCopy [2012/07/30 09:52:32 \| 000,000,000 \| ---D \| C] -- C:\jdeveloper [2012/07/25 13:00:06 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\OpenVPN [2012/07/25 09:05:54 \| 000,000,000 \| ---D \| C] -- C:\Users\Glen\AppData\Roaming\AVG2012 [2012/07/25 09:05:33 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/07/25 09:05:28 \| 000,000,000 \| ---D \| C] -- C:\Windows\SysWow64\drivers\AVG [2012/07/25 09:04:35 \| 000,000,000 \| -H-D \| C] -- C:\$AVG [2012/07/25 09:04:34 \| 000,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\AVG [2012/07/25 09:04:33 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\AVG2012 [2012/07/25 09:03:29 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\AVG [2012/07/25 09:00:43 \| 000,000,000 \| -H-D \| C] -- C:\ProgramData\Common Files [2012/07/25 09:00:43 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\MFAData [2012/07/25 08:42:49 \| 000,000,000 \| ---D \| C] -- C:\Users\Public\Documents\Electronic Arts [2012/07/24 19:29:41 \| 000,000,000 \| ---D \| C] -- C:\Users\Glen\Documents\Expresso Projects [2012/07/24 19:29:19 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Ultrapico [2012/07/24 19:29:19 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Expresso [2012/07/24 09:30:11 \| 000,000,000 \| ---D \| C] -- C:\Users\Glen\AppData\Local\SMS [2012/07/24 09:28:14 \| 000,000,000 \| ---D \| C] -- C:\Users\Glen\Documents\CARS [2012/07/21 18:33:31 \| 000,000,000 \| ---D \| C] -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FAKEFACTORY CM11 [2012/07/17 18:36:12 \| 000,000,000 \| ---D \| C] -- C:\Users\Glen\winamp_visual [2012/07/16 09:03:20 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Xilisoft [2012/07/15 16:03:56 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\AviSynth 2.5 [2012/07/15 16:02:33 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft [2012/07/15 16:02:32 \| 000,216,064 \| RHS- \| C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll [2012/07/15 16:02:32 \| 000,163,328 \| RHS- \| C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll [2012/07/15 16:02:32 \| 000,092,672 \| RHS- \| C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax [2012/07/15 16:02:32 \| 000,090,112 \| RHS- \| C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax [2012/07/15 16:02:32 \| 000,090,112 \| RHS- \| C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax [2012/07/15 16:02:32 \| 000,067,584 \| RHS- \| C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax [2012/07/15 16:02:32 \| 000,031,232 \| RHS- \| C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll [2012/07/15 16:02:31 \| 000,186,880 \| RHS- \| C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax [2012/07/15 16:02:31 \| 000,161,792 \| RHS- \| C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax [2012/07/15 16:02:29 \| 000,179,200 \| RHS- \| C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax [2012/07/15 16:02:29 \| 000,123,904 \| RHS- \| C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax [2012/07/14 18:24:12 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Traffic Simulator Configuration Tool [2012/07/14 18:24:12 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Addon Mod [2012/07/14 16:04:58 \| 000,000,000 \| ---D \| C] -- C:\Users\Glen\.grasp_settings [2012/07/14 15:50:09 \| 000,955,800 \| ---- \| C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012/07/14 15:50:09 \| 000,268,680 \| ---- \| C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/07/14 15:49:45 \| 000,189,424 \| ---- \| C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/07/14 15:49:45 \| 000,188,912 \| ---- \| C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/07/14 15:47:10 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Java [2012/07/14 09:35:33 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis [2012/07/14 09:34:16 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Maxis [2012/07/11 09:27:37 \| 000,096,768 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/07/11 09:27:37 \| 000,073,216 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/07/11 09:27:35 \| 000,237,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/07/11 09:27:35 \| 000,231,936 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/07/11 09:27:34 \| 000,248,320 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/07/11 09:27:34 \| 000,176,640 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/07/11 09:27:34 \| 000,173,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/07/11 09:27:34 \| 000,142,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/07/11 09:27:33 \| 001,427,968 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/07/11 09:27:32 \| 002,311,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/07/11 09:27:32 \| 001,494,528 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/07/11 09:27:31 \| 000,818,688 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/07/11 09:27:31 \| 000,716,800 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/07/11 09:17:25 \| 000,254,464 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012/07/08 10:20:03 \| 014,690,376 \| ---- \| C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe [2012/07/08 10:19:44 \| 000,000,000 \| ---D \| C] -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass [2012/07/08 10:19:44 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass [2012/07/08 10:19:37 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\LastPass [2012/07/04 14:54:48 \| 000,000,000 \| ---D \| C] -- C:\Users\Glen\AppData\Roaming\vlc [2012/07/04 14:53:50 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012/07/03 23:50:36 \| 000,000,000 \| ---D \| C] -- C:\Users\Glen\AppData\Roaming\SpyStudio [2012/07/03 23:50:32 \| 000,000,000 \| ---D \| C] -- C:\Users\Glen\AppData\Local\Nektra [2012/07/03 12:49:40 \| 000,000,000 \| ---D \| C] -- C:\Users\Glen\AppData\Local\rohitab.com [2012/07/03 12:49:03 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rohitab.com [2012/07/03 12:48:47 \| 000,000,000 \| ---D \| C] -- C:\Program Files\rohitab.com [2012/07/02 00:57:33 \| 000,000,000 \| ---D \| C] -- C:\Users\Glen\Documents\Fiddler2 [2012/07/02 00:57:17 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Fiddler2 [2012/07/01 16:06:22 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\CE Remote Tools [6 C:\Users\Glen\AppData\Local\.tmp files -> C:\Users\Glen\AppData\Local\.tmp -> ] [1 C:\Windows\SysNative\drivers\.tmp files -> C:\Windows\SysNative\drivers\.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/07/30 21:52:23 \| 000,008,560 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/30 21:52:23 \| 000,008,560 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/30 21:38:18 \| 000,000,792 \| ---- \| M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012/07/30 21:26:24 \| 000,000,830 \| ---- \| M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/30 20:23:44 \| 000,000,592 \| ---- \| M] () -- C:\Users\Glen\Desktop\JDeveloper.lnk [2012/07/30 20:10:28 \| 000,017,558 \| ---- \| M] () -- C:\Users\Glen\AppData\Local\recently-used.xbel [2012/07/30 19:00:32 \| 102,599,076 \| ---- \| M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/07/30 18:14:43 \| 000,000,958 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/30 17:54:03 \| 000,426,184 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/07/30 17:54:03 \| 000,070,344 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/07/30 17:52:22 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2012/07/29 14:20:32 \| 004,941,696 \| ---- \| M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/29 14:08:20 \| 000,001,251 \| ---- \| M] () -- C:\CoreTemp.ini [2012/07/28 23:00:55 \| 000,241,152 \| ---- \| M] () -- C:\Users\Glen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/07/25 09:05:28 \| 000,000,000 \| ---- \| M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012/07/25 09:05:28 \| 000,000,000 \| ---- \| M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm [2012/07/25 09:05:28 \| 000,000,000 \| ---- \| M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012/07/25 08:59:39 \| 000,001,945 \| ---- \| M] () -- C:\Windows\epplauncher.mif [2012/07/25 08:58:50 \| 000,693,008 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/25 08:58:50 \| 000,138,660 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/24 12:29:48 \| 000,000,352 \| ---- \| M] () -- C:\Users\Glen\AppData\Roaming\Network Meter_Settings.ini [2012/07/20 19:44:59 \| 000,000,600 \| ---- \| M] () -- C:\Users\Glen\AppData\Local\PUTTY.RND [2012/07/20 11:23:36 \| 000,834,070 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/18 19:21:18 \| 000,001,961 \| ---- \| M] () -- C:\Users\Glen\Documents\ax_files.xml [2012/07/14 15:49:30 \| 000,189,424 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/07/14 15:49:29 \| 000,188,912 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/07/14 09:35:35 \| 000,002,006 \| ---- \| M] () -- C:\Users\Glen\Desktop\SimCity 4 Deluxe.lnk [2012/07/14 09:34:19 \| 000,000,741 \| ---- \| M] () -- C:\Windows\eReg.dat [2012/07/13 17:01:17 \| 000,000,780 \| ---- \| M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/07/12 13:35:38 \| 000,000,880 \| ---- \| M] () -- C:\Users\Public\Desktop\foobar2000.lnk [2012/07/08 15:10:27 \| 014,690,376 \| ---- \| M] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe [2012/07/08 00:43:20 \| 000,000,003 \| ---- \| M] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW [2012/07/04 14:53:50 \| 000,000,911 \| ---- \| M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012/07/04 12:42:57 \| 000,682,898 \| ---- \| M] () -- C:\Users\Glen\Documents\TrainzAPIScanning.xml [2012/07/03 13:46:44 \| 000,024,904 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/07/02 00:37:47 \| 000,104,864 \| ---- \| M] () -- C:\Users\Glen\Documents\AuranRequest.xml [2012/07/01 00:16:08 \| 000,000,918 \| ---- \| M] () -- C:\Users\Public\Desktop\Buzz.lnk [6 C:\Users\Glen\AppData\Local\.tmp files -> C:\Users\Glen\AppData\Local\.tmp -> ] [1 C:\Windows\SysNative\drivers\.tmp files -> C:\Windows\SysNative\drivers\.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/07/30 21:38:18 \| 000,000,792 \| ---- \| C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012/07/30 20:23:44 \| 000,000,592 \| ---- \| C] () -- C:\Users\Glen\Desktop\JDeveloper.lnk [2012/07/30 20:10:28 \| 000,017,558 \| ---- \| C] () -- C:\Users\Glen\AppData\Local\recently-used.xbel [2012/07/30 19:00:32 \| 102,599,076 \| ---- \| C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/07/30 18:14:43 \| 000,000,958 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/29 14:19:47 \| 004,941,696 \| ---- \| C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/25 09:05:28 \| 000,000,000 \| ---- \| C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012/07/25 09:05:28 \| 000,000,000 \| ---- \| C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm [2012/07/25 09:05:28 \| 000,000,000 \| ---- \| C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012/07/15 16:02:32 \| 000,121,344 \| RHS- \| C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax [2012/07/15 16:02:32 \| 000,107,520 \| RHS- \| C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012/07/15 16:02:31 \| 000,107,520 \| RHS- \| C] () -- C:\Windows\SysWow64\RLMPCDec.ax [2012/07/15 16:02:31 \| 000,070,656 \| RHS- \| C] () -- C:\Windows\SysWow64\RLAPEDec.ax [2012/07/15 16:02:31 \| 000,051,712 \| RHS- \| C] () -- C:\Windows\SysWow64\RLSpeexDec.ax [2012/07/15 16:02:30 \| 000,195,584 \| RHS- \| C] () -- C:\Windows\SysWow64\MatroskaDX.ax [2012/07/15 16:02:30 \| 000,120,832 \| RHS- \| C] () -- C:\Windows\SysWow64\MPCDx.ax [2012/07/15 16:02:30 \| 000,097,280 \| RHS- \| C] () -- C:\Windows\SysWow64\FLACDX.ax [2012/07/15 16:02:29 \| 000,227,328 \| RHS- \| C] () -- C:\Windows\SysWow64\ac3DX.ax [2012/07/15 16:02:29 \| 000,175,104 \| RHS- \| C] () -- C:\Windows\SysWow64\CoreAAC.ax [2012/07/15 16:02:29 \| 000,081,920 \| RHS- \| C] () -- C:\Windows\SysWow64\aac_parser.ax [2012/07/14 09:35:34 \| 000,002,006 \| ---- \| C] () -- C:\Users\Glen\Desktop\SimCity 4 Deluxe.lnk [2012/07/08 00:43:20 \| 000,000,003 \| ---- \| C] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW [2012/07/04 14:53:50 \| 000,000,911 \| ---- \| C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012/07/04 11:45:17 \| 000,682,898 \| ---- \| C] () -- C:\Users\Glen\Documents\TrainzAPIScanning.xml [2012/07/02 00:57:18 \| 000,001,737 \| ---- \| C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler2.lnk [2012/07/02 00:37:47 \| 000,104,864 \| ---- \| C] () -- C:\Users\Glen\Documents\AuranRequest.xml [2012/06/26 23:32:15 \| 000,197,621 \| ---- \| C] () -- C:\Users\Glen\AppData\Local\census.cache [2012/06/26 23:31:54 \| 000,163,126 \| ---- \| C] () -- C:\Users\Glen\AppData\Local\ars.cache [2012/06/26 23:18:16 \| 000,000,036 \| ---- \| C] () -- C:\Users\Glen\AppData\Local\housecall.guid.cache [2012/06/15 20:17:24 \| 000,042,432 \| ---- \| C] () -- C:\Windows\SysWow64\xfcodec.dll [2012/06/06 18:35:37 \| 000,000,741 \| ---- \| C] () -- C:\Windows\eReg.dat [2012/02/29 13:26:56 \| 000,416,064 \| ---- \| C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012/01/13 14:37:09 \| 000,056,320 \| ---- \| C] () -- C:\Windows\SysWow64\iyvu9_32.dll [2011/11/25 13:29:32 \| 000,000,410 \| ---- \| C] () -- C:\Users\Glen\AppData\Roaming\hexplorer.dat [2011/11/25 13:29:32 \| 000,000,004 \| ---- \| C] () -- C:\Users\Glen\AppData\Roaming\mclip.dat [2011/11/19 21:42:50 \| 000,024,576 \| ---- \| C] () -- C:\Windows\SysWow64\AsIO.dll [2011/11/19 21:42:50 \| 000,013,368 \| ---- \| C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011/10/27 17:27:01 \| 000,000,600 \| ---- \| C] () -- C:\Users\Glen\AppData\Local\PUTTY.RND [2011/09/28 17:44:14 \| 000,179,271 \| ---- \| C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/08/20 18:29:05 \| 000,039,894 \| ---- \| C] () -- C:\ProgramData\HKCU.reg [2011/07/29 04:08:25 \| 000,032,256 \| ---- \| C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011/07/28 23:02:04 \| 000,000,033 \| ---- \| C] () -- C:\Windows\Caligari.ini [2011/07/02 00:19:00 \| 000,000,352 \| ---- \| C] () -- C:\Users\Glen\AppData\Roaming\Network Meter_Settings.ini [2011/06/22 23:49:11 \| 000,281,656 \| ---- \| C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/06/22 23:49:10 \| 000,075,136 \| ---- \| C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011/06/12 11:28:21 \| 000,000,035 \| -HS- \| C] () -- C:\ProgramData\.zreglib [2011/06/03 18:33:06 \| 000,024,226 \| ---- \| C] () -- C:\Users\Glen\AppData\Roaming\UserTile.png [2011/05/26 15:47:07 \| 000,000,339 \| ---- \| C] () -- C:\Users\Glen\AppData\Roaming\Drives Meter_Settings.ini [2011/04/18 16:23:48 \| 000,000,011 \| ---- \| C] () -- C:\Users\Glen\Plugins.ini [2011/04/16 11:45:52 \| 000,000,056 \| -H-- \| C] () -- C:\ProgramData\ezsidmv.dat [2011/04/06 23:19:24 \| 000,001,356 \| ---- \| C] () -- C:\Users\Glen\AppData\Local\d3d9caps.dat [2011/01/07 14:53:20 \| 000,001,769 \| ---- \| C] () -- C:\Windows\Language_trs.ini [2010/12/12 15:42:33 \| 000,000,533 \| ---- \| C] () -- C:\Windows\Tcsofla.INI [2010/12/12 01:45:32 \| 000,000,172 \| ---- \| C] () -- C:\Users\Glen\AppData\Local\rahistory.xml [2010/12/10 22:36:10 \| 000,000,600 \| ---- \| C] () -- C:\Windows\Rtcw.INI [2010/12/10 18:02:08 \| 000,000,160 \| ---- \| C] () -- C:\Windows\wininit.ini [2010/12/03 18:33:34 \| 000,848,122 \| ---- \| C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/11/23 16:18:01 \| 000,241,152 \| ---- \| C] () -- C:\Users\Glen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/21 14:09:59 \| 000,000,363 \| ---- \| C] () -- C:\Users\Glen\AppData\Roaming\GPU Monitor_Settings.ini [2010/11/21 13:25:15 \| 000,000,552 \| ---- \| C] () -- C:\Users\Glen\AppData\Local\d3d8caps.dat [2010/11/21 13:04:34 \| 000,001,460 \| ---- \| C] () -- C:\Users\Glen\AppData\Local\d3d9caps64.dat [color=#E56717]========== LOP Check ==========[/color] [2012/06/17 13:44:54 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\.minecraft [2010/12/11 23:49:06 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\Armagetron [2012/07/25 21:04:00 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\Audacity [2011/05/03 18:08:08 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\Auslogics [2012/07/25 09:05:54 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\AVG2012 [2011/07/29 04:41:11 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\Blender Foundation [2011/08/11 01:00:05 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\Broad Intelligence [2012/04/21 17:06:43 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012/03/27 17:00:33 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\CheckPoint [2011/12/01 19:18:05 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/08/10 15:18:51 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\DAEMON Tools Lite [2012/07/30 21:21:58 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\Dropbox [2012/05/11 14:07:14 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\EurekaLog [2012/07/23 22:08:18 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\FileZilla [2012/07/30 20:56:09 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\foobar2000 [2012/07/30 22:00:30 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\Free Download Manager [2012/01/18 18:06:26 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\gtk-2.0 [2012/06/30 19:48:37 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\Hex-Rays [2011/05/10 01:05:34 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\ImgBurn [2012/07/30 14:21:01 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\JDeveloper [2011/04/18 16:16:46 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\Jeskola [2010/11/21 16:48:24 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\Leadertech [2011/05/31 21:11:17 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\MPEG Streamclip [2012/02/12 20:02:02 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\Mumble [2012/07/30 16:53:50 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\Notepad++ [2011/12/01 19:20:41 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\PACE Anti-Piracy [2011/06/03 18:33:05 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\PeerNetworking [2011/05/02 23:56:13 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\PilotEdit [2011/07/05 11:02:43 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\Polac [2012/06/24 15:36:47 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\Process Hacker 2 [2011/04/21 21:30:40 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\Publish Providers [2011/04/21 21:30:15 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\Sony [2012/07/03 23:50:36 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\SpyStudio [2011/12/01 19:29:42 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010/12/13 17:18:08 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\Subversion [2011/07/05 11:08:27 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\SumatraPDF [2012/06/07 18:05:08 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\TeamViewer [2012/07/29 14:00:48 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\TeraCopy [2012/07/24 09:37:18 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\TS3Client [2012/07/30 22:00:35 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\uTorrent [2012/02/25 18:54:20 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\Wireshark [2010/12/27 14:41:30 \| 000,000,000 \| ---D \| M] -- C:\Users\Glen\AppData\Roaming\X-Chat 2 [2012/07/30 17:50:13 \| 000,032,558 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 1283 bytes -> C:\Users\Glen\AppData\Local\OV83tPpmIzoIa:Kt4K1hRGbwtriOYAADw @Alternate Data Stream - 1262 bytes -> C:\Users\Glen\AppData\Local\Temp:ukeFErMOdkH9eij4t72WHGfdZ @Alternate Data Stream - 1136 bytes -> C:\Users\Glen\AppData\Local\Temp:hhVURVFe6k4oXYI55ylONxKrj8P -- ~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
	to forum · permalink · 2012-07-31 00:25:14 ·
lilhurricane So mote it be Premium,Mod join:2003-01-11 Purple Zone kudos:54 Reviews: ·Comcast Host: TV over IP Software RCN Inside Insight Cellphones, Provid..	EXTRAS OTL Extras logfile created on: 7/30/2012 9:58:32 PM - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Glen\Desktop\Malware 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 6.00 Gb Total Physical Memory \| 3.22 Gb Available Physical Memory \| 53.60% Memory free 12.21 Gb Paging File \| 9.10 Gb Available in Paging File \| 74.51% Paging File free Paging file location(s): f:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 232.88 Gb Total Space \| 12.07 Gb Free Space \| 5.18% Space Free \| Partition Type: NTFS Drive D: \| 5.37 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: UDF Drive F: \| 931.51 Gb Total Space \| 118.56 Gb Free Space \| 12.73% Space Free \| Partition Type: NTFS Computer Name: GLENVISTA \| User Name: Glen \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data] "VistaSp2" = 00 AF B5 BE C4 BA C9 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe::Enabled:XChat IRC Client "C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe::Enabled:XChat IRC Client [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08858A51-0D61-4BC4-9F56-7F47068AC017}" = lport=rpc \| protocol=6 \| dir=in \| svc=spooler \| app=%systemroot%\system32\spoolsv.exe \| "{0CD8B6EE-D677-4A67-84DE-012199608454}" = rport=5355 \| protocol=17 \| dir=out \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{1001F82D-B2A0-4510-BC30-85CA53B2BAB3}" = rport=139 \| protocol=6 \| dir=out \| app=system \| "{10F7C7A6-BFE6-4A93-886F-86E2929C6EE1}" = rport=2177 \| protocol=17 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{11009817-EE01-4592-A148-2BC1A61987D6}" = lport=6004 \| protocol=17 \| dir=in \| app=c:\program files (x86)\microsoft office\office12\outlook.exe \| "{14977FF0-8785-4062-A41C-517B1DB635F9}" = lport=5355 \| protocol=17 \| dir=in \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{1F4772FA-4378-45EB-9E21-9C1418AF23A3}" = lport=rpc-epmap \| protocol=6 \| dir=in \| svc=rpcss \| name=@firewallapi.dll,-28539 \| "{2A04CEE0-FDAE-48FD-B6B1-A98E8E0A513F}" = rport=3702 \| protocol=17 \| dir=out \| svc=fdphost \| app=%systemroot%\system32\svchost.exe \| "{3AECE7CF-E349-4840-9792-A9495DE1D3E6}" = rport=137 \| protocol=17 \| dir=out \| app=system \| "{47727EBE-9BA2-45E9-A967-BB67050B2B84}" = rport=1900 \| protocol=17 \| dir=out \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{4A470CF7-271A-4EEC-AAEC-F594D3F66884}" = lport=2869 \| protocol=6 \| dir=in \| app=system \| "{508EB982-C4EE-4990-BE20-1CD8D8A1858C}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{64DA1896-4ECA-4212-A814-3A1147476BF9}" = lport=56714 \| protocol=17 \| dir=in \| name=pando media booster \| "{66C7FFD1-3563-4887-ADB0-BC82FDDE18A6}" = lport=10243 \| protocol=6 \| dir=in \| app=system \| "{701F219D-DA49-45F6-8EEC-A2FAE2A73C37}" = rport=445 \| protocol=6 \| dir=out \| app=system \| "{81653568-CD32-484C-ADF9-F7A4EC7D2A6C}" = lport=445 \| protocol=6 \| dir=in \| app=system \| "{A5FA4545-3F5D-447C-ADAA-0EC4E88131EE}" = lport=139 \| protocol=6 \| dir=in \| app=system \| "{ABEB6F06-7DED-4D24-A781-E1051329B708}" = lport=3702 \| protocol=17 \| dir=in \| svc=fdphost \| app=%systemroot%\system32\svchost.exe \| "{ACE0EC78-E1FC-4AC4-9460-8FBAD14DEFC5}" = lport=3702 \| protocol=17 \| dir=in \| svc=fdrespub \| app=%systemroot%\system32\svchost.exe \| "{B08DFA23-1068-46C2-AA6F-E74A1B216BA7}" = lport=56714 \| protocol=6 \| dir=in \| name=pando media booster \| "{B2DB2E2B-A863-43FB-B495-AE171019DD63}" = lport=2177 \| protocol=17 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{B9D8E4F3-FB99-4C61-A071-39EC5BF02860}" = rport=2177 \| protocol=6 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{BBB80621-98DC-4DDC-8E2C-97ABA5D4B7E0}" = lport=2177 \| protocol=6 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{CEE6AD5D-B79D-4DD5-85D7-0F99FE3EABDE}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{D2718699-1800-4A2B-BDFE-CBE654DB4A22}" = rport=138 \| protocol=17 \| dir=out \| app=system \| "{D2DD25AB-D7D1-408A-A57E-E12C584F264F}" = lport=138 \| protocol=17 \| dir=in \| app=system \| "{D975BDAE-D560-4DC6-AF8E-5F070470652D}" = rport=10243 \| protocol=6 \| dir=out \| app=system \| "{DED8A9E2-76F7-4BBD-B05F-929A2AF56205}" = rport=3702 \| protocol=17 \| dir=out \| svc=fdrespub \| app=%systemroot%\system32\svchost.exe \| "{E141A808-0417-4DBC-9173-42390573C8B1}" = lport=137 \| protocol=17 \| dir=in \| app=system \| "{E80784A6-11A4-4C14-8003-08E184EF5C7C}" = rport=1900 \| protocol=17 \| dir=out \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{042C7FA1-9E3F-4C20-AB1F-010A691A69DC}" = protocol=6 \| dir=in \| app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe \| "{050AA9C4-AD74-4041-9B4B-29BB904536DC}" = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmplayer.exe \| "{0679236C-9B1B-4550-9359-F5FD62203A82}" = protocol=6 \| dir=in \| app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe \| "{0A8A986A-F8B9-4C01-9EC9-D1AB84441CF0}" = protocol=6 \| dir=in \| app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe \| "{10FFB1DC-2D0A-4895-9954-C3FACB445C03}" = protocol=17 \| dir=in \| app=c:\program files (x86)\steam\steamapps\tgp1994\synergy\hl2.exe \| "{113780D1-9D55-4BE2-BA01-B8A21496B641}" = protocol=17 \| dir=in \| app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe \| "{148AFF69-F6A2-4946-BFF2-26B9C700CDB5}" = protocol=17 \| dir=out \| app=%programfiles(x86)%\windows media player\wmplayer.exe \| "{1A82327B-A35F-4884-AB9B-98F4F822388E}" = protocol=17 \| dir=in \| app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe \| "{1DB8B814-755A-4078-AB6E-5702A3B72A74}" = dir=in \| app=c:\program files (x86)\skype\phone\skype.exe \| "{201C4B36-0A3F-4914-9BD6-C98383483C90}" = protocol=6 \| dir=in \| app=c:\program files (x86)\steam\steamapps\tgp1994\synergy\hl2.exe \| "{24606B19-F0E8-41C6-89E1-2168C660953C}" = protocol=6 \| dir=in \| app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe \| "{295468F8-2B9B-4EE6-9BE8-177414830CCE}" = protocol=6 \| dir=out \| app=%programfiles(x86)%\windows media player\wmplayer.exe \| "{2A047047-315A-4D46-A2BD-1BA855BEB484}" = protocol=17 \| dir=in \| app=c:\users\glen\appdata\roaming\dropbox\bin\dropbox.exe \| "{2C988AD1-2955-41BD-A4FF-B829B84B8B6D}" = dir=in \| app=c:\program files (x86)\microsoft xna\xna game studio\v3.1\bin\xnaliveproxy.exe \| "{2DF07F84-2CE2-414F-822A-7A0AF85A30F5}" = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmpnetwk.exe \| "{2F6AF5FE-F27C-499D-9BE4-EA06D36DD9FE}" = protocol=17 \| dir=in \| app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe \| "{3208D3CD-84B7-4CDB-B550-E49919614707}" = dir=in \| app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe \| "{342E5417-AEEC-473E-9825-2C72B2FFF47B}" = protocol=17 \| dir=in \| app=%programfiles(x86)%\windows media player\wmplayer.exe \| "{36F36CEB-0741-4DB4-9458-7F9B72DEDC48}" = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{39CE15F2-8BB4-4C3E-9BEE-465BA4AE88E8}" = protocol=6 \| dir=in \| app=c:\program files (x86)\teamviewer\version7\teamviewer.exe \| "{3B8D7DDB-F09C-4C93-B465-081B35DA81E2}" = protocol=17 \| dir=out \| app=%programfiles(x86)%\windows media player\wmplayer.exe \| "{3BE6390F-FB7A-4940-AC7A-C1C9B22107D0}" = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{3CA79757-9365-4375-8438-AA8D56BCB179}" = protocol=6 \| dir=out \| svc=upnphost \| app=%systemroot%\system32\svchost.exe \| "{40F05482-651F-4BD3-A127-030868D3B8B3}" = protocol=6 \| dir=in \| app=f:\games\mass effect\masseffectlauncher.exe \| "{440D3A58-831F-46C3-8FB8-97788B02D4D7}" = protocol=17 \| dir=in \| app=c:\programdata\nexonus\ngm\ngm.exe \| "{4765D531-B351-4FBD-BB57-F5AFD8AFE390}" = protocol=6 \| dir=in \| app=c:\windows\syswow64\pnkbstrb.exe \| "{47740CF5-8ECB-498C-938F-3A98BA6511F9}" = protocol=6 \| dir=in \| app=c:\program files (x86)\microsoft office\office12\onenote.exe \| "{486A1E16-238D-43B1-A3BD-B6B1EB42EB6F}" = protocol=6 \| dir=in \| app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe \| "{4A433ECB-15C1-40DC-9ED4-033CF7A8D78F}" = protocol=17 \| dir=in \| app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe \| "{4BE56C14-7548-4197-AFD7-A6CD15EBE4C8}" = protocol=17 \| dir=in \| app=c:\program files (x86)\utorrent\utorrent.exe \| "{5112EDB0-AF07-4E35-98DD-5FF4C7F1953D}" = dir=in \| app=c:\program files (x86)\itunes\itunes.exe \| "{56FC7BB4-F05C-4BAE-A54E-9C9809CC229B}" = protocol=1 \| dir=in \| name=@firewallapi.dll,-28543 \| "{5754F2E8-88A5-401F-A3E9-183E3C0ACCC0}" = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{5CF4D92C-6E3B-4B6F-915E-53036809B813}" = protocol=6 \| dir=in \| app=c:\program files (x86)\steam\steamapps\tgp1994\synergy\hl2.exe \| "{5D2E788B-7DC2-42F9-81DE-0E576CCB9770}" = protocol=58 \| dir=out \| name=@firewallapi.dll,-28546 \| "{5DC82865-3402-46F5-A324-0B2E38402A62}" = protocol=6 \| dir=in \| app=c:\program files (x86)\steam\steamapps\tgp1994\synergy dedicated server\srcds.exe \| "{6055DFB4-8D2E-4447-A91D-28FE27E570B9}" = protocol=6 \| dir=in \| app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe \| "{615830FF-8768-4E53-ABC3-93DBBDD5A780}" = protocol=17 \| dir=in \| app=c:\windows\syswow64\pnkbstrb.exe \| "{62EFCB94-7E1D-4117-8DDD-AB718C3D7B15}" = protocol=6 \| dir=in \| app=c:\program files (x86)\steam\steamapps\common\ava\reactor.exe \| "{666D5D2A-672D-481E-A115-E5D6415B0255}" = protocol=6 \| dir=in \| app=c:\programdata\nexonus\ngm\ngm.exe \| "{6886E52A-DCD7-4202-8934-499F676325DD}" = protocol=6 \| dir=in \| app=c:\program files (x86)\alcohol soft\alcohol 52\starwind\starwindserviceae.exe \| "{6983BDE4-FFC0-4F0C-BF05-493E2EAF3555}" = protocol=17 \| dir=in \| app=c:\program files (x86)\steam\steam.exe \| "{698A4F88-059B-4350-829A-B06A2E46DAE1}" = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmpnetwk.exe \| "{6D9540C1-4F26-4265-93DF-AE9B71D058D4}" = protocol=17 \| dir=in \| app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe \| "{6DD0A52D-2C93-4177-8918-909089DF9CBC}" = protocol=17 \| dir=in \| app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe \| "{72BB8399-2E72-4C6F-A53F-9BB78A2E9226}" = protocol=17 \| dir=in \| app=c:\program files (x86)\avg\avg2012\avgmfapx.exe \| "{76665847-D187-43AD-A2F2-854C5841DE54}" = protocol=17 \| dir=in \| app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe \| "{7770E0B4-71AA-4601-B017-EF350E14EC71}" = protocol=17 \| dir=in \| app=c:\program files (x86)\avg\avg2012\avgdiagex.exe \| "{77B753EA-D7B5-4D06-B7F9-3BF79BF64102}" = protocol=6 \| dir=in \| app=c:\program files (x86)\avg\avg2012\avgdiagex.exe \| "{7833A1DD-BCD1-44B3-9345-9ACDB769A3DD}" = protocol=17 \| dir=in \| app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe \| "{7C3E800D-EE98-4401-B904-EDCEB3D45B4D}" = protocol=17 \| dir=in \| app=c:\program files (x86)\steam\steamapps\common\railroad tycoon 2 platinum\rt2_plat.exe \| "{832BFC65-3618-4AC4-B184-ED5F1DB5251C}" = protocol=17 \| dir=in \| app=c:\program files (x86)\steam\steamapps\common\railroad tycoon 2 platinum\rt2_plat.exe \| "{836ACB29-19D8-44BB-9ABD-6CA80E64336A}" = protocol=6 \| dir=in \| app=c:\windows\syswow64\pnkbstra.exe \| "{83D2F26F-EE99-4AFA-AC6B-A72B4550BB2F}" = protocol=6 \| dir=in \| app=c:\program files (x86)\avg\avg2012\avgmfapx.exe \| "{851ABAD5-FB84-4C03-9C78-DB49AFF1FC68}" = protocol=6 \| dir=in \| app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe \| "{89F3568F-DB21-46F0-9CFA-1297C9E42345}" = protocol=1 \| dir=out \| name=@firewallapi.dll,-28544 \| "{8DFF23D4-A338-43E5-900A-9D3D0340B907}" = protocol=17 \| dir=in \| app=c:\program files (x86)\steam\steamapps\tgp1994\synergy\hl2.exe \| "{91CA113D-7DA0-4DE3-A933-E4E6A3A4ADD3}" = protocol=17 \| dir=in \| app=c:\program files (x86)\steam\steamapps\common\ava\reactor.exe \| "{93D8C644-7769-44AA-8A86-5A2E5A776A98}" = protocol=17 \| dir=in \| app=%programfiles(x86)%\windows media player\wmplayer.exe \| "{9754CB21-2966-434D-84E3-071D83620543}" = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{9A0845D7-6D54-4475-BCDA-EA0953DA5158}" = protocol=17 \| dir=in \| app=f:\games\mass effect\binaries\masseffect.exe \| "{9D7AE598-B2B4-4859-9075-4DE805204930}" = protocol=6 \| dir=in \| app=%programfiles%\windows media player\wmpnetwk.exe \| "{A1EFC9D7-A4C1-4C24-9C67-FA0EC61F34ED}" = protocol=6 \| dir=out \| app=system \| "{A3CA5181-87B1-4C4B-BC1F-9D56E34C86A9}" = protocol=6 \| dir=in \| app=c:\program files (x86)\steam\steam.exe \| "{A51ACEE9-8492-43CF-AA2D-F333ED44BE8B}" = protocol=6 \| dir=in \| app=c:\program files (x86)\utorrent\utorrent.exe \| "{A7581C61-A8B5-4977-B20F-0CFB8055F738}" = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmpnetwk.exe \| "{AB628168-CE43-46D2-9E5E-FA4C7EA78EF0}" = protocol=6 \| dir=in \| app=f:\games\mass effect\binaries\masseffect.exe \| "{AF925A33-E769-4D19-9868-2BEBA9D442EA}" = protocol=17 \| dir=in \| app=c:\windows\syswow64\pnkbstra.exe \| "{B062B884-C44C-4FC3-87C5-90683D0502A3}" = protocol=6 \| dir=in \| app=c:\program files (x86)\microsoft office\office12\onenote.exe \| "{B91F3432-015B-42C6-8AEE-CE5AB0FDC601}" = protocol=17 \| dir=in \| app=c:\program files (x86)\alcohol soft\alcohol 52\starwind\starwindserviceae.exe \| "{BC4EF5BE-1BBF-4F8B-961C-58E0E608FBC8}" = protocol=6 \| dir=in \| app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe \| "{C385371D-1C2C-4BAE-A8B4-36A7EA04DFB2}" = protocol=58 \| dir=in \| name=@firewallapi.dll,-28545 \| "{C65E0EA6-AEE6-4EF0-B510-38A978A42816}" = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmplayer.exe \| "{C8B4C320-7B90-4BB9-9F85-560D06BE596A}" = protocol=17 \| dir=in \| app=f:\games\mass effect\masseffectlauncher.exe \| "{C97C34B7-B4CC-4BFE-9C16-B839B70E3C8D}" = protocol=6 \| dir=in \| app=c:\program files (x86)\avg\avg2012\avgnsa.exe \| "{CB4BE3D7-8197-4C24-9D96-F82CE820B961}" = protocol=17 \| dir=in \| app=c:\program files (x86)\microsoft office\office12\onenote.exe \| "{D409D75E-CC17-43EA-8341-0E68A857D83E}" = protocol=17 \| dir=in \| app=c:\program files (x86)\teamviewer\version7\teamviewer.exe \| "{DA442A5F-6B06-4C4E-AEF4-3E4E49B38F69}" = protocol=6 \| dir=in \| app=c:\program files (x86)\steam\steamapps\common\railroad tycoon 2 platinum\rt2_plat.exe \| "{DE644B20-7581-4930-AA2D-642C78855215}" = protocol=6 \| dir=in \| app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe \| "{E0832FDC-8984-4FED-AE82-6434A5818AC1}" = protocol=17 \| dir=in \| app=c:\program files (x86)\steam\steamapps\tgp1994\synergy dedicated server\srcds.exe \| "{E2FFC9DF-7B75-4AAC-A3BA-E44F0FD3D427}" = protocol=6 \| dir=in \| app=c:\users\glen\appdata\roaming\dropbox\bin\dropbox.exe \| "{E3E7A331-DD43-4BCC-A570-C451CBC9715E}" = protocol=17 \| dir=in \| app=c:\program files (x86)\microsoft office\office12\onenote.exe \| "{E7ECEF4E-D7AD-44D5-92C3-1D4547A16E02}" = protocol=6 \| dir=in \| app=c:\program files (x86)\steam\steamapps\common\railroad tycoon 2 platinum\rt2_plat.exe \| "{E8BC7910-F9B9-449C-95C1-BFA162D563E7}" = protocol=6 \| dir=out \| svc=upnphost \| app=%systemroot%\system32\svchost.exe \| "{EF108387-4D59-4C21-AD7C-432B55334391}" = protocol=17 \| dir=in \| app=c:\program files (x86)\avg\avg2012\avgnsa.exe \| "{F647C440-BD17-49D5-9F82-6CF2957CBFDD}" = protocol=17 \| dir=in \| app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe \| "{FB96DB5E-EB67-494D-8246-223D30070033}" = protocol=17 \| dir=in \| app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe \| "{FE683409-8EC5-422E-A13A-B13B5F962349}" = protocol=6 \| dir=out \| app=%programfiles(x86)%\windows media player\wmplayer.exe \| "{FFC34CCD-E3DF-4B27-9DCF-B1C9494FCF44}" = protocol=6 \| dir=in \| app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe \| "TCP Query User{33C8251F-2405-4243-BBF6-8173DC631CDC}C:\program files (x86)\steam\steamapps\tgp1994\synergy dedicated server\srcds.exe" = protocol=6 \| dir=in \| app=c:\program files (x86)\steam\steamapps\tgp1994\synergy dedicated server\srcds.exe \| "TCP Query User{3781053F-09F0-4ECC-A268-29C28BA3138D}C:\users\glen\appdata\local\roblox\versions\version-3f2bb30af20140a4\robloxapp.exe" = protocol=6 \| dir=in \| app=c:\users\glen\appdata\local\roblox\versions\version-3f2bb30af20140a4\robloxapp.exe \| "TCP Query User{53041434-CDCF-4FEB-BEFF-A22B16AACFF5}F:\srcds\orangebox\srcds.exe" = protocol=6 \| dir=in \| app=f:\srcds\orangebox\srcds.exe \| "TCP Query User{7953616B-D85C-4BE0-9BE9-C6486EBCD36A}C:\program files\java\jdk1.7.0_05\bin\java.exe" = protocol=6 \| dir=in \| app=c:\program files\java\jdk1.7.0_05\bin\java.exe \| "TCP Query User{8044D759-3771-4FEE-886F-7028D708E7E4}C:\program files (x86)\steam\steamapps\tgp1994\source sdk base\hl2.exe" = protocol=6 \| dir=in \| app=c:\program files (x86)\steam\steamapps\tgp1994\source sdk base\hl2.exe \| "TCP Query User{BBB384A4-2A01-4E42-AAF2-FAC30121AE9C}C:\program files (x86)\saints row 2\sr2_pc.exe" = protocol=6 \| dir=in \| app=c:\program files (x86)\saints row 2\sr2_pc.exe \| "TCP Query User{C7603FF9-BF2F-4F7C-9622-478A83A27A50}C:\program files (x86)\free download manager\fdmwi.exe" = protocol=6 \| dir=in \| app=c:\program files (x86)\free download manager\fdmwi.exe \| "TCP Query User{D8DC3F9C-7F94-434D-90F1-A947C09C126D}C:\users\glen\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 \| dir=in \| app=c:\users\glen\appdata\roaming\dropbox\bin\dropbox.exe \| "TCP Query User{EEC21CCF-3499-490C-A934-C2FA8D448C6C}C:\program files (x86)\xfire\xfire.exe" = protocol=6 \| dir=in \| app=c:\program files (x86)\xfire\xfire.exe \| "TCP Query User{F3FEC530-CB83-4BA3-A60B-53BE52C10057}F:\srcds\orangebox\srcds.exe" = protocol=6 \| dir=in \| app=f:\srcds\orangebox\srcds.exe \| "TCP Query User{F5132281-26DE-41D9-9A34-90B6D37F8848}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 \| dir=in \| app=c:\program files (x86)\filezilla ftp client\filezilla.exe \| "UDP Query User{2D04E26C-76D7-4ABF-8C7F-077D3B37F856}C:\program files (x86)\free download manager\fdmwi.exe" = protocol=17 \| dir=in \| app=c:\program files (x86)\free download manager\fdmwi.exe \| "UDP Query User{2ED0C5BA-2FC3-4AE6-A0AC-C88CE9684E31}C:\users\glen\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 \| dir=in \| app=c:\users\glen\appdata\roaming\dropbox\bin\dropbox.exe \| "UDP Query User{32C5C182-32C4-4D2D-84F5-EC238399B8C8}C:\program files (x86)\steam\steamapps\tgp1994\source sdk base\hl2.exe" = protocol=17 \| dir=in \| app=c:\program files (x86)\steam\steamapps\tgp1994\source sdk base\hl2.exe \| "UDP Query User{605B58E3-7FC2-4C40-8D34-4BDD194DBB4A}F:\srcds\orangebox\srcds.exe" = protocol=17 \| dir=in \| app=f:\srcds\orangebox\srcds.exe \| "UDP Query User{785B152F-2593-4125-BD34-514DD5C9FBC1}C:\users\glen\appdata\local\roblox\versions\version-3f2bb30af20140a4\robloxapp.exe" = protocol=17 \| dir=in \| app=c:\users\glen\appdata\local\roblox\versions\version-3f2bb30af20140a4\robloxapp.exe \| "UDP Query User{7BA91BE7-433D-4EA4-BA30-18B317EAA0CC}C:\program files (x86)\xfire\xfire.exe" = protocol=17 \| dir=in \| app=c:\program files (x86)\xfire\xfire.exe \| "UDP Query User{9B378C51-FDDC-4FEE-8806-C1E0E3408565}F:\srcds\orangebox\srcds.exe" = protocol=17 \| dir=in \| app=f:\srcds\orangebox\srcds.exe \| "UDP Query User{D4A15237-24A6-49A1-B393-BAD2627CFE59}C:\program files (x86)\steam\steamapps\tgp1994\synergy dedicated server\srcds.exe" = protocol=17 \| dir=in \| app=c:\program files (x86)\steam\steamapps\tgp1994\synergy dedicated server\srcds.exe \| "UDP Query User{E48F8B49-8E32-4BC9-8744-47161B0C3211}C:\program files\java\jdk1.7.0_05\bin\java.exe" = protocol=17 \| dir=in \| app=c:\program files\java\jdk1.7.0_05\bin\java.exe \| "UDP Query User{EC50A242-811C-4A02-B0C9-37AFA43323E5}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 \| dir=in \| app=c:\program files (x86)\filezilla ftp client\filezilla.exe \| "UDP Query User{F6E24B18-FF1E-4556-A527-2611CF26DDF8}C:\program files (x86)\saints row 2\sr2_pc.exe" = protocol=17 \| dir=in \| app=c:\program files (x86)\saints row 2\sr2_pc.exe \| [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518) "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour "{1111706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 (64-bit) "{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{2222706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 SDK (64-bit) "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit) "{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools "{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1) "{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012 "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{45EF12B0-F531-4A2C-A1C0-6B1495698E30}" = TortoiseSVN 1.6.15.21042 (64 bit) "{4EE61784-10C6-4B7C-A0B2-5BED17B05741}" = Oracle VM VirtualBox 4.1.18 "{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools "{64A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5 (64-bit) "{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client "{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012 "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English "{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64) "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{EFA597E4-73D3-4142-90DB-BE28E5589F99}_is1" = Device Remover "{F344D1BA-3AF2-476C-9B44-C8E4D698ED58}" = API Monitor v2 (Alpha) "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FD66A549-5110-48C8-ACE6-3F52AB3BF100}" = Macrium Reflect - Free Edition "AVG" = AVG 2012 "Blender" = Blender "CCleaner" = CCleaner "Game Jackal v4_is1" = Game Jackal v4.1.1.7 (64 bit) "GIMP-2_is1" = GIMP 2.8.0 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger SP1 - ENU "MyDefrag v4.3.1_is1" = MyDefrag v4.3.1 "NVIDIA Drivers" = NVIDIA Drivers "SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1) "sp6" = Logitech SetPoint 6.32 "TeamSpeak 3 Client" = TeamSpeak 3 Client "TeraCopy_is1" = TeraCopy 2.27 "UltSounds" = Windows Sound Schemes "Unlocker" = Unlocker 1.9.1-x64 "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{007BECB0-17DD-4230-9D2F-185287262B14}" = Microsoft XNA Game Studio 3.1 (Platformer) "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}" = Adobe Premiere Pro CS5.5 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0DC16794-7E69-4534-82FA-9DD0500FF338}" = Microsoft XNA Game Studio 3.1 (Redists) "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU "{2515EAA9-AE9F-4F0A-8301-B40034838B8A}" = Livestream Procaster "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5 "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{2E402AA9-5C0E-45E7-8E70-C23FA0F265D5}" = Microsoft XNA Game Studio 3.1 (devenv) "{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe "{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0 "{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2 "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{5A4B3F22-A5DF-43D7-89A7-6121F5431F32}" = UV Realtime "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}" = The Sims™ Castaway Stories "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}" = Microsoft XNA Game Studio 3.1 Documentation "{82419258-BAA2-4214-824C-836FDFCE8FA8}" = AnkhSVN 2.1.10129.17 "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F311E2E-C275-4CF0-8154-B63991832668}_is1" = SUPER © v2012.build.52 (July 7, 2012) version v2012.build.52 "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007 "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007 "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation "{A4D77A09-10EA-4574-8C09-9B6E1A21C95F}" = VirusGuard "{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}" = Microsoft XNA Game Studio 3.1 (Shared Components) "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3 "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures "{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU "{BED4CEEC-863F-4AB3-BA23-541764E2D2CE}" = Microsoft XNA Game Studio Platform Tools "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets "{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story "{CF59774A-CE9D-454D-AF29-1556367E1AC7}" = Transcode "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}" = Microsoft XNA Game Studio 3.1 (XnaLiveProxy) "{E0990010-9FC0-47CB-0095-C4F40C9432A9}" = The Sims 2 University "{E1D78366-91DA-4AD0-B417-28155743CC22}" = Microsoft XNA Game Studio 3.1 (ARP entry) "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E3EB518B-A8D0-4C86-847C-A86AF0FC8D11}" = Expresso "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode) "AuranTS2009_is1" = Trainz Simulator 12 "Buzz_is1" = Buzz build 1466 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story "DVD Flick_is1" = DVD Flick 1.3.0.7 "EAX Unified" = EAX Unified "ENTERPRISE" = Microsoft Office Enterprise 2007 "FAKEFACTORY CM11V11.00" = FAKEFACTORY Cinematic Mod V11 "Fiddler2" = Fiddler2 "FileZilla Client" = FileZilla Client 3.5.3 "foobar2000" = foobar2000 v1.1.13 "Fraps" = Fraps (remove only) "Free Download Manager_is1" = Free Download Manager 3.9 "ImgBurn" = ImgBurn "LastPass" = LastPass (uninstall only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "Origin" = Origin "SimPE_is1" = SimPE 0.72 (alpha) "Sims2Pack Clean Installer" = Sims2Pack Clean Installer "Steam App 102700" = Alliance of Valiant Arms "Steam App 4010" = Garry's Mod 13 "Steam App 620" = Portal 2 "SumatraPDF" = SumatraPDF "TeamViewer 7" = TeamViewer 7 "Universal Extractor_is1" = Universal Extractor 1.6.1 "uTorrent" = µTorrent "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component "VLC media player" = VLC media player 2.0.2 "VMware_Workstation" = VMware Workstation "WinPcapInst" = WinPcap 4.1.2 "Wireshark" = Wireshark 1.6.5 "Xfire" = Xfire (remove only) "XNA Game Studio 3.1" = Microsoft XNA Game Studio 3.1 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Network Addon Mod" = Network Addon Mod Version 30 with Essentials r132 "WinDirStat" = WinDirStat 1.1.2 [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 7/26/2012 6:37:03 PM \| Computer Name = GlenVista \| Source = Perflib \| ID = 1010 Description = Error - 7/27/2012 9:17:44 AM \| Computer Name = GlenVista \| Source = Perflib \| ID = 1008 Description = Error - 7/27/2012 6:40:38 PM \| Computer Name = GlenVista \| Source = Perflib \| ID = 1010 Description = Error - 7/28/2012 7:07:49 PM \| Computer Name = GlenVista \| Source = Perflib \| ID = 1008 Description = Error - 7/28/2012 7:07:50 PM \| Computer Name = GlenVista \| Source = Perflib \| ID = 1010 Description = Error - 7/28/2012 7:07:52 PM \| Computer Name = GlenVista \| Source = Perflib \| ID = 1008 Description = Error - 7/29/2012 7:14:02 PM \| Computer Name = GlenVista \| Source = Perflib \| ID = 1010 Description = Error - 7/30/2012 9:09:24 AM \| Computer Name = GlenVista \| Source = Perflib \| ID = 1008 Description = Error - 7/30/2012 5:54:14 PM \| Computer Name = GlenVista \| Source = Perflib \| ID = 1008 Description = Error - 7/30/2012 7:14:49 PM \| Computer Name = GlenVista \| Source = Perflib \| ID = 1010 Description = Error - 7/30/2012 9:47:15 PM \| Computer Name = GlenVista \| Source = Windows Search Service \| ID = 3013 Description = The entry in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) [ OSession Events ] Error - 4/25/2011 7:11:25 PM \| Computer Name = GlenVista \| Source = Microsoft Office 12 Sessions \| ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 64 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/17/2011 12:29:05 AM \| Computer Name = GlenVista \| Source = Microsoft Office 12 Sessions \| ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 31 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/28/2011 11:52:03 AM \| Computer Name = GlenVista \| Source = Microsoft Office 12 Sessions \| ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 209 seconds with 0 seconds of active time. This session ended with a crash. Error - 8/5/2011 5:57:29 PM \| Computer Name = GlenVista \| Source = Microsoft Office 12 Sessions \| ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 137 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 7/30/2012 9:20:48 AM \| Computer Name = GlenVista \| Source = cdrom \| ID = 262155 Description = The driver detected a controller error on \Device\CdRom1. Error - 7/30/2012 9:20:54 AM \| Computer Name = GlenVista \| Source = cdrom \| ID = 262155 Description = The driver detected a controller error on \Device\CdRom1. Error - 7/30/2012 4:30:05 PM \| Computer Name = GlenVista \| Source = Service Control Manager \| ID = 7011 Description = Error - 7/30/2012 5:38:17 PM \| Computer Name = GlenVista \| Source = Service Control Manager \| ID = 7011 Description = Error - 7/30/2012 5:49:23 PM \| Computer Name = GlenVista \| Source = Service Control Manager \| ID = 7034 Description = Error - 7/30/2012 5:52:29 PM \| Computer Name = GlenVista \| Source = Service Control Manager \| ID = 7023 Description = Error - 7/30/2012 5:52:29 PM \| Computer Name = GlenVista \| Source = Service Control Manager \| ID = 7023 Description = Error - 7/30/2012 5:52:29 PM \| Computer Name = GlenVista \| Source = Service Control Manager \| ID = 7026 Description = Error - 7/30/2012 5:54:38 PM \| Computer Name = GlenVista \| Source = Service Control Manager \| ID = 7038 Description = Error - 7/30/2012 5:54:38 PM \| Computer Name = GlenVista \| Source = Service Control Manager \| ID = 7000 Description = -- ~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
	to forum · permalink · 2012-07-31 00:25:37 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26 Reviews: ·Comcast	reply to tgp1994 Re: Computer may be compromised First: Run OTL []Under the Custom Scans/Fixes* box at the bottom, copy and paste the contents of the following box: :OTL O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. :Services :Reg :Files :Commands [purity] [emptytemp] [EMPTYFLASH] [Resethosts] [Reboot] []Then click the Run Fix* button at the top []Let the program run unhindered, reboot the PC when it is done []Once you see a message box "Fix complete! Click OK to open the fix log." []Click the OK button []The log will open in Notepad (your default text editor). {]Save the log. Post a copy of that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Second: Download and run GMER. Post the log in this thread, even if nothing is found. You find link(s) and instructions here: »Security Cleanup FAQ »Rootkit Detection Applications -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-07-31 11:41:38 ·
tgp1994 join:2010-10-06 1 edit	Thanks LPP, here are the results: OTL custom: [tags removed] All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Glen ->Temp folder emptied: 121440 bytes ->Temporary Internet Files folder emptied: 6310090 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 194191932 bytes ->Flash cache emptied: 1427 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Sims ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 218487 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes RecycleBin emptied: 3195622217 bytes Total Files Cleaned = 3,239.00 mb [EMPTYFLASH] User: All Users User: AppData User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Glen ->Flash cache emptied: 0 bytes User: Guest User: Public User: Sims ->Flash cache emptied: 0 bytes User: UpdatusUser Total Flash Files Cleaned = 0.00 mb File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. HOSTS file reset successfully OTL by OldTimer - Version 3.2.55.0 log created on 07312012_124340 Files\Folders moved on Reboot... C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2224.log moved successfully. File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. PendingFileRenameOperations files... File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2224.log not found! [2012/07/31 12:44:38 \| 000,000,098 \| ---- \| M] () C:\Windows\System32\drivers\etc\Hosts : MD5=F9C056369E96130CEAD3623A430D925F Registry entries deleted on Reboot... [/code] OTL post reboot (looks like it's exactly the same thing): [code] All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Glen ->Temp folder emptied: 121440 bytes ->Temporary Internet Files folder emptied: 6310090 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 194191932 bytes ->Flash cache emptied: 1427 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Sims ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 218487 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes RecycleBin emptied: 3195622217 bytes Total Files Cleaned = 3,239.00 mb [EMPTYFLASH] User: All Users User: AppData User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Glen ->Flash cache emptied: 0 bytes User: Guest User: Public User: Sims ->Flash cache emptied: 0 bytes User: UpdatusUser Total Flash Files Cleaned = 0.00 mb File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. HOSTS file reset successfully OTL by OldTimer - Version 3.2.55.0 log created on 07312012_124340 Files\Folders moved on Reboot... C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2224.log moved successfully. File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. PendingFileRenameOperations files... File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2224.log not found! [2012/07/31 12:44:38 \| 000,000,098 \| ---- \| M] () C:\Windows\System32\drivers\etc\Hosts : MD5=F9C056369E96130CEAD3623A430D925F Registry entries deleted on Reboot... [/code] gmer.log: [code] GMER 1.0.15.15641 - »www.gmer.net Rootkit scan 2012-07-31 14:59:42 Windows 6.0.6002 Service Pack 2 Running: xyv00n0z.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x70 0x43 0x8B 0xED ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF6 0x5B 0xE7 0x96 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x70 0x43 0x8B 0xED ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF6 0x5B 0xE7 0x96 ... ---- EOF - GMER 1.0.15 ---- [/code] GMER results (copied from program, which, again, looks like it's exactly the same as the previous log): [code] GMER 1.0.15.15641 - »www.gmer.net Rootkit scan 2012-07-31 14:59:53 Windows 6.0.6002 Service Pack 2 Running: xyv00n0z.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x70 0x43 0x8B 0xED ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF6 0x5B 0xE7 0x96 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x70 0x43 0x8B 0xED ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF6 0x5B 0xE7 0x96 ... ---- EOF - GMER 1.0.15 ---- If I were to add my two cents on the output of OTL, it looks like it was just removing references to some mysterious toolbars for internet explorer, right? And on GMER, I'm pretty sure SPTD is used for cd drive emulation, although I could be wrong. I hope this is what you were looking for, LoPhatPhuud.
	to forum · permalink · 2012-07-31 15:10:23 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26 Reviews: ·Comcast	reply to tgp1994 The logs are all clean. No sign of anything so far. One more program to run. I expect it to be negative, but it will give me a report on the OS files. Download and run TDSS Killer, posting the log in this thread. Please post the log, even if nothing is detected. You'll find the link(s) and instruction(s) here: »Security Cleanup FAQ »Rootkit Detection Applications -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-07-31 15:22:09 ·
tgp1994 join:2010-10-06 3 edits	[code] tags removed ~lil Here it is LoPhatPhuud, 16:44:25.0106 2940TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 16:44:27.0040 2940============================================================ 16:44:27.0040 2940Current date / time: 2012/07/31 16:44:27.0040 16:44:27.0040 2940SystemInfo: 16:44:27.0040 2940 16:44:27.0040 2940OS Version: 6.0.6002 ServicePack: 2.0 16:44:27.0040 2940Product type: Workstation 16:44:27.0040 2940ComputerName: GLENVISTA 16:44:27.0040 2940UserName: Glen 16:44:27.0040 2940Windows directory: C:\Windows 16:44:27.0040 2940System windows directory: C:\Windows 16:44:27.0040 2940Running under WOW64 16:44:27.0040 2940Processor architecture: Intel x64 16:44:27.0040 2940Number of processors: 2 16:44:27.0040 2940Page size: 0x1000 16:44:27.0040 2940Boot type: Normal boot 16:44:27.0040 2940============================================================ 16:44:28.0350 2940Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:44:28.0350 2940Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:44:28.0366 2940============================================================ 16:44:28.0366 2940\Device\Harddisk1\DR1: 16:44:28.0366 2940MBR partitions: 16:44:28.0366 2940\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C5000 16:44:28.0366 2940\Device\Harddisk0\DR0: 16:44:28.0366 2940MBR partitions: 16:44:28.0366 2940\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982 16:44:28.0366 2940============================================================ 16:44:28.0413 2940C: \Device\Harddisk1\DR1\Partition0 16:44:28.0428 2940F: \Device\Harddisk0\DR0\Partition0 16:44:28.0428 2940============================================================ 16:44:28.0428 2940Initialize success 16:44:28.0428 2940============================================================ 16:44:32.0110 0312============================================================ 16:44:32.0110 0312Scan started 16:44:32.0110 0312Mode: Manual; 16:44:32.0110 0312============================================================ 16:44:33.0623 031261883 (78e902fb660bd5003fe726b9bef300b6) C:\Windows\system32\DRIVERS\61883.sys 16:44:33.0623 031261883 - ok 16:44:33.0686 0312ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys 16:44:33.0686 0312ACPI - ok 16:44:33.0842 0312AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 16:44:33.0842 0312AdobeFlashPlayerUpdateSvc - ok 16:44:33.0888 0312adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys 16:44:33.0904 0312adp94xx - ok 16:44:33.0935 0312adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys 16:44:33.0935 0312adpahci - ok 16:44:33.0951 0312adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys 16:44:33.0951 0312adpu160m - ok 16:44:33.0951 0312adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys 16:44:33.0966 0312adpu320 - ok 16:44:34.0013 0312AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll 16:44:34.0013 0312AeLookupSvc - ok 16:44:34.0060 0312AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys 16:44:34.0076 0312AFD - ok 16:44:34.0076 0312agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys 16:44:34.0076 0312agp440 - ok 16:44:34.0091 0312aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys 16:44:34.0091 0312aic78xx - ok 16:44:34.0122 0312ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe 16:44:34.0122 0312ALG - ok 16:44:34.0122 0312aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys 16:44:34.0122 0312aliide - ok 16:44:34.0138 0312amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys 16:44:34.0138 0312amdide - ok 16:44:34.0138 0312AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys 16:44:34.0154 0312AmdK8 - ok 16:44:34.0185 0312Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll 16:44:34.0185 0312Appinfo - ok 16:44:34.0200 0312AppMgmt (3da98c07b18a676180fe7eed924d1673) C:\Windows\System32\appmgmts.dll 16:44:34.0200 0312AppMgmt - ok 16:44:34.0216 0312arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys 16:44:34.0216 0312arc - ok 16:44:34.0232 0312arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys 16:44:34.0232 0312arcsas - ok 16:44:34.0325 0312AsIO (68726474c69b738eac3a62e06b33addc) C:\Windows\syswow64\drivers\AsIO.sys 16:44:34.0325 0312AsIO - ok 16:44:34.0450 0312aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 16:44:34.0450 0312aspnet_state - ok 16:44:34.0481 0312AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys 16:44:34.0481 0312AsyncMac - ok 16:44:34.0512 0312atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys 16:44:34.0512 0312atapi - ok 16:44:34.0559 0312AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll 16:44:34.0559 0312AudioEndpointBuilder - ok 16:44:34.0559 0312AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll 16:44:34.0575 0312AudioSrv - ok 16:44:34.0606 0312Avc (295fa2878ff499c0edfa0ebcc8c6ec66) C:\Windows\system32\DRIVERS\avc.sys 16:44:34.0606 0312Avc - ok 16:44:34.0622 0312AVCSTRM (044320c8073293e02d000671e1e7a592) C:\Windows\system32\DRIVERS\avcstrm.sys 16:44:34.0622 0312AVCSTRM - ok 16:44:34.0684 0312Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys 16:44:34.0684 0312Avgfwfd - ok 16:44:34.0949 0312avgfws (bd5d11cedbcde4fa97d2387e7069b1ff) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe 16:44:34.0965 0312avgfws - ok 16:44:35.0074 0312AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys 16:44:35.0074 0312AVGIDSHA - ok 16:44:35.0136 0312Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys 16:44:35.0136 0312Avgldx64 - ok 16:44:35.0168 0312Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys 16:44:35.0168 0312Avgmfx64 - ok 16:44:35.0214 0312Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys 16:44:35.0214 0312Avgrkx64 - ok 16:44:35.0246 0312Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys 16:44:35.0246 0312Avgtdia - ok 16:44:36.0010 0312avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe 16:44:36.0010 0312avgwd - ok 16:44:36.0104 0312AxAutoMntSrv (7692f4b242e45870873caf4cb85cf769) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe 16:44:36.0104 0312AxAutoMntSrv - ok 16:44:36.0150 0312BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll 16:44:36.0182 0312BFE - ok 16:44:36.0275 0312BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll 16:44:36.0275 0312BITS - ok 16:44:36.0338 0312blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys 16:44:36.0338 0312blbdrive - ok 16:44:36.0447 0312Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe 16:44:36.0447 0312Bonjour Service - ok 16:44:36.0525 0312bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys 16:44:36.0525 0312bowser - ok 16:44:36.0556 0312BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys 16:44:36.0556 0312BrFiltLo - ok 16:44:36.0556 0312BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys 16:44:36.0556 0312BrFiltUp - ok 16:44:36.0618 0312Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll 16:44:36.0618 0312Browser - ok 16:44:36.0634 0312Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys 16:44:36.0634 0312Brserid - ok 16:44:36.0665 0312BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys 16:44:36.0665 0312BrSerWdm - ok 16:44:36.0665 0312BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys 16:44:36.0665 0312BrUsbMdm - ok 16:44:36.0681 0312BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys 16:44:36.0681 0312BrUsbSer - ok 16:44:36.0681 0312BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys 16:44:36.0696 0312BTHMODEM - ok 16:44:36.0712 0312cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys 16:44:36.0728 0312cdfs - ok 16:44:36.0743 0312cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys 16:44:36.0743 0312cdrom - ok 16:44:36.0774 0312CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll 16:44:36.0774 0312CertPropSvc - ok 16:44:36.0806 0312circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys 16:44:36.0806 0312circlass - ok 16:44:36.0852 0312CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys 16:44:36.0852 0312CLFS - ok 16:44:36.0930 0312clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:44:36.0930 0312clr_optimization_v2.0.50727_32 - ok 16:44:36.0977 0312clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 16:44:36.0977 0312clr_optimization_v2.0.50727_64 - ok 16:44:37.0040 0312clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:44:37.0040 0312clr_optimization_v4.0.30319_32 - ok 16:44:37.0071 0312clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 16:44:37.0071 0312clr_optimization_v4.0.30319_64 - ok 16:44:37.0102 0312cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys 16:44:37.0118 0312cmdide - ok 16:44:37.0118 0312Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys 16:44:37.0118 0312Compbatt - ok 16:44:37.0118 0312COMSysApp - ok 16:44:37.0149 0312crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys 16:44:37.0149 0312crcdisk - ok 16:44:37.0430 0312CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll 16:44:37.0430 0312CryptSvc - ok 16:44:37.0492 0312CrystalSysInfo - ok 16:44:37.0866 0312CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys 16:44:37.0866 0312CSC - ok 16:44:38.0116 0312CscService (1b5f256d31836ed2ba60b3a6c800200c) C:\Windows\System32\cscsvc.dll 16:44:38.0147 0312CscService - ok 16:44:38.0194 0312Dbgv (1088034b39366dbbc793551b9b338062) C:\Windows\system32\Drivers\Dbgv.sys 16:44:38.0194 0312Dbgv - ok 16:44:38.0319 0312DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll 16:44:38.0334 0312DcomLaunch - ok 16:44:38.0397 0312DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys 16:44:38.0397 0312DfsC - ok 16:44:38.0444 0312Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll 16:44:38.0459 0312Dhcp - ok 16:44:38.0475 0312disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys 16:44:38.0475 0312disk - ok 16:44:38.0537 0312Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll 16:44:38.0537 0312Dnscache - ok 16:44:38.0802 0312dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll 16:44:38.0818 0312dot3svc - ok 16:44:38.0912 0312Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys 16:44:38.0912 0312Dot4 - ok 16:44:38.0943 0312Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys 16:44:38.0943 0312Dot4Print - ok 16:44:38.0958 0312dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys 16:44:38.0958 0312dot4usb - ok 16:44:38.0990 0312DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll 16:44:39.0005 0312DPS - ok 16:44:39.0021 0312drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys 16:44:39.0021 0312drmkaud - ok 16:44:39.0130 0312DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys 16:44:39.0130 0312DXGKrnl - ok 16:44:39.0208 0312E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys 16:44:39.0208 0312E1G60 - ok 16:44:39.0224 0312EagleX64 - ok 16:44:39.0255 0312EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll 16:44:39.0270 0312EapHost - ok 16:44:39.0286 0312Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys 16:44:39.0302 0312Ecache - ok 16:44:39.0458 0312ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe 16:44:39.0458 0312ehRecvr - ok 16:44:39.0473 0312ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe 16:44:39.0473 0312ehSched - ok 16:44:39.0504 0312ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll 16:44:39.0504 0312ehstart - ok 16:44:39.0567 0312elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys 16:44:39.0582 0312elxstor - ok 16:44:39.0676 0312EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll 16:44:39.0676 0312EMDMgmt - ok 16:44:39.0723 0312ErrDev (c2d322c84530db37d3e8e1c7e011bf16) C:\Windows\system32\drivers\errdev.sys 16:44:39.0723 0312ErrDev - ok 16:44:39.0785 0312EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll 16:44:39.0785 0312EventSystem - ok 16:44:39.0863 0312exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys 16:44:39.0863 0312exfat - ok 16:44:39.0894 0312fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys 16:44:39.0894 0312fastfat - ok 16:44:39.0941 0312fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys 16:44:39.0941 0312fdc - ok 16:44:39.0972 0312fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll 16:44:39.0972 0312fdPHost - ok 16:44:39.0972 0312FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll 16:44:39.0972 0312FDResPub - ok 16:44:40.0004 0312FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys 16:44:40.0004 0312FileInfo - ok 16:44:40.0019 0312Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys 16:44:40.0019 0312Filetrace - ok 16:44:40.0019 0312flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 16:44:40.0035 0312flpydisk - ok 16:44:40.0066 0312FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys 16:44:40.0082 0312FltMgr - ok 16:44:40.0440 0312FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll 16:44:40.0440 0312FontCache - ok 16:44:40.0955 0312FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 16:44:40.0955 0312FontCache3.0.0.0 - ok 16:44:41.0018 0312Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys 16:44:41.0033 0312Fs_Rec - ok 16:44:41.0111 0312fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys 16:44:41.0111 0312fvevol - ok 16:44:41.0127 0312Fwleaf - ok 16:44:41.0174 0312gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys 16:44:41.0174 0312gagp30kx - ok 16:44:41.0220 0312GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 16:44:41.0220 0312GEARAspiWDM - ok 16:44:42.0484 0312GJService (31b9b4005253b64f0684ba55d3ff1d81) C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe 16:44:42.0593 0312GJService - ok 16:44:42.0749 0312gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll 16:44:42.0749 0312gpsvc - ok 16:44:42.0796 0312hcmon (204128a9751105db8794bbe13813f3a0) C:\Windows\system32\drivers\hcmon.sys 16:44:42.0812 0312hcmon - ok 16:44:42.0843 0312HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys 16:44:42.0843 0312HdAudAddService - ok 16:44:42.0921 0312HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys 16:44:42.0952 0312HDAudBus - ok 16:44:42.0968 0312HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys 16:44:42.0968 0312HidBth - ok 16:44:42.0968 0312HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys 16:44:42.0968 0312HidIr - ok 16:44:43.0014 0312hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll 16:44:43.0014 0312hidserv - ok 16:44:43.0030 0312HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys 16:44:43.0030 0312HidUsb - ok 16:44:43.0077 0312hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll 16:44:43.0077 0312hkmsvc - ok 16:44:43.0092 0312HpCISSs (a27e8af2caac5e2693e6d4e2fce9b54f) C:\Windows\system32\drivers\hpcisss.sys 16:44:43.0108 0312HpCISSs - ok 16:44:43.0155 0312HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys 16:44:43.0170 0312HTTP - ok 16:44:43.0170 0312i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys 16:44:43.0170 0312i2omp - ok 16:44:43.0186 0312i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys 16:44:43.0202 0312i8042prt - ok 16:44:43.0233 0312iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys 16:44:43.0233 0312iaStorV - ok 16:44:43.0311 0312IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 16:44:43.0311 0312IDriverT - ok 16:44:43.0420 0312idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 16:44:43.0451 0312idsvc - ok 16:44:43.0467 0312iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys 16:44:43.0467 0312iirsp - ok 16:44:43.0514 0312IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll 16:44:43.0545 0312IKEEXT - ok 16:44:43.0670 0312IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys 16:44:43.0685 0312IntcAzAudAddService - ok 16:44:43.0794 0312intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys 16:44:43.0794 0312intelide - ok 16:44:43.0810 0312intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys 16:44:43.0810 0312intelppm - ok 16:44:43.0841 0312IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll 16:44:43.0841 0312IPBusEnum - ok 16:44:43.0872 0312IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:44:43.0872 0312IpFilterDriver - ok 16:44:43.0919 0312iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll 16:44:43.0919 0312iphlpsvc - ok 16:44:43.0950 0312IPMIDRV (e41dd7038db14ae9d35b47b10bdce58a) C:\Windows\system32\drivers\ipmidrv.sys 16:44:43.0950 0312IPMIDRV - ok 16:44:43.0966 0312IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys 16:44:43.0966 0312IPNAT - ok 16:44:44.0091 0312iPod Service (a3bda1a8a016b5e5a525bcf684894ebe) C:\Program Files\iPod\bin\iPodService.exe 16:44:44.0106 0312iPod Service - ok 16:44:44.0106 0312IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys 16:44:44.0122 0312IRENUM - ok 16:44:44.0122 0312isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys 16:44:44.0122 0312isapnp - ok 16:44:44.0169 0312iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys 16:44:44.0169 0312iScsiPrt - ok 16:44:44.0169 0312iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys 16:44:44.0169 0312iteatapi - ok 16:44:44.0184 0312iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys 16:44:44.0184 0312iteraid - ok 16:44:44.0184 0312kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys 16:44:44.0184 0312kbdclass - ok 16:44:44.0200 0312kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys 16:44:44.0200 0312kbdhid - ok 16:44:44.0231 0312KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 16:44:44.0231 0312KeyIso - ok 16:44:44.0278 0312KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys 16:44:44.0294 0312KSecDD - ok 16:44:44.0294 0312ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys 16:44:44.0294 0312ksthunk - ok 16:44:44.0356 0312KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll 16:44:44.0372 0312KtmRm - ok 16:44:44.0387 0312L1E (073508533e422ce8bcee234eb35ceebf) C:\Windows\system32\DRIVERS\L1E60x64.sys 16:44:44.0403 0312L1E - ok 16:44:44.0418 0312L8042Kbd (df6b07438c9709336b32481feb57dd21) C:\Windows\system32\DRIVERS\L8042Kbd.sys 16:44:44.0418 0312L8042Kbd - ok 16:44:44.0465 0312LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll 16:44:44.0465 0312LanmanServer - ok 16:44:44.0512 0312LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll 16:44:44.0512 0312LanmanWorkstation - ok 16:44:44.0668 0312LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 16:44:44.0684 0312LBTServ - ok 16:44:44.0715 0312leafnets (83ec58ed3aca5028919028667babf490) C:\Windows\system32\DRIVERS\leafnets.sys 16:44:44.0730 0312leafnets - ok 16:44:44.0762 0312LEqdUsb (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\Windows\system32\DRIVERS\LEqdUsb.Sys 16:44:44.0762 0312LEqdUsb - ok 16:44:44.0762 0312LHidEqd (3267bc698e29474a8381e68904eb0390) C:\Windows\system32\DRIVERS\LHidEqd.Sys 16:44:44.0762 0312LHidEqd - ok 16:44:44.0793 0312LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys 16:44:44.0793 0312LHidFilt - ok 16:44:44.0840 0312lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys 16:44:44.0840 0312lltdio - ok 16:44:44.0886 0312lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll 16:44:44.0886 0312lltdsvc - ok 16:44:44.0918 0312lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll 16:44:44.0918 0312lmhosts - ok 16:44:44.0949 0312LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys 16:44:44.0949 0312LMouFilt - ok 16:44:44.0964 0312LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys 16:44:44.0964 0312LSI_FC - ok 16:44:44.0980 0312LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys 16:44:44.0980 0312LSI_SAS - ok 16:44:45.0011 0312LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys 16:44:45.0011 0312LSI_SCSI - ok 16:44:45.0058 0312luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys 16:44:45.0058 0312luafv - ok 16:44:45.0089 0312Maplom (f2ae2c6b72f272ae696e22d6a9f1dafc) C:\Windows\system32\drivers\Maplom.sys 16:44:45.0089 0312Maplom - ok 16:44:45.0105 0312MaplomL (405460f392de8311c1fcc65da77ed4ab) C:\Windows\system32\drivers\MaplomL.sys 16:44:45.0120 0312MaplomL - ok 16:44:45.0152 0312mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys 16:44:45.0167 0312mcdbus - ok 16:44:45.0198 0312Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll 16:44:45.0198 0312Mcx2Svc - ok 16:44:45.0230 0312megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys 16:44:45.0230 0312megasas - ok 16:44:45.0276 0312MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys 16:44:45.0276 0312MegaSR - ok 16:44:45.0308 0312MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll 16:44:45.0323 0312MMCSS - ok 16:44:45.0323 0312Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys 16:44:45.0323 0312Modem - ok 16:44:45.0370 0312monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys 16:44:45.0370 0312monitor - ok 16:44:45.0370 0312mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys 16:44:45.0370 0312mouclass - ok 16:44:45.0386 0312mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys 16:44:45.0386 0312mouhid - ok 16:44:45.0417 0312MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys 16:44:45.0417 0312MountMgr - ok 16:44:45.0526 0312MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 16:44:45.0526 0312MozillaMaintenance - ok 16:44:45.0573 0312mpio (cbb01a298cb24d250017cea54884bba8) C:\Windows\system32\drivers\mpio.sys 16:44:45.0588 0312mpio - ok 16:44:45.0635 0312mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys 16:44:45.0635 0312mpsdrv - ok 16:44:45.0682 0312MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll 16:44:45.0698 0312MpsSvc - ok 16:44:45.0698 0312Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys 16:44:45.0698 0312Mraid35x - ok 16:44:45.0729 0312MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys 16:44:45.0744 0312MRxDAV - ok 16:44:45.0776 0312mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys 16:44:45.0776 0312mrxsmb - ok 16:44:45.0807 0312mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:44:45.0807 0312mrxsmb10 - ok 16:44:45.0822 0312mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:44:45.0822 0312mrxsmb20 - ok 16:44:45.0838 0312msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\DRIVERS\msahci.sys 16:44:45.0838 0312msahci - ok 16:44:45.0869 0312msdsm (0db324146494d45417905b7009858937) C:\Windows\system32\drivers\msdsm.sys 16:44:45.0869 0312msdsm - ok 16:44:45.0900 0312MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe 16:44:45.0900 0312MSDTC - ok 16:44:45.0947 0312MSDV (df674ba7da5a4753d839a905b66d2fd9) C:\Windows\system32\DRIVERS\msdv.sys 16:44:45.0947 0312MSDV - ok 16:44:45.0947 0312Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys 16:44:45.0947 0312Msfs - ok 16:44:45.0963 0312msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys 16:44:45.0978 0312msisadrv - ok 16:44:46.0010 0312MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll 16:44:46.0025 0312MSiSCSI - ok 16:44:46.0025 0312msiserver - ok 16:44:46.0056 0312MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys 16:44:46.0056 0312MSKSSRV - ok 16:44:46.0056 0312MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys 16:44:46.0056 0312MSPCLOCK - ok 16:44:46.0056 0312MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys 16:44:46.0056 0312MSPQM - ok 16:44:46.0103 0312MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys 16:44:46.0103 0312MsRPC - ok 16:44:46.0134 0312mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys 16:44:46.0134 0312mssmbios - ok 16:44:46.0228 0312MSSQL$SQLEXPRESS - ok 16:44:46.0259 0312MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe 16:44:46.0259 0312MSSQLServerADHelper - ok 16:44:46.0306 0312MSTAPE (7d1f9672aa6d98d896fe22314442c36f) C:\Windows\system32\DRIVERS\mstape.sys 16:44:46.0322 0312MSTAPE - ok 16:44:46.0353 0312MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys 16:44:46.0353 0312MSTEE - ok 16:44:47.0273 0312msvsmon90 (cb4a082af58d1a0969f931816d5cfb05) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe 16:44:47.0398 0312msvsmon90 - ok 16:44:47.0694 0312MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys 16:44:47.0694 0312MTsensor - ok 16:44:47.0757 0312Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys 16:44:47.0757 0312Mup - ok 16:44:47.0975 0312napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll 16:44:47.0991 0312napagent - ok 16:44:48.0053 0312NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys 16:44:48.0069 0312NativeWifiP - ok 16:44:48.0194 0312NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys 16:44:48.0194 0312NDIS - ok 16:44:48.0240 0312NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys 16:44:48.0256 0312NdisTapi - ok 16:44:48.0287 0312Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys 16:44:48.0287 0312Ndisuio - ok 16:44:48.0318 0312NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys 16:44:48.0318 0312NdisWan - ok 16:44:48.0334 0312NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys 16:44:48.0334 0312NDProxy - ok 16:44:48.0350 0312NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys 16:44:48.0350 0312NetBIOS - ok 16:44:48.0365 0312netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys 16:44:48.0381 0312netbt - ok 16:44:48.0428 0312Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 16:44:48.0428 0312Netlogon - ok 16:44:48.0599 0312Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll 16:44:48.0599 0312Netman - ok 16:44:49.0020 0312NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 16:44:49.0020 0312NetMsmqActivator - ok 16:44:49.0020 0312NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 16:44:49.0020 0312NetPipeActivator - ok 16:44:49.0067 0312netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll 16:44:49.0067 0312netprofm - ok 16:44:49.0067 0312NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 16:44:49.0067 0312NetTcpActivator - ok 16:44:49.0067 0312NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 16:44:49.0067 0312NetTcpPortSharing - ok 16:44:49.0161 0312nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys 16:44:49.0161 0312nfrd960 - ok 16:44:49.0192 0312NfsClnt (e29e99919fb2e6d81679a264313ac6ca) C:\Windows\system32\nfsclnt.exe 16:44:49.0192 0312NfsClnt - ok 16:44:49.0208 0312NfsRdr (710c0296c14d25018875ce9d30563963) C:\Windows\system32\drivers\nfsrdr.sys 16:44:49.0208 0312NfsRdr - ok 16:44:49.0270 0312NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll 16:44:49.0270 0312NlaSvc - ok 16:44:49.0317 0312NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys 16:44:49.0317 0312NPF - ok 16:44:49.0332 0312Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys 16:44:49.0332 0312Npfs - ok 16:44:49.0348 0312npggsvc - ok 16:44:49.0379 0312nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll 16:44:49.0379 0312nsi - ok 16:44:49.0473 0312nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys 16:44:49.0488 0312nsiproxy - ok 16:44:49.0644 0312Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys 16:44:49.0644 0312Ntfs - ok 16:44:50.0284 0312NtmsSvc (96e310ec2bb1fc55fa4d32839aa990a2) C:\Windows\system32\ntmssvc.dll 16:44:50.0284 0312NtmsSvc - ok 16:44:50.0424 0312Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys 16:44:50.0424 0312Null - ok 16:44:52.0000 0312nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys 16:44:52.0078 0312nvlddmkm - ok 16:44:52.0234 0312NVNET - ok 16:44:52.0281 0312nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys 16:44:52.0296 0312nvraid - ok 16:44:52.0296 0312nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys 16:44:52.0296 0312nvsmu - ok 16:44:52.0312 0312nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys 16:44:52.0312 0312nvstor - ok 16:44:52.0406 0312nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe 16:44:52.0406 0312nvsvc - ok 16:44:52.0624 0312nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 16:44:52.0686 0312nvUpdatusService - ok 16:44:52.0827 0312nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys 16:44:52.0842 0312nv_agp - ok 16:44:52.0920 0312odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 16:44:52.0936 0312odserv - ok 16:44:52.0983 0312ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys 16:44:52.0983 0312ohci1394 - ok 16:44:53.0092 0312ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:44:53.0108 0312ose - ok 16:44:53.0217 0312p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 16:44:53.0217 0312p2pimsvc - ok 16:44:53.0232 0312p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 16:44:53.0232 0312p2psvc - ok 16:44:53.0279 0312Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys 16:44:53.0279 0312Parport - ok 16:44:53.0310 0312partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys 16:44:53.0310 0312partmgr - ok 16:44:53.0326 0312PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll 16:44:53.0342 0312PcaSvc - ok 16:44:53.0342 0312pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys 16:44:53.0357 0312pci - ok 16:44:53.0388 0312pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys 16:44:53.0404 0312pciide - ok 16:44:53.0420 0312pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys 16:44:53.0435 0312pcmcia - ok 16:44:53.0482 0312PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys 16:44:53.0498 0312PEAUTH - ok 16:44:53.0576 0312PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe 16:44:53.0576 0312PerfHost - ok 16:44:53.0700 0312pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll 16:44:53.0747 0312pla - ok 16:44:53.0794 0312PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll 16:44:53.0794 0312PlugPlay - ok 16:44:53.0810 0312PnkBstrA - ok 16:44:53.0872 0312PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 16:44:53.0872 0312PNRPAutoReg - ok 16:44:53.0888 0312PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 16:44:53.0888 0312PNRPsvc - ok 16:44:53.0950 0312PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll 16:44:53.0966 0312PolicyAgent - ok 16:44:54.0059 0312PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys 16:44:54.0059 0312PptpMiniport - ok 16:44:54.0075 0312Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys 16:44:54.0075 0312Processor - ok 16:44:54.0137 0312ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll 16:44:54.0137 0312ProfSvc - ok 16:44:54.0168 0312ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 16:44:54.0168 0312ProtectedStorage - ok 16:44:54.0184 0312PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys 16:44:54.0184 0312PSched - ok 16:44:54.0231 0312PSMounter (7a25f37c8f3e7d3d86758cb4a44df1df) C:\Windows\system32\drivers\psmounter.sys 16:44:54.0231 0312PSMounter - ok 16:44:54.0246 0312PSVolAcc (69a5d755c182b1c39b4cbbffdfef9634) C:\Windows\system32\drivers\PSVolAcc.sys 16:44:54.0246 0312PSVolAcc - ok 16:44:54.0278 0312PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys 16:44:54.0278 0312PxHlpa64 - ok 16:44:54.0371 0312ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys 16:44:54.0418 0312ql2300 - ok 16:44:54.0434 0312ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys 16:44:54.0434 0312ql40xx - ok 16:44:54.0480 0312QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll 16:44:54.0496 0312QWAVE - ok 16:44:54.0512 0312QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys 16:44:54.0512 0312QWAVEdrv - ok 16:44:54.0527 0312RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys 16:44:54.0527 0312RasAcd - ok 16:44:54.0543 0312RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll 16:44:54.0543 0312RasAuto - ok 16:44:54.0558 0312Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys 16:44:54.0574 0312Rasl2tp - ok 16:44:54.0621 0312RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll 16:44:54.0636 0312RasMan - ok 16:44:54.0636 0312RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys 16:44:54.0636 0312RasPppoe - ok 16:44:54.0652 0312RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys 16:44:54.0652 0312RasSstp - ok 16:44:54.0683 0312rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys 16:44:54.0683 0312rdbss - ok 16:44:54.0699 0312RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys 16:44:54.0699 0312RDPCDD - ok 16:44:54.0730 0312rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys 16:44:54.0746 0312rdpdr - ok 16:44:54.0746 0312RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys 16:44:54.0746 0312RDPENCDD - ok 16:44:54.0808 0312RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys 16:44:54.0808 0312RDPWD - ok 16:44:54.0917 0312ReflectService (bc1184233839ad2f1c4c741cd95b1617) C:\Program Files\Macrium\Reflect\ReflectService.exe 16:44:54.0917 0312ReflectService - ok 16:44:54.0964 0312RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll 16:44:54.0964 0312RemoteAccess - ok 16:44:55.0026 0312RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll 16:44:55.0026 0312RemoteRegistry - ok 16:44:55.0198 0312rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe 16:44:55.0198 0312rpcapd - ok 16:44:55.0229 0312RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe 16:44:55.0229 0312RpcLocator - ok 16:44:55.0307 0312RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll 16:44:55.0307 0312RpcSs - ok 16:44:55.0385 0312RpcXdr (4808d87a10455cc5575034b3b33b1732) C:\Windows\system32\drivers\rpcxdr.sys 16:44:55.0385 0312RpcXdr - ok 16:44:55.0416 0312rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys 16:44:55.0432 0312rspndr - ok 16:44:55.0463 0312SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 16:44:55.0463 0312SamSs - ok 16:44:55.0494 0312sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys 16:44:55.0494 0312sbp2port - ok 16:44:55.0526 0312SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll 16:44:55.0541 0312SCardSvr - ok 16:44:55.0604 0312Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll 16:44:55.0619 0312Schedule - ok 16:44:55.0650 0312SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll 16:44:55.0650 0312SCPolicySvc - ok 16:44:55.0666 0312SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll 16:44:55.0666 0312SDRSVC - ok 16:44:55.0697 0312secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 16:44:55.0697 0312secdrv - ok 16:44:55.0713 0312seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll 16:44:55.0713 0312seclogon - ok 16:44:55.0744 0312SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll 16:44:55.0744 0312SENS - ok 16:44:55.0775 0312Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys 16:44:55.0775 0312Serenum - ok 16:44:55.0791 0312Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys 16:44:55.0791 0312Serial - ok 16:44:55.0806 0312sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys 16:44:55.0806 0312sermouse - ok 16:44:55.0853 0312SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll 16:44:55.0853 0312SessionEnv - ok 16:44:55.0853 0312sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\drivers\sffdisk.sys 16:44:55.0853 0312sffdisk - ok 16:44:55.0853 0312sffp_mmc (dbbd3fd8af718966af768a754e07e8c0) C:\Windows\system32\drivers\sffp_mmc.sys 16:44:55.0853 0312sffp_mmc - ok 16:44:55.0869 0312sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\drivers\sffp_sd.sys 16:44:55.0869 0312sffp_sd - ok 16:44:55.0869 0312sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys 16:44:55.0869 0312sfloppy - ok 16:44:55.0916 0312SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll 16:44:55.0916 0312SharedAccess - ok 16:44:55.0947 0312ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll 16:44:55.0947 0312ShellHWDetection - ok 16:44:55.0962 0312SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys 16:44:55.0962 0312SiSRaid2 - ok 16:44:55.0962 0312SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys 16:44:55.0962 0312SiSRaid4 - ok 16:44:56.0025 0312SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe 16:44:56.0025 0312SkypeUpdate - ok 16:44:56.0306 0312slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe 16:44:56.0321 0312slsvc - ok 16:44:56.0446 0312SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll 16:44:56.0446 0312SLUINotify - ok 16:44:56.0524 0312Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys 16:44:56.0524 0312Smb - ok 16:44:56.0555 0312SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe 16:44:56.0555 0312SNMPTRAP - ok 16:44:56.0571 0312spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys 16:44:56.0571 0312spldr - ok 16:44:56.0618 0312Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe 16:44:56.0618 0312Spooler - ok 16:44:56.0711 0312sptd (a15860e920b02c9a7ce8f3a6c2ff1e3a) C:\Windows\System32\Drivers\sptd.sys 16:44:56.0711 0312sptd - ok 16:44:56.0836 0312SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe 16:44:56.0836 0312SQLBrowser - ok 16:44:56.0930 0312SQLWriter (3c432a96363097870995e2a3c8b66abd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 16:44:56.0945 0312SQLWriter - ok 16:44:56.0992 0312srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys 16:44:56.0992 0312srv - ok 16:44:57.0023 0312srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys 16:44:57.0023 0312srv2 - ok 16:44:57.0054 0312srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys 16:44:57.0070 0312srvnet - ok 16:44:57.0148 0312SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll 16:44:57.0148 0312SSDPSRV - ok 16:44:57.0164 0312SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll 16:44:57.0164 0312SstpSvc - ok 16:44:57.0273 0312StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe 16:44:57.0288 0312StarWindServiceAE - ok 16:44:57.0320 0312Steam Client Service - ok 16:44:57.0398 0312Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 16:44:57.0398 0312Stereo Service - ok 16:44:57.0460 0312stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll 16:44:57.0460 0312stisvc - ok 16:44:57.0507 0312swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys 16:44:57.0507 0312swenum - ok 16:44:57.0616 0312SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 16:44:57.0632 0312SwitchBoard - ok 16:44:57.0678 0312swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll 16:44:57.0678 0312swprv - ok 16:44:57.0710 0312Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys 16:44:57.0710 0312Symc8xx - ok 16:44:57.0741 0312Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys 16:44:57.0741 0312Sym_hi - ok 16:44:57.0756 0312Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys 16:44:57.0756 0312Sym_u3 - ok 16:44:57.0819 0312SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll 16:44:57.0834 0312SysMain - ok 16:44:57.0866 0312TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll 16:44:57.0866 0312TabletInputService - ok 16:44:57.0928 0312tap0901 (f9be29d5e097f03f81d3cd12b794cb66) C:\Windows\system32\DRIVERS\tap0901.sys 16:44:57.0928 0312tap0901 - ok 16:44:57.0975 0312TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll 16:44:57.0990 0312TapiSrv - ok 16:44:58.0006 0312TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll 16:44:58.0006 0312TBS - ok 16:44:58.0100 0312Tcpip (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\drivers\tcpip.sys 16:44:58.0115 0312Tcpip - ok 16:44:58.0302 0312Tcpip6 (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\DRIVERS\tcpip.sys 16:44:58.0318 0312Tcpip6 - ok 16:44:58.0380 0312tcpipreg (fd8fde859e38e40a20085ebb0c22b416) C:\Windows\system32\drivers\tcpipreg.sys 16:44:58.0380 0312tcpipreg - ok 16:44:58.0412 0312TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys 16:44:58.0412 0312TDPIPE - ok 16:44:58.0427 0312TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys 16:44:58.0427 0312TDTCP - ok 16:44:58.0443 0312tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys 16:44:58.0458 0312tdx - ok 16:44:58.0692 0312TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 16:44:58.0786 0312TeamViewer7 - ok 16:44:58.0895 0312TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys 16:44:58.0895 0312TermDD - ok 16:44:58.0958 0312TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll 16:44:58.0989 0312TermService - ok 16:44:59.0036 0312Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll 16:44:59.0036 0312Themes - ok 16:44:59.0082 0312THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll 16:44:59.0082 0312THREADORDER - ok 16:44:59.0114 0312TPM (270308efb59976157755c768b8544b5f) C:\Windows\system32\drivers\tpm.sys 16:44:59.0129 0312TPM - ok 16:44:59.0145 0312TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll 16:44:59.0145 0312TrkWks - ok 16:44:59.0207 0312TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe 16:44:59.0207 0312TrustedInstaller - ok 16:44:59.0238 0312tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys 16:44:59.0238 0312tssecsrv - ok 16:44:59.0270 0312tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys 16:44:59.0270 0312tunmp - ok 16:44:59.0301 0312tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys 16:44:59.0301 0312tunnel - ok 16:44:59.0316 0312uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys 16:44:59.0316 0312uagp35 - ok 16:44:59.0348 0312udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys 16:44:59.0363 0312udfs - ok 16:44:59.0441 0312ufad-ws60 (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe 16:44:59.0457 0312ufad-ws60 - ok 16:44:59.0519 0312UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe 16:44:59.0519 0312UI0Detect - ok 16:44:59.0550 0312uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys 16:44:59.0550 0312uliagpkx - ok 16:44:59.0582 0312uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys 16:44:59.0597 0312uliahci - ok 16:44:59.0613 0312UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys 16:44:59.0613 0312UlSata - ok 16:44:59.0628 0312ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys 16:44:59.0628 0312ulsata2 - ok 16:44:59.0644 0312umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys 16:44:59.0660 0312umbus - ok 16:44:59.0675 0312UmRdpService (dc5e34f189b827199b9cc8481c648269) C:\Windows\System32\umrdp.dll 16:44:59.0691 0312UmRdpService - ok 16:44:59.0753 0312UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys 16:44:59.0769 0312UnlockerDriver5 - ok 16:44:59.0800 0312upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll 16:44:59.0800 0312upnphost - ok 16:44:59.0800 0312USBAAPL64 - ok 16:44:59.0831 0312usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys 16:44:59.0847 0312usbaudio - ok 16:44:59.0847 0312usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys 16:44:59.0862 0312usbccgp - ok 16:44:59.0894 0312usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys 16:44:59.0894 0312usbcir - ok 16:44:59.0925 0312usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys 16:44:59.0925 0312usbehci - ok 16:44:59.0940 0312usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys 16:44:59.0956 0312usbhub - ok 16:44:59.0987 0312usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys 16:44:59.0987 0312usbohci - ok 16:45:00.0018 0312usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys 16:45:00.0018 0312usbprint - ok 16:45:00.0050 0312USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:45:00.0050 0312USBSTOR - ok 16:45:00.0081 0312usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys 16:45:00.0081 0312usbuhci - ok 16:45:00.0128 0312UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll 16:45:00.0128 0312UxSms - ok 16:45:00.0221 0312VBoxDrv (ed492636ee26ec43daa4baa7ef0da7ad) C:\Windows\system32\DRIVERS\VBoxDrv.sys 16:45:00.0221 0312VBoxDrv - ok 16:45:00.0268 0312VBoxNetAdp (48630b4530c80aaf3dde9633e4291d8c) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys 16:45:00.0284 0312VBoxNetAdp - ok 16:45:00.0315 0312VBoxNetFlt (5160910ce602710d7e87f1b35487e7db) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys 16:45:00.0315 0312VBoxNetFlt - ok 16:45:00.0362 0312VBoxUSB (815e54e21908488bc545659a76d57d2f) C:\Windows\system32\Drivers\VBoxUSB.sys 16:45:00.0362 0312VBoxUSB - ok 16:45:00.0393 0312VBoxUSBMon (99906a079a6c24d4b8b0dbed02b7869b) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys 16:45:00.0393 0312VBoxUSBMon - ok 16:45:00.0471 0312vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe 16:45:00.0471 0312vds - ok 16:45:00.0502 0312vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys 16:45:00.0502 0312vga - ok 16:45:00.0518 0312VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys 16:45:00.0518 0312VgaSave - ok 16:45:00.0533 0312viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys 16:45:00.0533 0312viaide - ok 16:45:00.0627 0312VMAuthdService (a1952a4701a30cbb81aecf1daf45da83) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe 16:45:00.0627 0312VMAuthdService - ok 16:45:00.0658 0312vmci (dbe772987c8305df4f93dbecb9daba4f) C:\Windows\system32\drivers\vmci.sys 16:45:00.0658 0312vmci - ok 16:45:00.0689 0312vmkbd (8218c887f0e98fe77bddae248632c1b8) C:\Windows\system32\drivers\VMkbd.sys 16:45:00.0689 0312vmkbd - ok 16:45:00.0705 0312VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys 16:45:00.0705 0312VMnetAdapter - ok 16:45:00.0736 0312VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys 16:45:00.0736 0312VMnetBridge - ok 16:45:00.0736 0312VMnetDHCP - ok 16:45:00.0752 0312VMnetuserif (58d6362f4bcfaad926d4f5a997d49d19) C:\Windows\system32\drivers\vmnetuserif.sys 16:45:00.0752 0312VMnetuserif - ok 16:45:00.0830 0312VMUSBArbService (8e83621c5f05e4e9b09cf81da0e55620) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe 16:45:00.0830 0312VMUSBArbService - ok 16:45:00.0830 0312VMware NAT Service - ok 16:45:00.0861 0312vmx86 (1b8c80cc59a8e9567c4ec0e296a2b062) C:\Windows\system32\drivers\vmx86.sys 16:45:00.0861 0312vmx86 - ok 16:45:00.0923 0312volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys 16:45:00.0923 0312volmgr - ok 16:45:00.0939 0312volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys 16:45:00.0954 0312volmgrx - ok 16:45:00.0970 0312volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys 16:45:00.0970 0312volsnap - ok 16:45:00.0970 0312vsdatant7 - ok 16:45:01.0032 0312vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys 16:45:01.0032 0312vsmraid - ok 16:45:01.0173 0312VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe 16:45:01.0188 0312VSS - ok 16:45:01.0251 0312vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys 16:45:01.0251 0312vstor2-ws60 - ok 16:45:01.0438 0312W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll 16:45:01.0454 0312W32Time - ok 16:45:01.0485 0312WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys 16:45:01.0485 0312WacomPen - ok 16:45:01.0516 0312Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 16:45:01.0532 0312Wanarp - ok 16:45:01.0532 0312Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 16:45:01.0532 0312Wanarpv6 - ok 16:45:01.0610 0312wbengine (48eee289df9e4989128b2283f3eeacc6) C:\Windows\system32\wbengine.exe 16:45:01.0625 0312wbengine - ok 16:45:01.0656 0312wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll 16:45:01.0672 0312wcncsvc - ok 16:45:01.0688 0312WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll 16:45:01.0688 0312WcsPlugInService - ok 16:45:01.0750 0312Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys 16:45:01.0750 0312Wd - ok 16:45:01.0797 0312Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys 16:45:01.0797 0312Wdf01000 - ok 16:45:01.0828 0312WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll 16:45:01.0828 0312WdiServiceHost - ok 16:45:01.0828 0312WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll 16:45:01.0844 0312WdiSystemHost - ok 16:45:01.0875 0312WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll 16:45:01.0875 0312WebClient - ok 16:45:01.0906 0312Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll 16:45:01.0906 0312Wecsvc - ok 16:45:01.0953 0312wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll 16:45:01.0953 0312wercplsupport - ok 16:45:01.0968 0312WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll 16:45:01.0968 0312WerSvc - ok 16:45:02.0031 0312WinDefend - ok 16:45:02.0078 0312WinHttpAutoProxySvc - ok 16:45:02.0202 0312Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll 16:45:02.0218 0312Winmgmt - ok 16:45:02.0343 0312WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll 16:45:02.0358 0312WinRM - ok 16:45:02.0530 0312Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll 16:45:02.0546 0312Wlansvc - ok 16:45:02.0577 0312WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys 16:45:02.0577 0312WmiAcpi - ok 16:45:02.0639 0312wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe 16:45:02.0655 0312wmiApSrv - ok 16:45:02.0702 0312WMPNetworkSvc - ok 16:45:02.0748 0312WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll 16:45:02.0748 0312WPCSvc - ok 16:45:02.0795 0312WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll 16:45:02.0795 0312WPDBusEnum - ok 16:45:02.0842 0312WpdUsb (5
	to forum · permalink · 2012-07-31 16:52:49 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26 Reviews: ·Comcast	reply to tgp1994 All clean. Nothing more to do except cleanup. I expect there may have been a compromised website that got your financial information. There are no indicators in the logs of any malware remnants. Cleaning Up: Delete TFC: Delete the TFC icon on your Desktop Delete OTL: Double click the OTL icon on your Desktop Press the 'Cleanup' button Delete Security Check: Delete the SecurityCheck icon on your Desktop Delete Malware Bytes: We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it. Delete Sophos AntiRootkit If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs. Other Programs: If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-07-31 17:26:16 ·
tgp1994 join:2010-10-06	Hmm... Alright, I suppose that makes sense. Maybe they also lifted my address book too, explaining the strange email that was supposedly sent from me. Thank you for the help, LoPhatPhuud.
	to forum · permalink · 2012-07-31 17:38:24 ·

Broadband Tech > Security > Security Cleanup > Computer may be compromised

OTL

EXTRAS

Re: Computer may be compromised