Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unwanted Search Enhance


  • This topic is locked This topic is locked
18 replies to this topic

#1 shmish

shmish

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 04 July 2012 - 10:02 PM

Hello,

My PC has SearchEnhance showing up in my search boxes. I don't know how this appeared on my machine. I'm a bit wary of SearchEnhance, and think that Bleeping Computer might be the best first place to goto for getting rid of this. Other than seeing Search Enhance in my browswers, I'm not aware of any obvious problems with my PC.

I will attach the standard logs and reports (DDS and GMER), along with an OTL Report. I saw on another Search Enhance thread that the OTL Report was requested.

DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by sluggo at 15:09:45 on 2012-07-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.1230 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
c:\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Subsonic\subsonic-service.exe
C:\Subsonic\subsonic-service.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\sluggo\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Subsonic\subsonic-agent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ciel\cdcicon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\sluggo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\DllHost.exe
C:\xampp\xampp-control.exe
C:\xampp\mysql\bin\mysqld.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Users\sluggo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sluggo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sluggo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sluggo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sluggo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sluggo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sluggo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sluggo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sluggo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sluggo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sluggo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Users\sluggo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sluggo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sluggo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sluggo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\sluggo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\sluggo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.ca/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll
uRun: [Google Update] "c:\users\sluggo\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WLSync] "c:\program files\windows live\mesh\WLSync.exe" /background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [AdobeBridge]
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [SkyDrive] "c:\users\sluggo\appdata\local\microsoft\skydrive\SkyDrive.exe" /background
uRun: [chromium] c:\users\sluggo\appdata\local\google\chrome\application\chrome.exe --no-startup-window
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_3_300_257_Plugin.exe -update plugin
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\sluggo\appdata\roaming\micros~1\windows\startm~1\programs\startup\cartes~1.lnk - c:\program files\ciel\cdcicon.exe
StartupFolder: c:\users\sluggo\appdata\roaming\micros~1\windows\startm~1\programs\startup\codeme~1.lnk - c:\program files\codemeter\runtime\bin\CodeMeterCC.exe
StartupFolder: c:\users\sluggo\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\sluggo\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\sluggo\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\codeme~1.lnk - c:\program files\codemeter\runtime\bin\CodeMeterCC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\subsonic.lnk - c:\subsonic\subsonic-agent.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-552 reva\wirelesscm.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.100.1
TCP: Interfaces\{26A33E5E-7948-4816-91CF-D2F14FF72721} : DhcpNameServer = 192.168.100.1
TCP: Interfaces\{B74A15E9-18B1-4402-9A5B-96341AC5C6F8} : DhcpNameServer = 192.168.100.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\turbotax 2011\ic2011pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sluggo\appdata\roaming\mozilla\firefox\profiles\aw12le5i.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q=
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\sluggo\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\sluggo\appdata\roaming\mozilla\firefox\profiles\aw12le5i.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\np-mswmp.dll
FF - plugin: c:\users\sluggo\appdata\roaming\mozilla\firefox\profiles\aw12le5i.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2011-4-21 29272]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2012-2-29 20384]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-9-10 18432]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2011-7-6 2304912]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-8-9 163424]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2011-8-4 103112]
R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2010-10-19 3791872]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2011-8-3 645048]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2009-6-24 47104]
R3 Echo3G;Echo3G Service;c:\windows\system32\drivers\echo3g.sys [2010-1-8 209880]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-25 116648]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-20 60928]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-25 116648]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-6-10 1394688]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\d-link\dwa-552 reva\jswpsapi.exe [2012-2-29 954368]
S3 kx1avs;Traktor Kontrol X1 Midi;c:\windows\system32\drivers\kx1avs.sys [2010-10-20 342096]
S3 kx1usb_svc;Traktor Kontrol X1;c:\windows\system32\drivers\kx1usb.sys [2010-10-20 68176]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-9-1 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-9-1 12184]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-11-7 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-7 1343400]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-06-29 11:11:37 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{eaaedfa3-3c4d-4bb3-be72-ca05b3e84e29}\offreg.dll
2012-06-29 11:10:28 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{eaaedfa3-3c4d-4bb3-be72-ca05b3e84e29}\mpengine.dll
2012-06-28 01:52:36 -------- d-----w- c:\users\sluggo\appdata\local\{51659E33-064F-4022-B3BB-2894E232C660}
2012-06-28 01:52:15 -------- d-----w- c:\users\sluggo\appdata\local\{03E52918-D3D9-4822-A30B-28856E40350A}
2012-06-24 20:05:43 -------- d-----w- c:\programdata\GARMIN
2012-06-24 19:54:01 -------- d-----w- C:\Garmin
2012-06-24 19:53:40 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2012-06-24 19:53:40 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2012-06-24 19:53:40 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2012-06-24 19:53:40 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2012-06-24 19:53:40 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2012-06-24 19:53:39 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2012-06-24 19:53:38 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2012-06-24 19:53:37 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2012-06-24 13:12:03 -------- d--h--w- C:\SkyDriveTemp
2012-06-23 19:13:11 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-20 11:26:16 -------- d-----w- c:\users\sluggo\appdata\local\Macromedia
2012-06-20 01:15:03 -------- d-----w- c:\users\sluggo\appdata\local\{DED6759B-A1CA-48BC-8481-0CD127672320}
2012-06-20 01:12:02 -------- d-----w- c:\users\sluggo\appdata\local\{CF734E64-0450-48B8-91AF-02C2E7E0C44D}
2012-06-17 21:00:19 -------- d-----w- C:\xampp
2012-06-16 21:30:06 -------- d-----w- c:\program files\Box
2012-06-14 15:35:47 -------- d-----w- c:\users\sluggo\appdata\local\{3C99486F-BCFE-4863-8E22-E7F3190C7EA5}
2012-06-14 03:35:21 -------- d-----w- c:\users\sluggo\appdata\local\{6AD1F941-01D9-4883-9260-7FC11E7A55D8}
2012-06-13 15:34:55 -------- d-----w- c:\users\sluggo\appdata\local\{ABA6E112-655C-49F5-A7ED-CF48C7475BEF}
2012-06-13 15:34:44 -------- d-----w- c:\users\sluggo\appdata\local\{10FD3049-8596-457B-AB8D-B36743C40529}
2012-06-13 10:01:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-06-13 10:01:59 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2012-06-13 10:01:58 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-13 03:34:17 -------- d-----w- c:\users\sluggo\appdata\local\{B40F755B-C40A-47CA-88B8-B16E2ED5822F}
2012-06-13 01:15:57 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 01:15:53 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 01:15:51 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 01:15:50 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 01:15:50 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 01:15:49 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 01:15:45 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 01:15:31 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 01:15:30 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 01:15:30 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 15:33:51 -------- d-----w- c:\users\sluggo\appdata\local\{67D4E3E6-9EC1-4B01-B9D1-22C0B14914C6}
2012-06-12 15:33:39 -------- d-----w- c:\users\sluggo\appdata\local\{0B1D99FB-0099-4100-8C97-A9C9AE885BD2}
2012-06-12 03:33:12 -------- d-----w- c:\users\sluggo\appdata\local\{3A2187E0-6659-411A-A06A-413650CFBB15}
2012-06-11 15:32:43 -------- d-----w- c:\users\sluggo\appdata\local\{43C577A7-C4E6-4B00-89C4-C67DA86470DF}
2012-06-11 03:32:14 -------- d-----w- c:\users\sluggo\appdata\local\{536570A1-E5C1-4FAB-B2C6-F20B0B8F7C8B}
2012-06-10 15:31:47 -------- d-----w- c:\users\sluggo\appdata\local\{8717B16C-DA94-4C50-8D73-71C929EF8EDC}
2012-06-10 03:31:21 -------- d-----w- c:\users\sluggo\appdata\local\{2181F666-0631-4F7F-8EAE-5AEF61986DD7}
2012-06-09 15:30:55 -------- d-----w- c:\users\sluggo\appdata\local\{86BBEC78-CB3E-4E60-A861-F111C9F9650C}
2012-06-09 03:30:28 -------- d-----w- c:\users\sluggo\appdata\local\{E78C37D3-08D3-42A4-8075-0E76C10E4154}
2012-06-08 23:30:28 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-08 23:30:11 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-08 23:29:46 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-08 23:29:46 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-08 15:30:00 -------- d-----w- c:\users\sluggo\appdata\local\{EA743BF7-0BCE-4BB7-8043-0A7149867278}
2012-06-08 03:51:49 -------- d-----r- c:\users\sluggo\SkyDrive
2012-06-08 03:51:39 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-06-08 03:29:33 -------- d-----w- c:\users\sluggo\appdata\local\{4AF9C900-304A-42D3-8F57-8D3E1C635F2A}
2012-06-07 15:29:07 -------- d-----w- c:\users\sluggo\appdata\local\{2F9C9837-9D72-4EA8-AB2F-C6BE081E9BA9}
2012-06-07 03:28:40 -------- d-----w- c:\users\sluggo\appdata\local\{17410E7A-500C-4FFC-B61D-38C1D4E83B31}
2012-06-06 15:28:14 -------- d-----w- c:\users\sluggo\appdata\local\{8EB4AFFE-474A-449A-BC62-E77A33150D3F}
2012-06-06 15:28:02 -------- d-----w- c:\users\sluggo\appdata\local\{4C8C219D-7F34-45D9-9826-0F6E3FAA3F9A}
2012-06-06 05:28:06 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-06 05:28:06 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-06 03:27:35 -------- d-----w- c:\users\sluggo\appdata\local\{BC9DF134-8AB0-4515-9BB0-9E441D2B9D21}
2012-06-05 15:27:09 -------- d-----w- c:\users\sluggo\appdata\local\{6BC1619E-7D84-4BC5-BA2E-108230085A51}
2012-06-05 03:26:43 -------- d-----w- c:\users\sluggo\appdata\local\{ECB0C873-3215-4110-8225-C2040582E273}
2012-06-05 02:54:44 -------- d-----w- c:\users\sluggo\appdata\local\Microsoft_Corporation
2012-06-05 02:53:18 -------- d-----w- c:\users\sluggo\appdata\local\Deployment
2012-06-05 02:53:18 -------- d-----w- c:\users\sluggo\appdata\local\Apps
2012-06-04 15:26:17 -------- d-----w- c:\users\sluggo\appdata\local\{41E4DBB5-9EBA-49B0-8D99-1568C9D2A947}
2012-06-04 03:25:50 -------- d-----w- c:\users\sluggo\appdata\local\{A937C577-6BDF-41DD-9719-54B2EB827E01}
2012-06-03 22:38:18 -------- d-----w- c:\users\sluggo\appdata\roaming\.minecraft
2012-06-03 15:24:45 -------- d-----w- c:\users\sluggo\appdata\local\{FD241687-9912-4612-9D90-125FA76F767C}
2012-06-03 15:24:27 -------- d-----w- c:\users\sluggo\appdata\local\{1C69A1E8-DB52-4A8D-8884-FB1C9C3AF1BF}
2012-06-03 02:21:21 -------- d-----w- c:\users\sluggo\appdata\local\{400E86A6-3C43-47CA-929F-3FCB11B915E6}
2012-06-02 14:20:55 -------- d-----w- c:\users\sluggo\appdata\local\{3485FF08-DE77-4A10-AE67-29D299453EEA}
2012-06-02 02:20:30 -------- d-----w- c:\users\sluggo\appdata\local\{0BD446AB-BE89-4EA5-B70A-664709739338}
.
==================== Find3M ====================
.
2012-06-23 19:12:56 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-21 12:29:36 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-06-20 01:12:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-20 01:12:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 15:10:32.44 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 shmish

shmish
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 04 July 2012 - 10:04 PM

Here is OTL.txt.

OTL logfile created on: 7/1/2012 2:25:39 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\sluggo\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 47.81% Memory free
6.50 Gb Paging File | 3.82 Gb Available in Paging File | 58.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275.35 Gb Total Space | 103.72 Gb Free Space | 37.67% Space Free | Partition Type: NTFS
Drive D: | 4.02 Gb Total Space | 3.96 Gb Free Space | 98.53% Space Free | Partition Type: NTFS

Computer Name: SLUGGO-PC | User Name: sluggo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/01 14:24:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\sluggo\Desktop\OTL.exe
PRC - [2012/06/23 12:12:56 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2012/06/23 12:12:56 | 000,023,304 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe
PRC - [2012/06/07 20:51:43 | 000,296,672 | ---- | M] (Microsoft Corporation) -- C:\Users\sluggo\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2012/05/24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\sluggo\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/03/26 09:00:48 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2011/12/06 04:59:12 | 000,212,480 | ---- | M] () -- C:\Subsonic\subsonic-service.exe
PRC - [2011/12/06 04:59:08 | 000,206,336 | ---- | M] () -- C:\Subsonic\subsonic-agent.exe
PRC - [2011/10/07 02:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 12:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/09/22 13:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011/09/10 02:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2011/09/10 02:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe
PRC - [2011/09/09 10:46:10 | 008,158,720 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2011/09/08 09:34:40 | 003,495,424 | ---- | M] () -- C:\Program Files\Ciel\cdcicon.exe
PRC - [2011/08/05 12:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2011/08/03 13:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011/07/06 05:30:00 | 006,904,208 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
PRC - [2011/07/06 05:30:00 | 002,304,912 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2011/06/23 21:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/05/02 05:18:28 | 000,139,264 | ---- | M] () -- C:\xampp\xampp-control.exe
PRC - [2011/04/20 03:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 03:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/03/24 00:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/18 12:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/12/21 02:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/19 10:34:26 | 003,791,872 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2008/04/09 22:42:00 | 000,492,896 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2008/04/09 21:23:22 | 000,909,208 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008/04/09 21:14:28 | 000,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008/04/09 21:14:18 | 000,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/04/09 21:11:24 | 002,595,792 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/23 12:12:56 | 000,014,088 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2012/06/07 01:14:43 | 000,441,880 | ---- | M] () -- C:\Users\sluggo\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 01:14:42 | 003,922,456 | ---- | M] () -- C:\Users\sluggo\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 01:13:27 | 000,553,496 | ---- | M] () -- C:\Users\sluggo\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 01:13:26 | 000,117,784 | ---- | M] () -- C:\Users\sluggo\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 01:13:16 | 000,134,696 | ---- | M] () -- C:\Users\sluggo\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 01:13:15 | 000,250,408 | ---- | M] () -- C:\Users\sluggo\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 01:13:14 | 002,375,720 | ---- | M] () -- C:\Users\sluggo\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/06/07 00:23:19 | 009,252,040 | ---- | M] () -- C:\Users\sluggo\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2011/12/06 04:59:12 | 000,212,480 | ---- | M] () -- C:\Subsonic\subsonic-service.exe
MOD - [2011/12/06 04:59:08 | 000,206,336 | ---- | M] () -- C:\Subsonic\subsonic-agent.exe
MOD - [2011/10/07 02:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/09 10:46:10 | 008,158,720 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
MOD - [2011/09/08 09:34:40 | 003,495,424 | ---- | M] () -- C:\Program Files\Ciel\cdcicon.exe
MOD - [2011/09/08 09:34:40 | 000,179,918 | ---- | M] () -- C:\Program Files\Ciel\libplan404.dll
MOD - [2011/07/18 14:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
MOD - [2011/05/02 05:18:28 | 000,139,264 | ---- | M] () -- C:\xampp\xampp-control.exe
MOD - [2010/09/27 15:26:52 | 000,609,280 | ---- | M] () -- C:\Program Files\Ciel\sqlite3.dll
MOD - [2008/04/09 19:46:56 | 001,328,408 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\fox.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/16 14:17:51 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/06 04:59:12 | 000,212,480 | ---- | M] () [Auto | Running] -- C:\Subsonic\subsonic-service.exe -- (Subsonic)
SRV - [2011/11/07 07:41:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/11/06 23:44:37 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/27 12:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011/09/10 02:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/08/03 13:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011/07/06 05:30:00 | 002,304,912 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2011/04/20 03:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/10/19 10:34:26 | 003,791,872 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/09/26 20:02:28 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\D-Link\DWA-552 revA\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/09 22:42:00 | 000,492,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008/04/09 21:14:18 | 000,431,384 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/12/20 19:01:02 | 000,060,928 | ---- | M] () [Auto | Stopped] -- c:\xampp\service.exe -- (XAMPP)


========== Driver Services (SafeList) ==========

DRV - [2011/11/06 18:19:38 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011/11/06 18:19:38 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011/11/06 18:19:33 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011/11/06 18:19:30 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2011/09/01 23:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/01 23:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/01 23:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/09/01 23:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011/08/09 15:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011/08/04 10:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2011/08/04 10:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/08/03 13:27:28 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011/04/21 02:09:50 | 000,029,272 | ---- | M] (Grass Valley K.K.) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrblock.sys -- (cdrblock)
DRV - [2011/04/20 03:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/04/20 03:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 02:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/10/20 04:19:55 | 000,342,096 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\kx1avs.sys -- (kx1avs)
DRV - [2010/10/20 04:19:55 | 000,068,176 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\kx1usb.sys -- (kx1usb_svc)
DRV - [2010/04/21 12:11:12 | 001,268,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/01/08 15:15:38 | 000,209,880 | ---- | M] (Echo Digital Audio Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\echo3g.sys -- (Echo3G)
DRV - [2009/07/13 17:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 15:54:14 | 001,394,688 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2009/07/13 15:02:46 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2008/05/15 04:28:44 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2004/08/13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 71 F8 0F 2D E9 9C CC 01 [binary data]
IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\..\SearchScopes,DefaultScope = {63A2E55C-6134-4788-BB5B-A7BC39DF187A}
IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\..\SearchScopes\{63A2E55C-6134-4788-BB5B-A7BC39DF187A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searc}
IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\..\SearchScopes\{DE7F01D9-F0ED-4A0C-AEC7-5652905CC9DC}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\sluggo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\sluggo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 14:17:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/19 10:58:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/11/06 22:57:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 14:17:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/11/06 18:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Extensions
[2012/06/21 05:26:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions
[2012/06/01 21:24:19 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/11/10 02:09:50 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2012/05/30 06:55:26 | 000,000,000 | ---D | M] ("Google+Tweet") -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com
[2011/11/08 00:09:04 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\DeviceDetection@logitech.com
[2012/01/01 15:43:57 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\foxmarks@kei.com
[2012/06/21 05:26:52 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\support@lastpass.com
[2012/02/22 19:48:59 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\zotero@chnm.gmu.edu
[2012/05/11 17:07:01 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\zoteroWinWordIntegration@zotero.org
[2012/06/23 12:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/23 12:13:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/04/01 09:00:06 | 000,010,707 | ---- | M] () (No name found) -- C:\USERS\SLUGGO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AW12LE5I.DEFAULT\EXTENSIONS\{563E4790-7E70-11DA-A72B-0800200C9A66}.XPI
[2012/06/09 09:29:11 | 000,028,993 | ---- | M] () (No name found) -- C:\USERS\SLUGGO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AW12LE5I.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
[2012/01/31 20:32:06 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\SLUGGO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AW12LE5I.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2011/12/25 12:09:13 | 000,034,709 | ---- | M] () (No name found) -- C:\USERS\SLUGGO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AW12LE5I.DEFAULT\EXTENSIONS\CHECKIT@LOVINGLINUX.MEGABYET.NET.XPI
[2012/05/17 16:52:27 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\SLUGGO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AW12LE5I.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011/12/25 11:55:16 | 000,089,481 | ---- | M] () (No name found) -- C:\USERS\SLUGGO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AW12LE5I.DEFAULT\EXTENSIONS\MD5REHASHER@PHONEIXS.ES.XPI
[2011/11/17 05:26:58 | 000,037,338 | ---- | M] () (No name found) -- C:\USERS\SLUGGO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AW12LE5I.DEFAULT\EXTENSIONS\SHORTENURL@LOUCYPHER.XPI
[2011/12/04 20:42:49 | 000,061,854 | ---- | M] () (No name found) -- C:\USERS\SLUGGO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AW12LE5I.DEFAULT\EXTENSIONS\YTVDW@PGPORT.COM.XPI
[2012/06/16 14:17:52 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/12 19:57:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/12 19:57:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\sluggo\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\sluggo\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\sluggo\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.7_0\nplastpass.dll
CHR - plugin: Chrome IE Tab (Enabled) = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.5.14.1_0\plugin/blackfishietab.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Xmarks Bookmark Sync = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak
CHR - Extension: Google Drive = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6_0\
CHR - Extension: YouTube = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Delicious Tools = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclkcflnjahgejhappicbhcpllkpakej\1.5.2_0\
CHR - Extension: Google+Tweet = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpkkapjfdcpbcikllbmjlkhjhppollom\1.17.137_0\
CHR - Extension: TweetDeck = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\1.4_0\
CHR - Extension: LastPass = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.1_1\
CHR - Extension: IE Tab = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.6.14.1_0\
CHR - Extension: bitly | \u2665 your bitmarks = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\2.0.15_0\
CHR - Extension: Evernote Web Clipper = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5.1_0\
CHR - Extension: Gmail = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/14 09:37:12 | 000,001,709 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 static.ak.fbcdn.net
O1 - Hosts: 127.0.0.1 www.static.ak.fbcdn.net
O1 - Hosts: 127.0.0.1 login.facebook.com
O1 - Hosts: 127.0.0.1 www.login.facebook.com
O1 - Hosts: 127.0.0.1 fbcdn.net
O1 - Hosts: 127.0.0.1 www.fbcdn.net
O1 - Hosts: 127.0.0.1 fbcdn.com
O1 - Hosts: 127.0.0.1 www.fbcdn.com
O1 - Hosts: 127.0.0.1 static.ak.connect.facebook.com
O1 - Hosts: 127.0.0.1 www.static.ak.connect.facebook.com
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O3 - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4213201847-2594826557-910303953-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-4213201847-2594826557-910303953-1001..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-4213201847-2594826557-910303953-1001..\Run: [SkyDrive] C:\Users\sluggo\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4213201847-2594826557-910303953-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cartes du Ciel Clock.lnk = C:\Program Files\Ciel\cdcicon.exe ()
O4 - Startup: C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk = C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
O4 - Startup: C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\sluggo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26A33E5E-7948-4816-91CF-D2F14FF72721}: DhcpNameServer = 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B74A15E9-18B1-4402-9A5B-96341AC5C6F8}: DhcpNameServer = 192.168.100.1
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/01 14:24:33 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\sluggo\Desktop\OTL.exe
[2012/06/27 18:52:36 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{51659E33-064F-4022-B3BB-2894E232C660}
[2012/06/27 18:52:15 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{03E52918-D3D9-4822-A30B-28856E40350A}
[2012/06/24 13:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\GARMIN
[2012/06/24 13:05:27 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Garmin
[2012/06/24 12:55:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MapSource
[2012/06/24 12:54:01 | 000,000,000 | ---D | C] -- C:\Garmin
[2012/06/24 06:12:03 | 000,000,000 | -H-D | C] -- C:\SkyDriveTemp
[2012/06/23 12:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/06/20 04:26:16 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\Macromedia
[2012/06/19 18:15:03 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{DED6759B-A1CA-48BC-8481-0CD127672320}
[2012/06/19 18:12:02 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{CF734E64-0450-48B8-91AF-02C2E7E0C44D}
[2012/06/17 14:03:08 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
[2012/06/17 14:00:19 | 000,000,000 | ---D | C] -- C:\xampp
[2012/06/16 15:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/06/16 14:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Box
[2012/06/16 14:23:30 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/06/16 14:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/06/16 14:23:26 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Roaming\Notepad++
[2012/06/16 14:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2012/06/14 08:35:47 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{3C99486F-BCFE-4863-8E22-E7F3190C7EA5}
[2012/06/13 20:35:21 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{6AD1F941-01D9-4883-9260-7FC11E7A55D8}
[2012/06/13 08:34:55 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{ABA6E112-655C-49F5-A7ED-CF48C7475BEF}
[2012/06/13 08:34:44 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{10FD3049-8596-457B-AB8D-B36743C40529}
[2012/06/12 20:34:17 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{B40F755B-C40A-47CA-88B8-B16E2ED5822F}
[2012/06/12 08:33:51 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{67D4E3E6-9EC1-4B01-B9D1-22C0B14914C6}
[2012/06/12 08:33:39 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{0B1D99FB-0099-4100-8C97-A9C9AE885BD2}
[2012/06/11 20:33:12 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{3A2187E0-6659-411A-A06A-413650CFBB15}
[2012/06/11 08:32:43 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{43C577A7-C4E6-4B00-89C4-C67DA86470DF}
[2012/06/10 20:32:14 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{536570A1-E5C1-4FAB-B2C6-F20B0B8F7C8B}
[2012/06/10 08:31:47 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{8717B16C-DA94-4C50-8D73-71C929EF8EDC}
[2012/06/09 22:54:55 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2012/06/09 20:31:21 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{2181F666-0631-4F7F-8EAE-5AEF61986DD7}
[2012/06/09 08:30:55 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{86BBEC78-CB3E-4E60-A861-F111C9F9650C}
[2012/06/08 20:30:28 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{E78C37D3-08D3-42A4-8075-0E76C10E4154}
[2012/06/08 08:30:00 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{EA743BF7-0BCE-4BB7-8043-0A7149867278}
[2012/06/07 20:51:49 | 000,000,000 | R--D | C] -- C:\Users\sluggo\SkyDrive
[2012/06/07 20:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012/06/07 20:29:33 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{4AF9C900-304A-42D3-8F57-8D3E1C635F2A}
[2012/06/07 08:29:07 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{2F9C9837-9D72-4EA8-AB2F-C6BE081E9BA9}
[2012/06/06 20:28:40 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{17410E7A-500C-4FFC-B61D-38C1D4E83B31}
[2012/06/06 08:28:14 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{8EB4AFFE-474A-449A-BC62-E77A33150D3F}
[2012/06/06 08:28:02 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{4C8C219D-7F34-45D9-9826-0F6E3FAA3F9A}
[2012/06/05 20:27:35 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{BC9DF134-8AB0-4515-9BB0-9E441D2B9D21}
[2012/06/05 08:27:09 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{6BC1619E-7D84-4BC5-BA2E-108230085A51}
[2012/06/04 20:26:43 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{ECB0C873-3215-4110-8225-C2040582E273}
[2012/06/04 19:54:44 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\Microsoft_Corporation
[2012/06/04 19:53:18 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\Deployment
[2012/06/04 19:53:18 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\Apps
[2012/06/04 08:26:17 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{41E4DBB5-9EBA-49B0-8D99-1568C9D2A947}
[2012/06/03 20:25:50 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{A937C577-6BDF-41DD-9719-54B2EB827E01}
[2012/06/03 15:38:18 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Roaming\.minecraft
[2012/06/03 08:24:45 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{FD241687-9912-4612-9D90-125FA76F767C}
[2012/06/03 08:24:27 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{1C69A1E8-DB52-4A8D-8884-FB1C9C3AF1BF}
[2012/06/02 19:21:21 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{400E86A6-3C43-47CA-929F-3FCB11B915E6}
[2012/06/02 07:20:55 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{3485FF08-DE77-4A10-AE67-29D299453EEA}
[2012/06/01 19:20:30 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\{0BD446AB-BE89-4EA5-B70A-664709739338}
[2011/11/26 09:56:27 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\sluggo\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/07/01 14:25:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/01 14:24:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\sluggo\Desktop\OTL.exe
[2012/07/01 14:05:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4213201847-2594826557-910303953-1001UA.job
[2012/07/01 11:25:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/01 02:05:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4213201847-2594826557-910303953-1001Core.job
[2012/06/30 13:26:37 | 000,013,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 13:26:36 | 000,013,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 13:26:08 | 005,517,097 | ---- | M] () -- C:\Users\sluggo\Desktop\unit-self-assessment.pdf
[2012/06/29 17:29:10 | 000,000,120 | ---- | M] () -- C:\Users\sluggo\webct_upload_applet.properties
[2012/06/27 23:13:36 | 000,001,456 | ---- | M] () -- C:\Users\sluggo\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/06/27 23:13:34 | 000,085,216 | ---- | M] () -- C:\Users\sluggo\Desktop\doug_vice.jpg
[2012/06/27 23:00:58 | 001,103,504 | ---- | M] () -- C:\Users\sluggo\Desktop\yoga2.jpg
[2012/06/27 22:57:36 | 001,080,405 | ---- | M] () -- C:\Users\sluggo\Desktop\yoga.jpg
[2012/06/27 22:31:46 | 000,184,863 | ---- | M] () -- C:\Users\sluggo\Desktop\favicon_rev1.jpg
[2012/06/27 22:26:41 | 000,012,912 | ---- | M] () -- C:\Users\sluggo\Desktop\Screen Shot 2012-06-27 at 10.16.08 PM.png
[2012/06/27 21:04:47 | 000,015,802 | ---- | M] () -- C:\Users\sluggo\Desktop\arrow.jpg
[2012/06/27 20:56:07 | 000,008,577 | ---- | M] () -- C:\Users\sluggo\Desktop\toggle.jpg
[2012/06/27 18:46:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/27 18:46:06 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/27 18:32:22 | 000,000,132 | ---- | M] () -- C:\Users\sluggo\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/06/26 18:24:59 | 007,417,102 | ---- | M] () -- C:\Users\sluggo\Desktop\QnLcwB4pLAs1.128.mp3
[2012/06/26 07:23:17 | 000,059,864 | ---- | M] () -- C:\Users\sluggo\Desktop\tents.PNG
[2012/06/23 15:27:31 | 000,000,600 | ---- | M] () -- C:\Users\sluggo\AppData\Roaming\winscp.rnd
[2012/06/20 18:57:30 | 000,000,600 | ---- | M] () -- C:\Users\sluggo\AppData\Local\PUTTY.RND
[2012/06/20 18:55:20 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/20 18:55:20 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/20 05:00:00 | 000,007,625 | ---- | M] () -- C:\Users\sluggo\AppData\Local\Resmon.ResmonCfg
[2012/06/17 14:03:08 | 000,000,606 | ---- | M] () -- C:\Users\sluggo\Desktop\XAMPP Control Panel.lnk
[2012/06/16 15:55:42 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/06/16 14:41:36 | 000,001,262 | ---- | M] () -- C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/06/13 19:02:25 | 000,015,274 | ---- | M] () -- C:\Users\sluggo\Desktop\map.pdf
[2012/06/13 03:31:07 | 004,817,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/11 18:34:00 | 000,011,800 | ---- | M] () -- C:\Users\sluggo\Desktop\functions.js
[2012/06/10 08:50:10 | 000,001,742 | ---- | M] () -- C:\Users\sluggo\Desktop\Spore.lnk
[2012/06/09 22:55:12 | 000,002,503 | ---- | M] () -- C:\Users\sluggo\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/06/09 22:55:12 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/06/05 06:43:13 | 065,906,034 | ---- | M] () -- C:\Users\sluggo\Desktop\shake your body.wav
[2012/06/05 06:37:36 | 050,157,234 | ---- | M] () -- C:\Users\sluggo\Desktop\edits.wav
[2012/06/02 09:48:30 | 000,001,051 | ---- | M] () -- C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

========== Files Created - No Company Name ==========

[2012/06/30 13:26:07 | 005,517,097 | ---- | C] () -- C:\Users\sluggo\Desktop\unit-self-assessment.pdf
[2012/06/27 23:13:34 | 000,085,216 | ---- | C] () -- C:\Users\sluggo\Desktop\doug_vice.jpg
[2012/06/27 23:00:52 | 001,103,504 | ---- | C] () -- C:\Users\sluggo\Desktop\yoga2.jpg
[2012/06/27 22:57:34 | 001,080,405 | ---- | C] () -- C:\Users\sluggo\Desktop\yoga.jpg
[2012/06/27 22:28:47 | 000,184,863 | ---- | C] () -- C:\Users\sluggo\Desktop\favicon_rev1.jpg
[2012/06/27 22:26:26 | 000,012,912 | ---- | C] () -- C:\Users\sluggo\Desktop\Screen Shot 2012-06-27 at 10.16.08 PM.png
[2012/06/27 21:04:46 | 000,015,802 | ---- | C] () -- C:\Users\sluggo\Desktop\arrow.jpg
[2012/06/27 20:56:07 | 000,008,577 | ---- | C] () -- C:\Users\sluggo\Desktop\toggle.jpg
[2012/06/26 18:24:36 | 007,417,102 | ---- | C] () -- C:\Users\sluggo\Desktop\QnLcwB4pLAs1.128.mp3
[2012/06/26 07:23:06 | 000,059,864 | ---- | C] () -- C:\Users\sluggo\Desktop\tents.PNG
[2012/06/23 15:25:02 | 000,012,491 | ---- | C] () -- C:\Users\sluggo\Desktop\pwi-1.0.js
[2012/06/23 15:23:52 | 000,000,125 | ---- | C] () -- C:\Users\sluggo\Desktop\index.php
[2012/06/20 05:00:00 | 000,007,625 | ---- | C] () -- C:\Users\sluggo\AppData\Local\Resmon.ResmonCfg
[2012/06/17 14:03:08 | 000,000,606 | ---- | C] () -- C:\Users\sluggo\Desktop\XAMPP Control Panel.lnk
[2012/06/16 15:55:42 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/06/13 19:02:25 | 000,015,274 | ---- | C] () -- C:\Users\sluggo\Desktop\map.pdf
[2012/06/10 08:50:10 | 000,001,742 | ---- | C] () -- C:\Users\sluggo\Desktop\Spore.lnk
[2012/06/09 22:55:12 | 000,002,503 | ---- | C] () -- C:\Users\sluggo\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/06/09 22:55:12 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/06/09 22:55:12 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/06/07 20:51:48 | 000,002,160 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012/06/05 06:43:04 | 065,906,034 | ---- | C] () -- C:\Users\sluggo\Desktop\shake your body.wav
[2012/06/05 06:37:26 | 050,157,234 | ---- | C] () -- C:\Users\sluggo\Desktop\edits.wav
[2012/06/04 07:12:44 | 000,011,800 | ---- | C] () -- C:\Users\sluggo\Desktop\functions.js
[2012/06/02 09:48:30 | 000,001,051 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/03/14 21:31:41 | 000,001,536 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\Sketchpad 5 Preferences.dat
[2012/03/13 00:32:07 | 000,002,470 | ---- | C] () -- C:\Users\sluggo\.powerupdate.user.properties
[2012/01/16 17:51:16 | 000,000,120 | ---- | C] () -- C:\Users\sluggo\webct_upload_applet.properties
[2011/12/19 15:36:57 | 000,026,624 | ---- | C] () -- C:\Users\sluggo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/17 21:00:52 | 000,000,600 | ---- | C] () -- C:\Users\sluggo\AppData\Local\PUTTY.RND
[2011/12/10 10:42:59 | 000,069,632 | ---- | C] () -- C:\Windows\System32\FxShared.dll
[2011/12/10 10:42:59 | 000,069,632 | ---- | C] () -- C:\Windows\System32\com.fxpansion.fxshared.dll
[2011/12/09 21:02:10 | 000,154,806 | ---- | C] () -- C:\Users\sluggo\IRIMG2.BMP
[2011/12/09 21:02:10 | 000,021,222 | ---- | C] () -- C:\Users\sluggo\IRIMG1.BMP
[2011/12/09 21:02:07 | 000,576,000 | ---- | C] () -- C:\Users\sluggo\uninstall.exe
[2011/12/09 21:02:07 | 000,090,344 | ---- | C] () -- C:\Users\sluggo\irunin.dat
[2011/12/09 21:02:07 | 000,008,939 | ---- | C] () -- C:\Users\sluggo\irunin.xml
[2011/11/27 13:26:16 | 000,001,456 | ---- | C] () -- C:\Users\sluggo\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/11/27 12:43:17 | 000,000,443 | ---- | C] () -- C:\Windows\Sam10_E.INI
[2011/11/27 12:19:20 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2011/11/27 12:05:30 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2011/11/27 12:05:09 | 000,005,937 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011/11/27 09:44:49 | 000,000,132 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/11/26 09:56:27 | 000,087,608 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\inst.exe
[2011/11/26 09:56:27 | 000,007,887 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\pcouffin.cat
[2011/11/26 09:56:27 | 000,001,144 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\pcouffin.inf
[2011/11/16 08:24:50 | 000,000,132 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/11/11 16:31:47 | 000,000,600 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\winscp.rnd
[2011/11/07 20:09:44 | 000,028,674 | ---- | C] () -- C:\Windows\System32\prckrep.dll
[2011/11/06 17:21:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/24 13:38:34 | 000,353,280 | ---- | C] () -- C:\Windows\System32\pythoncom27.dll
[2011/06/24 13:38:34 | 000,109,568 | ---- | C] () -- C:\Windows\System32\pywintypes27.dll
[2011/06/02 09:06:04 | 000,679,936 | ---- | C] () -- C:\Windows\System32\pavedius6db.dat
[2011/04/20 02:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/03/17 18:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 22:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/01/30 14:35:56 | 000,000,373 | ---- | C] () -- C:\Users\sluggo\PSPaudioware.com.html
[2009/01/28 11:22:43 | 001,027,019 | ---- | C] () -- C:\Users\sluggo\PSP Nitro Operation Manual.pdf

========== LOP Check ==========

[2012/02/04 09:07:35 | 000,000,000 | ---D | M] -- C:\Users\emma\AppData\Roaming\SPORE
[2012/02/20 19:09:03 | 000,000,000 | ---D | M] -- C:\Users\emma\AppData\Roaming\Unity
[2012/06/15 16:28:07 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\.minecraft
[2011/12/09 20:49:06 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Applied Acoustics Systems
[2012/06/16 14:30:32 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Box
[2012/04/14 08:26:40 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Box.Net
[2012/03/25 16:23:43 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\calibre
[2011/12/25 23:11:18 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Canneverbe Limited
[2011/11/30 01:47:42 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Canopus
[2011/12/25 12:12:30 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\ChecksumTool
[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLCakePHP
[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLCodeIgniter
[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLDrupal
[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLFacebook
[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLJoomla
[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLJQuery
[2011/11/17 06:47:53 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\ClPhpEd
[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLSmarty
[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLSMySQL
[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLSymfony
[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLWordPress
[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLYii
[2012/03/29 21:45:13 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CmapTools
[2011/11/17 06:11:55 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CodeLobster Php Edition
[2012/06/30 06:28:54 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Dropbox
[2012/03/14 05:51:46 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\DVDFab
[2011/12/13 19:04:35 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Echo PCI Console
[2011/11/06 19:01:28 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Elluminate
[2011/12/19 10:52:55 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\foobar2000
[2011/12/10 14:20:16 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\FXpansion
[2012/06/24 13:05:44 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Garmin
[2012/04/09 11:14:36 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\GeoSetter
[2011/11/07 22:59:52 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Leadertech
[2011/12/03 15:37:29 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Line 6
[2012/06/15 02:48:03 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\MediaMonkey
[2012/03/13 21:49:01 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\MoveFab
[2012/06/17 23:13:41 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Notepad++
[2011/12/03 12:09:50 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Propellerhead Software
[2011/12/19 15:36:30 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Research In Motion
[2012/01/14 19:37:24 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\skychart
[2011/11/07 00:28:23 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\SPORE
[2012/01/14 19:43:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Stellarium
[2011/11/07 01:09:32 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Thunderbird
[2011/11/09 19:16:03 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2012/03/13 21:03:20 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Vso
[2009/07/13 21:53:46 | 000,015,384 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

And here is Extras.txt


OTL Extras logfile created on: 7/1/2012 2:25:39 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\sluggo\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 47.81% Memory free
6.50 Gb Paging File | 3.82 Gb Available in Paging File | 58.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275.35 Gb Total Space | 103.72 Gb Free Space | 37.67% Space Free | Partition Type: NTFS
Drive D: | 4.02 Gb Total Space | 3.96 Gb Free Space | 98.53% Space Free | Partition Type: NTFS

Computer Name: SLUGGO-PC | User Name: sluggo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4213201847-2594826557-910303953-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0019C12C-08CF-41F6-9556-BB693867096F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0F1FE5BD-0975-4EE4-A10A-8FD567ED23A4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{10BAFEC4-9049-4D45-94A0-449EF9CDBC03}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12C1F161-C7B5-411A-8F1E-D88FCC6C80AF}" = lport=138 | protocol=17 | dir=in | app=system |
"{356FD5EB-D92E-497C-A930-763459E0FE43}" = lport=2869 | protocol=6 | dir=in | app=system |
"{37307319-F665-4ACA-A7AE-F0E0972B00B7}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{45D78517-4EFE-40FA-B93B-CF91B8261F87}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{683FD127-1735-43D8-87FC-96B7F29559F3}" = rport=139 | protocol=6 | dir=out | app=system |
"{68EA7200-3D27-4C16-A104-A7BC15AD8132}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6C6327C7-21C7-42EC-87BC-B1F081B6671B}" = lport=3389 | protocol=6 | dir=in | app=system |
"{70EC87C0-7F01-4498-A59C-595399E660BC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{825F0317-4ABD-498A-8F7B-A00C62D3F78C}" = lport=139 | protocol=6 | dir=in | app=system |
"{848AD268-ABD8-4AB7-9F7A-41FCF702F185}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{96D177C7-8A03-4B15-B9C5-628F4BF49FB8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{980C3AE4-AA84-488F-986D-84CB32432E6B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9A44DE87-6F80-455A-8221-12AF69C5B928}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A29AC834-32D8-48E0-969C-CB0644205720}" = rport=137 | protocol=17 | dir=out | app=system |
"{AB1AE573-1C45-479D-BCF1-45D5B3E618FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD8CF5D8-FD94-4C57-B00C-BC305901C1E1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C389DB2C-DE81-4B1B-90E7-9B515356F7A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C56F1DC4-8B8C-485D-B568-E7DB210B735D}" = rport=138 | protocol=17 | dir=out | app=system |
"{E80EA088-75C7-4246-B72B-D1631DEF4877}" = rport=445 | protocol=6 | dir=out | app=system |
"{E830D05E-28CD-4531-AAB0-C864E8C25252}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EE74D670-CF9F-4DE3-A3B2-FBED155F900D}" = lport=137 | protocol=17 | dir=in | app=system |
"{F0CE728F-1C22-4FC8-BC31-5690492FEA51}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F3232733-95B2-4200-B94D-F48A200BF525}" = lport=445 | protocol=6 | dir=in | app=system |
"{FF2E6AED-2018-4B14-8F33-9D8CAA6AD611}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{FFD17FE7-C357-4BE4-8F0C-F68FAD4DE1DD}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022F1DCF-B8E4-45FE-B89F-F125C53675F1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{06ED26B3-C59C-4934-A56D-918253AD69ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A39BE00-8A97-49EF-95E6-49D7CB3103A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0E1AB8A6-0191-4B2A-BA73-F4D95A0F6658}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{10539D4B-0B32-43D6-A14D-389FBC5FA602}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{161C08F5-94DE-4D3D-80C1-795A9781B880}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{21194163-15C5-44C5-BE26-73D68678D073}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{242D8001-C118-44BD-AD1A-C480B53EC622}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{2AEA0148-FDFA-4721-B028-0B8E989EBD38}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{34B3219F-82C0-4119-9921-B63402456B2E}" = dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{368DF2DB-FFC8-461F-BD6A-360F7385A787}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{3C0E0FEF-65EA-4B3E-8749-0BA4F0C24B2C}" = protocol=17 | dir=in | app=c:\subsonic\subsonic-service.exe |
"{4D221976-3D29-4103-8884-B0EA880362AD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5A62D95E-963B-4248-8722-85BAF7F04A4E}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{5ABAE0A3-5F9C-46FF-A390-8AC227034DB8}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{655AB828-61A2-4226-A1E3-8F922C5EC2E5}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{69E5EC89-8E9A-4A2B-A9DA-8389C5453FB3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6E326139-740F-4CF3-A4DF-00825F9E3260}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FF461D7-24C5-474B-B469-A34A2DCD73C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{79491305-F60B-42A5-841D-9962AE2F1890}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81AF8002-65BE-419E-8258-BF764035B54D}" = protocol=17 | dir=in | app=c:\subsonic\subsonic-agent.exe |
"{84576EC8-B99D-4946-9259-B81DA490FEDF}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{8ADCDF59-F03D-4895-AE06-368D1ABB171E}" = protocol=17 | dir=in | app=c:\subsonic\elevate.exe |
"{8D1CBE22-4F6B-4A5B-BE9D-1F115802B474}" = protocol=6 | dir=in | app=c:\users\sluggo\appdata\local\microsoft\skydrive\skydrive.exe |
"{95F63AD8-7E1F-4145-8ADD-76063D9430A5}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{9CFF97BC-59D2-4896-AA1E-F453286C4909}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0F78E75-74DD-44F0-BD23-F4267D89B721}" = protocol=6 | dir=in | app=c:\subsonic\subsonic-service.exe |
"{A4AB0FDE-C480-4A5F-9812-5593800558DE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A5B62B03-EF59-400B-914C-CA6BAF65D8F8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB3838CE-CC0E-4E28-B5FB-06B0E4B58CB1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{ACEF3BE6-9E60-44D7-9700-B4011CB7DDAE}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{B3C6E987-A7CF-4AD4-B5A6-5FFFD8D995EE}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{BCE4ACFF-107E-4533-877D-DAD606C350CE}" = protocol=6 | dir=in | app=c:\subsonic\subsonic-agent.exe |
"{BE9AA5B5-EFB5-4104-8D89-C32303765387}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BF8B9B6D-65F2-4AF4-A9D4-166DD9CC868A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BFE2907A-C919-44A0-B362-3695836B9E6B}" = protocol=6 | dir=in | app=c:\subsonic\elevate.exe |
"{C07C6305-E7AE-48DD-BA20-5BF0A69D34F8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C17CCE29-9FDA-4EBB-8B92-CB34754CAF30}" = protocol=58 | dir=in | app=system |
"{C5579F86-B3D3-4D64-ABCF-1D6A7CB69D13}" = dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{C5BACA31-ACBA-4667-B017-F7C1A9E391B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D27B8889-0F27-4C0A-A195-D97283E3F50A}" = protocol=6 | dir=out | app=system |
"{D30439EE-8B98-4C26-8D7B-F04B809785BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D835F19E-EAFE-425F-A518-473BDBF8B416}" = protocol=17 | dir=in | app=c:\users\sluggo\appdata\roaming\dropbox\bin\dropbox.exe |
"{D9E91052-242F-4139-86DF-B88381F68D31}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{DFCDF4E8-382D-4032-8524-FF2A98476240}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{EF37A183-9BE2-4561-A201-3097A943E9A3}" = protocol=17 | dir=in | app=c:\users\sluggo\appdata\local\microsoft\skydrive\skydrive.exe |
"{F9E4B273-7C99-49FE-815A-F8D0381C4DD9}" = protocol=6 | dir=in | app=c:\users\sluggo\appdata\roaming\dropbox\bin\dropbox.exe |
"{FE3199F7-913A-4C56-A89C-68C9EFCAB8E5}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"TCP Query User{12EC4927-7E27-4ABA-8EB4-BF4A8CF24895}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{2E7D9B0A-F1C8-4BD3-8314-39D04E840A47}C:\program files\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files\mediamonkey\mediamonkey.exe |
"TCP Query User{4F0FE272-46B6-4423-94A0-12642F2F9020}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{78068B5E-DBC6-41B1-A271-DBEE57405993}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{9985B076-33DA-47B4-B51E-D2D06D831200}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{A8943017-A0CD-4451-BA30-6B52E7167B0E}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{BBCA2255-5D32-4CD8-9A1E-C5F09093FF6E}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{BC5522BC-BB3D-4045-9A20-327EA455D4D7}C:\users\sluggo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\sluggo\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{D0596603-ADD0-4639-B331-1C8899223D47}C:\users\sluggo\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\sluggo\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{DD4A756E-C93D-49D8-AB1E-740C4002384A}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{13CC2E45-1E9F-46B4-930C-07509B5130A8}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{33E4026C-E8C2-473A-A583-3373E2AD3C11}C:\users\sluggo\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\sluggo\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{39CD5655-9280-449D-BF37-95DDA7FFB74D}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{4FF95729-1E94-41A9-88CF-80F9D1E08291}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{66D45794-B63B-4615-8B7F-59EBB42B6C86}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{9D63E20E-6A1D-4CC2-81C8-B49576E74600}C:\users\sluggo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\sluggo\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{B6140DCD-5F0E-4CBC-A6CD-CC2DE53031D1}C:\program files\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files\mediamonkey\mediamonkey.exe |
"UDP Query User{BD98D733-78DA-43B9-8CD5-C7B33E6F0C02}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{BF3A3D62-3A73-4B40-A51F-B15186045714}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{C6341948-A8DC-4E59-9E04-72542AD2F234}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AA86CEE-2C8C-4ABB-8F95-B8D8E852C62C}" = SportTracks 3.1
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E49A356-E4F2-4A3F-8243-2FF7A2588066}" = Authorizer Ignition Key Support
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
"{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{28C515CC-489B-4c02-898E-FE5B790E52FF}" = EDIUS Codec Option 6.03
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CFC16D1-C831-4CEB-B27D-342E7E2D5603}" = ESET NOD32 Antivirus
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{422EB670-90F6-4332-AEAE-5128AFF84FDD}" = Python 2.7 pycrypto-2.3
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{49351FE8-DB8F-4C56-9DA6-B2D6CE3F7BF8}" = ActiveState ActivePython 2.7.2.5 (32-bit)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{55A75679-02D1-4C8C-85CA-B4E4DF4D775F}" = MSM32Installer
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{612601db-4776-4127-bab5-d84b8644e530}" = Native Instruments Traktor Kontrol X1
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}" = DWA-552
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F308117-9B2F-45EB-9FAF-B59CD8339673}" = MapSource - Topo Canada v2
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A261F28E-6053-4414-9B84-AA8FE5F47AD4}_is1" = Cartes du Ciel V3.4.1
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A7765932-77D6-E0B2-1B27-E2973B5E1BD5}" = TweetDeck
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA6208C5-AB9A-4A77-B9AD-DDB139BC28AE}" = Box for Office
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_951" = Adobe Acrobat 9.5.1 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AE29D445-8164-4CD1-8824-FCE85C0BB179}" = Adobe Creative Suite 5 Design Standard
"{AF25AEFA-F76B-48A7-A709-C69AD56AED51}" = CodeMeter Runtime Kit v3.20c
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B91A1230-C199-421e-8F63-7235731D925E}" = EDIUS Neo 3.02
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1ACFF16-2555-48B0-8EFB-008818A42613}" = calibre
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F7982D9E-D925-4E2E-8C24-1EFF7CCB14C5}" = Garmin BlueChart Americas v8.5
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 9.20
"Admiral Quality Poly-Ana 1.x" = Admiral Quality Poly-Ana 1.x
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ASIO4ALL" = ASIO4ALL
"Authorizer_is1" = Authorizer 1.0.5
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Cakewalk Rapture_is1" = Rapture 1.1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CheckSum Tool" = CheckSum Tool 0.7.0
"ClPhpEd" = ClPhpEd(remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Digital Editions" = Adobe Digital Editions
"DVDFab 7_is1" = DVDFab 7.0.3.0 (26/03/2010)
"DVDFab 8 Qt_is1" = DVDFab 8.1.6.3 (11/02/2012) Qt
"Echo3G PCI" = Echo3G PCI
"Extreme Sample Converter 3_is1" = Extreme Sample Converter 3.5.9
"FL Studio 10" = FL Studio 10
"foobar2000" = foobar2000 v1.1.10
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder5.1" = Freecorder 5
"GeoSetter_is1" = GeoSetter 3.4.16
"GPS2PowerTrack Plugin V3_is1" = GPS2PowerTrack Plugin V3
"Guru" = Guru
"IHMC CmapTools v5.04.02" = IHMC CmapTools v5.04.02
"IL Download Manager" = IL Download Manager
"InstallShield_{9F308117-9B2F-45EB-9FAF-B59CD8339673}" = MapSource - Topo Canada v2
"Line 6 Uninstaller" = Line 6 Uninstaller
"M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player_is1" = M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1
"MediaMonkey_is1" = MediaMonkey 4.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Thunderbird 13.0.1 (x86 en-US)" = Mozilla Thunderbird 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"Native Instruments Traktor Kontrol X1" = Native Instruments Traktor Kontrol X1
"Native Instruments Traktor Kontrol X1 Driver" = Native Instruments Traktor Kontrol X1 Driver
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Ohmboyz VST2" = OhmForce Ohmboyz VST2
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"Picasa 3" = Picasa 3
"Project5 Version 2.5" = Project5 Version 2.5
"PSP Nitro 1.1.2" = PSP Nitro 1.1.2
"Samplitude 10 US" = Samplitude 10 10.0.0.0 (US)
"Sketchpad" = Sketchpad
"SopCast" = SopCast 3.4.0
"sp6" = Logitech SetPoint 6.32
"Stellarium_is1" = Stellarium 0.11.1
"Subsonic" = Subsonic
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Ultra Analog VA-1" = Applied Acoustics Systems - Ultra Analog VA-1 v1.1.2
"VLC media player" = VLC media player 2.0.1
"Weather Plugin V3_is1" = Weather Plugin V3
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.5
"xampp" = XAMPP 1.7.7
"Yahoo! Messenger" = Yahoo! Messenger
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4213201847-2594826557-910303953-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Circuit Construction Kit (DC Only)" = Circuit Construction Kit (DC Only)
"Dropbox" = Dropbox
"Energy Skate Park" = Energy Skate Park
"Faraday's Electromagnetic Lab" = Faraday's Electromagnetic Lab
"Generator" = Generator
"Google Chrome" = Google Chrome
"LastPass" = LastPass (uninstall only)
"SkyDriveSetup.exe" = Microsoft SkyDrive
"States of Matter" = States of Matter

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/30/2012 7:29:06 AM | Computer Name = sluggo-PC | Source = Winlogon | ID = 4005
Description = The Windows logon process has unexpectedly terminated.

Error - 6/30/2012 7:31:05 AM | Computer Name = sluggo-PC | Source = Winlogon | ID = 4005
Description = The Windows logon process has unexpectedly terminated.

Error - 6/30/2012 7:33:24 AM | Computer Name = sluggo-PC | Source = Winlogon | ID = 4005
Description = The Windows logon process has unexpectedly terminated.

Error - 6/30/2012 7:35:41 AM | Computer Name = sluggo-PC | Source = Winlogon | ID = 4005
Description = The Windows logon process has unexpectedly terminated.

Error - 6/30/2012 7:36:06 AM | Computer Name = sluggo-PC | Source = Winlogon | ID = 4005
Description = The Windows logon process has unexpectedly terminated.

Error - 6/30/2012 4:21:53 PM | Computer Name = sluggo-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_StiSvc, version: 6.1.7600.16385,
time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b60 Exception code: 0xc0000374 Fault offset: 0x000c380b Faulting
process id: 0x59c Faulting application start time: 0x01cd54cfd3d5d692 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 3ab7febe-c2f1-11e1-ad77-001bfcb2d46b

Error - 7/1/2012 2:36:26 AM | Computer Name = sluggo-PC | Source = Winlogon | ID = 4005
Description = The Windows logon process has unexpectedly terminated.

Error - 7/1/2012 3:32:01 AM | Computer Name = sluggo-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Research
In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/1/2012 3:32:07 AM | Computer Name = sluggo-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Dependent Assembly
Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/1/2012 3:35:20 AM | Computer Name = sluggo-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "c:\program files\Adobe\adobe
media encoder cs5\PhotoshopServer.exe".Error in manifest or policy file "c:\program
files\Adobe\adobe media encoder cs5\PhotoshopServer.exe" on line 2. Multiple requestedPrivileges
elements are not allowed in manifest.

[ Cisco AnyConnect VPN Client Events ]
Error - 6/10/2012 3:48:55 PM | Computer Name = sluggo-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 6/10/2012 3:48:55 PM | Computer Name = sluggo-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 6/11/2012 11:45:28 PM | Computer Name = sluggo-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
No such file or directory

Error - 6/12/2012 7:08:12 AM | Computer Name = sluggo-PC | Source = vpnagent | ID = 67108866
Description = Function: CWTS::QuerySessionInformation File: .\WTS.cpp Line: 294 Invoked
Function: WTSQuerySessionInformation Return Code: 2 (0x00000002) Description: The
system cannot find the file specified.

Error - 6/12/2012 7:08:12 AM | Computer Name = sluggo-PC | Source = vpnagent | ID = 67108866
Description = Function: CWTS::GetSessionUsername File: .\WTS.cpp Line: 350 Invoked
Function: CWTS::QuerySessionInformation Return Code: -30605300 (0xFE2D000C) Description:
WTS_ERROR_QUERY_SESSION_INFORMATION_FAILED WTSUserName

Error - 6/12/2012 7:08:12 AM | Computer Name = sluggo-PC | Source = vpnagent | ID = 67108866
Description = Function: CWTS::GetUserLogonCount File: .\WTS.cpp Line: 584 Invoked Function:
CWTS::getSessionUsername Return Code: -30605300 (0xFE2D000C) Description: WTS_ERROR_QUERY_SESSION_INFORMATION_FAILED


Error - 6/12/2012 7:08:12 AM | Computer Name = sluggo-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
1591 Invoked Function: CWTS::getUserLogonCount Return Code: -30605300 (0xFE2D000C)
Description:
WTS_ERROR_QUERY_SESSION_INFORMATION_FAILED

Error - 6/13/2012 6:31:19 AM | Computer Name = sluggo-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
No such file or directory

Error - 6/19/2012 9:09:26 PM | Computer Name = sluggo-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
No such file or directory

Error - 6/27/2012 9:46:21 PM | Computer Name = sluggo-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
No such file or directory

[ Media Center Events ]
Error - 1/8/2012 7:54:28 PM | Computer Name = sluggo-PC | Source = MCUpdate | ID = 0
Description = 3:54:21 PM - Error connecting to the internet. 3:54:21 PM - Unable
to contact server..

Error - 1/8/2012 8:54:39 PM | Computer Name = sluggo-PC | Source = MCUpdate | ID = 0
Description = 4:54:32 PM - Error connecting to the internet. 4:54:32 PM - Unable
to contact server..

Error - 1/9/2012 5:02:54 AM | Computer Name = sluggo-PC | Source = MCUpdate | ID = 0
Description = 1:02:54 AM - Error connecting to the internet. 1:02:54 AM - Unable
to contact server..

Error - 1/9/2012 5:03:12 AM | Computer Name = sluggo-PC | Source = MCUpdate | ID = 0
Description = 1:02:59 AM - Error connecting to the internet. 1:02:59 AM - Unable
to contact server..

Error - 1/9/2012 6:03:16 AM | Computer Name = sluggo-PC | Source = MCUpdate | ID = 0
Description = 2:03:16 AM - Error connecting to the internet. 2:03:16 AM - Unable
to contact server..

Error - 1/9/2012 6:03:28 AM | Computer Name = sluggo-PC | Source = MCUpdate | ID = 0
Description = 2:03:21 AM - Error connecting to the internet. 2:03:21 AM - Unable
to contact server..

Error - 1/9/2012 7:03:32 AM | Computer Name = sluggo-PC | Source = MCUpdate | ID = 0
Description = 3:03:32 AM - Error connecting to the internet. 3:03:32 AM - Unable
to contact server..

Error - 1/9/2012 7:03:45 AM | Computer Name = sluggo-PC | Source = MCUpdate | ID = 0
Description = 3:03:37 AM - Error connecting to the internet. 3:03:37 AM - Unable
to contact server..

Error - 1/9/2012 8:03:49 AM | Computer Name = sluggo-PC | Source = MCUpdate | ID = 0
Description = 4:03:49 AM - Error connecting to the internet. 4:03:49 AM - Unable
to contact server..

Error - 1/9/2012 8:04:01 AM | Computer Name = sluggo-PC | Source = MCUpdate | ID = 0
Description = 4:03:54 AM - Error connecting to the internet. 4:03:54 AM - Unable
to contact server..

[ System Events ]
Error - 6/22/2012 6:40:46 PM | Computer Name = sluggo-PC | Source = DCOM | ID = 10016
Description =

Error - 6/22/2012 6:40:46 PM | Computer Name = sluggo-PC | Source = DCOM | ID = 10016
Description =

Error - 6/22/2012 6:40:47 PM | Computer Name = sluggo-PC | Source = DCOM | ID = 10016
Description =

Error - 6/24/2012 3:56:08 PM | Computer Name = sluggo-PC | Source = DCOM | ID = 10001
Description =

Error - 6/24/2012 4:22:25 PM | Computer Name = sluggo-PC | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 6/24/2012 6:37:49 PM | Computer Name = sluggo-PC | Source = TermDD | ID = 655410
Description =

Error - 6/25/2012 4:22:23 AM | Computer Name = sluggo-PC | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 6/27/2012 9:42:24 PM | Computer Name = sluggo-PC | Source = DCOM | ID = 10010
Description =

Error - 6/27/2012 9:42:35 PM | Computer Name = sluggo-PC | Source = Service Control Manager | ID = 7024
Description = The Apache2.2 service terminated with service-specific error %%1.

Error - 6/30/2012 4:22:01 PM | Computer Name = sluggo-PC | Source = Service Control Manager | ID = 7034
Description = The Windows Image Acquisition (WIA) service terminated unexpectedly.
It has done this 1 time(s).


< End of report >

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:48 PM

Posted 05 July 2012 - 08:33 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 shmish

shmish
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 05 July 2012 - 02:18 PM

Hello,

This seems to have gotten rid of the SearchEnhance and I'm not noticing any strange behaviour on my PC.

Checkup.txt:
Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 5.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Java™ 6 Update 33
Java version out of Date!
Adobe Flash Player 11.3.300.257
Mozilla Firefox (13.0.1)
Mozilla Thunderbird (13.0.1)
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



Combofix:
ComboFix 12-07-05.02 - sluggo 07/05/2012 8:49.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.1762 [GMT -7:00]
Running from: c:\users\sluggo\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\sluggo\AppData\Local\assembly\tmp
c:\users\sluggo\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0B1D88EA-40DE-4DB0-9AA1-E42D31323CFE}.xps
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\chrome.manifest
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\chrome\content\background.html
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\chrome\content\browser.xul
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\chrome\content\crossrider.js
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\chrome\content\crossriderapi.js
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\chrome\content\dialog.js
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\chrome\content\lib\faye-browser-min.js
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\chrome\content\manage-apps-style.css
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\chrome\content\manage-apps.html
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\chrome\content\messaging.js
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\chrome\content\options.js
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\chrome\content\options.xul
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\chrome\content\push.html
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\chrome\content\search_dialog.xul
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\chrome\content\update.html
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\defaults\preferences\prefs.js
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\install.rdf
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\locale\en-US\translations.dtd
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\skin\button1.png
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\skin\button2.png
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\skin\button3.png
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\skin\button4.png
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\skin\button5.png
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\skin\crossrider_statusbar.png
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\skin\icon128.png
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\skin\icon16.png
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\skin\icon24.png
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\skin\icon48.png
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\skin\panelarrow-up.png
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\skin\popup.css
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\skin\popup.html
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\skin\popup_binding.xml
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\skin\skin.css
c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\crossriderapp529@crossrider.com\skin\update.css
.
.
((((((((((((((((((((((((( Files Created from 2012-06-05 to 2012-07-05 )))))))))))))))))))))))))))))))
.
.
2012-07-05 15:59 . 2012-07-05 15:59 -------- d-----w- c:\users\emma\AppData\Local\temp
2012-07-05 15:59 . 2012-07-05 15:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-03 11:11 . 2012-07-03 11:11 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{29A98A25-02DE-4519-9A74-FDF6E4D40F8E}\offreg.dll
2012-07-03 11:10 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{29A98A25-02DE-4519-9A74-FDF6E4D40F8E}\mpengine.dll
2012-07-02 14:35 . 2012-07-02 14:35 -------- d-----w- c:\program files\DeLorme
2012-06-24 20:05 . 2012-06-24 20:05 -------- d-----w- c:\programdata\GARMIN
2012-06-24 19:54 . 2012-06-24 20:05 -------- d-----w- C:\Garmin
2012-06-24 19:53 . 2003-11-11 01:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-06-24 19:53 . 2003-11-11 01:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-06-24 19:53 . 2003-11-11 01:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-06-24 19:53 . 2003-11-11 01:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-06-24 19:53 . 2003-11-11 01:10 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-06-24 19:53 . 2003-11-11 01:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-06-24 19:53 . 2012-06-24 19:53 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-06-24 19:53 . 2012-06-24 19:53 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-06-24 13:12 . 2012-06-24 13:12 -------- d-----w- C:\SkyDriveTemp
2012-06-23 19:13 . 2012-06-23 19:12 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-23 19:11 . 2012-06-23 19:11 -------- d-----w- c:\programdata\McAfee
2012-06-20 23:39 . 2012-06-20 23:39 -------- d-----w- c:\users\emma\AppData\Local\Macromedia
2012-06-20 11:26 . 2012-06-20 11:26 -------- d-----w- c:\users\sluggo\AppData\Local\Macromedia
2012-06-17 21:00 . 2012-06-17 21:02 -------- d-----w- C:\xampp
2012-06-16 21:30 . 2012-06-16 21:30 -------- d-----w- c:\program files\Box
2012-06-16 21:23 . 2012-06-18 06:13 -------- d-----w- c:\users\sluggo\AppData\Roaming\Notepad++
2012-06-16 21:23 . 2012-06-16 21:23 -------- d-----w- c:\program files\Notepad++
2012-06-13 10:01 . 2012-05-17 22:38 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-06-13 10:01 . 2012-05-17 22:37 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-06-13 10:01 . 2012-05-17 22:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-10 05:54 . 2012-06-10 05:55 -------- d-----w- c:\program files\Safari
2012-06-08 23:30 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-08 23:30 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-08 23:30 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-08 23:30 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-08 23:30 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-08 23:30 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-08 23:30 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-08 23:29 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-08 23:29 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-08 03:51 . 2012-07-05 15:45 -------- d-----r- c:\users\sluggo\SkyDrive
2012-06-08 03:51 . 2012-06-08 03:51 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-06-06 05:28 . 2012-06-06 05:28 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-06 05:28 . 2012-06-06 05:28 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 19:12 . 2011-11-07 01:57 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-21 12:29 . 2011-11-08 05:59 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-06-20 01:12 . 2012-04-06 03:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-20 01:12 . 2011-11-10 15:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 21:17 . 2011-11-07 01:24 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-11-14 . B0A5A2CD481563430D09B497605497B6 . 521216 . . [6.1.7601.17514] . . c:\windows\System32\termsrv.dll
[-] 2011-11-14 . B0A5A2CD481563430D09B497605497B6 . 521216 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll
[7] 2009-07-14 . A01E50A04D7B1960B33E92B9080E6A94 . 543232 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-06-08 03:51 208608 ----a-w- c:\users\sluggo\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-06-08 03:51 208608 ----a-w- c:\users\sluggo\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-06-08 03:51 208608 ----a-w- c:\users\sluggo\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\sluggo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\sluggo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\sluggo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2012-03-09 1449824]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-11-24 6497592]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"SkyDrive"="c:\users\sluggo\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-06-08 296672]
"chromium"="c:\users\sluggo\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-06-28 1250328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-10 2595792]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-10 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-10 136472]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Cartes du Ciel Clock.lnk - c:\program files\Ciel\cdcicon.exe [2012-1-14 3495424]
CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2011-7-6 6904208]
Dropbox.lnk - c:\users\sluggo\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2011-7-6 6904208]
Subsonic.lnk - c:\subsonic\subsonic-agent.exe [2011-12-6 206336]
Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-552 revA\wirelesscm.exe [2012-2-29 517440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 XAMPP;XAMPP Service;c:\xampp\service.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\D-Link\DWA-552 revA\jswpsapi.exe [x]
R3 kx1avs;Traktor Kontrol X1 Midi;c:\windows\system32\Drivers\kx1avs.sys [x]
R3 kx1usb_svc;Traktor Kontrol X1;c:\windows\system32\Drivers\kx1usb.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [x]
S3 Echo3G;Echo3G Service;c:\windows\system32\drivers\echo3g.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - fxdiqpod
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-25 18:20]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-25 18:20]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4213201847-2594826557-910303953-1001Core.job
- c:\users\sluggo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 01:50]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4213201847-2594826557-910303953-1001UA.job
- c:\users\sluggo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 01:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.100.1
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\TurboTax 2011\ic2011pp.dll
FF - ProfilePath - c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
HKCU-Run-AdobeBridge - (no file)
AddRemove-GPS2PowerTrack Plugin V3_is1 - c:\programdata\ZoneFiveSoftware\SportTracks\3\Plugins\Installed\68dba27d-8caa-415e-9c2f-8442517fdd59\unins000.exe
AddRemove-Native Instruments Traktor Kontrol X1 Driver - c:\programdata\{B4EC8631-3359-4312-83DE-2903C693758B}\Traktor Kontrol X1 Driver Setup.exe
AddRemove-Weather Plugin V3_is1 - c:\programdata\ZoneFiveSoftware\SportTracks\3\Plugins\Installed\5ea8ee44-ff77-4bd0-821e-fc4fe349b3aa\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4213201847-2594826557-910303953-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*›Óp]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-4213201847-2594826557-910303953-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*›Óp\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4213201847-2594826557-910303953-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*›Óp]
"0"=hex:66,69,6c,65,3a,2f,2f,2f,4e,3a,2f,44,6f,77,6e,6c,6f,61,64,73,2f,44,65,
6e,6e,69,73,25,32,30,46,65,72,72,65,72,25,32,30,2d,25,32,30,54,72,61,6e,73,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-4213201847-2594826557-910303953-1001\Software\SecuROM\License information*]
"datasecu"=hex:60,4b,c2,54,47,36,de,3f,ef,1f,3c,47,47,82,02,7c,cd,3b,cd,a9,7d,
4b,04,e0,42,7e,b3,c0,7f,aa,c0,a4,8b,7c,30,5a,7c,a7,fc,6e,3d,31,c1,31,dc,67,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\relog_ap.DLL
.
Completion time: 2012-07-05 09:01:56
ComboFix-quarantined-files.txt 2012-07-05 16:01
.
Pre-Run: 111,733,972,992 bytes free
Post-Run: 113,395,896,320 bytes free
.
- - End Of File - - A32C6EDCA35A8300B45CECE9142FE9D4


thanks!

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:48 PM

Posted 05 July 2012 - 07:20 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 shmish

shmish
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 06 July 2012 - 02:20 AM

tdskiller log:
23:24:51.0952 6872 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
23:24:52.0654 6872 ============================================================
23:24:52.0654 6872 Current date / time: 2012/07/05 23:24:52.0654
23:24:52.0654 6872 SystemInfo:
23:24:52.0654 6872
23:24:52.0654 6872 OS Version: 6.1.7601 ServicePack: 1.0
23:24:52.0654 6872 Product type: Workstation
23:24:52.0654 6872 ComputerName: SLUGGO-PC
23:24:52.0654 6872 UserName: sluggo
23:24:52.0654 6872 Windows directory: C:\Windows
23:24:52.0654 6872 System windows directory: C:\Windows
23:24:52.0654 6872 Processor architecture: Intel x86
23:24:52.0654 6872 Number of processors: 4
23:24:52.0654 6872 Page size: 0x1000
23:24:52.0654 6872 Boot type: Normal boot
23:24:52.0654 6872 ============================================================
23:24:54.0386 6872 Drive \Device\Harddisk0\DR0 - Size: 0x45DECD2000 (279.48 Gb), SectorSize: 0x200, Cylinders: 0x8E83, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:24:54.0386 6872 Drive \Device\Harddisk1\DR1 - Size: 0x3B2800000 (14.79 Gb), SectorSize: 0x200, Cylinders: 0x78A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:24:54.0402 6872 ============================================================
23:24:54.0402 6872 \Device\Harddisk0\DR0:
23:24:54.0402 6872 MBR partitions:
23:24:54.0402 6872 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:24:54.0402 6872 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x226B5000
23:24:54.0417 6872 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x226E7935, BlocksNum 0x80B18E
23:24:54.0417 6872 \Device\Harddisk1\DR1:
23:24:54.0417 6872 MBR partitions:
23:24:54.0417 6872 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1D92080
23:24:54.0417 6872 ============================================================
23:24:54.0464 6872 C: <-> \Device\Harddisk0\DR0\Partition1
23:24:54.0480 6872 D: <-> \Device\Harddisk0\DR0\Partition2
23:24:54.0480 6872 ============================================================
23:24:54.0480 6872 Initialize success
23:24:54.0480 6872 ============================================================
23:24:56.0164 4836 ============================================================
23:24:56.0164 4836 Scan started
23:24:56.0164 4836 Mode: Manual;
23:24:56.0164 4836 ============================================================
23:24:57.0880 4836 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
23:24:57.0896 4836 1394ohci - ok
23:24:57.0943 4836 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
23:24:57.0958 4836 ACPI - ok
23:24:57.0990 4836 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
23:24:57.0990 4836 AcpiPmi - ok
23:24:58.0286 4836 AcrSch2Svc (4a00e527bb34fca0e458db1089f97b3b) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
23:24:58.0302 4836 AcrSch2Svc - ok
23:24:58.0380 4836 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
23:24:58.0411 4836 adp94xx - ok
23:24:58.0442 4836 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
23:24:58.0458 4836 adpahci - ok
23:24:58.0489 4836 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
23:24:58.0504 4836 adpu320 - ok
23:24:58.0536 4836 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
23:24:58.0536 4836 AeLookupSvc - ok
23:24:58.0629 4836 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
23:24:58.0645 4836 AFD - ok
23:24:58.0676 4836 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
23:24:58.0692 4836 agp440 - ok
23:24:58.0707 4836 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
23:24:58.0707 4836 aic78xx - ok
23:24:58.0738 4836 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
23:24:58.0754 4836 ALG - ok
23:24:58.0770 4836 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
23:24:58.0785 4836 aliide - ok
23:24:58.0832 4836 AMD External Events Utility (ebccbcbf1df132e4775e5d6e6dea3ed0) C:\Windows\system32\atiesrxx.exe
23:24:58.0832 4836 AMD External Events Utility - ok
23:24:58.0879 4836 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
23:24:58.0879 4836 amdagp - ok
23:24:58.0910 4836 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
23:24:58.0926 4836 amdide - ok
23:24:58.0941 4836 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
23:24:58.0941 4836 AmdK8 - ok
23:24:59.0456 4836 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
23:24:59.0752 4836 amdkmdag - ok
23:24:59.0955 4836 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
23:24:59.0971 4836 amdkmdap - ok
23:25:00.0018 4836 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
23:25:00.0018 4836 AmdPPM - ok
23:25:00.0080 4836 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
23:25:00.0080 4836 amdsata - ok
23:25:00.0111 4836 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
23:25:00.0127 4836 amdsbs - ok
23:25:00.0142 4836 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
23:25:00.0158 4836 amdxata - ok
23:25:00.0220 4836 Apache2.2 (f41e453a90ef19217cee1675f5256ee7) c:\xampp\apache\bin\httpd.exe
23:25:00.0236 4836 Apache2.2 - ok
23:25:00.0283 4836 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
23:25:00.0283 4836 AppID - ok
23:25:00.0330 4836 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
23:25:00.0361 4836 AppIDSvc - ok
23:25:00.0376 4836 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
23:25:00.0392 4836 Appinfo - ok
23:25:00.0517 4836 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:25:00.0532 4836 Apple Mobile Device - ok
23:25:00.0564 4836 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
23:25:00.0564 4836 arc - ok
23:25:00.0579 4836 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
23:25:00.0595 4836 arcsas - ok
23:25:00.0720 4836 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:25:00.0782 4836 aspnet_state - ok
23:25:00.0813 4836 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:25:00.0813 4836 AsyncMac - ok
23:25:00.0844 4836 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
23:25:00.0844 4836 atapi - ok
23:25:00.0891 4836 AtcL001 (3d8880a2cf21dcc057c8d9a194c41f10) C:\Windows\system32\DRIVERS\l160x86.sys
23:25:00.0938 4836 AtcL001 - ok
23:25:01.0141 4836 athr (5987aa8b5740a3ced3063c0b875d4a69) C:\Windows\system32\DRIVERS\athr.sys
23:25:01.0219 4836 athr - ok
23:25:02.0202 4836 atikmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\drivers\atikmdag.sys
23:25:02.0248 4836 atikmdag - ok
23:25:02.0451 4836 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
23:25:02.0467 4836 AudioEndpointBuilder - ok
23:25:02.0467 4836 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
23:25:02.0482 4836 Audiosrv - ok
23:25:02.0529 4836 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
23:25:02.0545 4836 AxInstSV - ok
23:25:02.0638 4836 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
23:25:02.0654 4836 b06bdrv - ok
23:25:02.0701 4836 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:25:02.0716 4836 b57nd60x - ok
23:25:02.0779 4836 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
23:25:02.0794 4836 BDESVC - ok
23:25:02.0810 4836 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
23:25:02.0810 4836 Beep - ok
23:25:02.0872 4836 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
23:25:02.0888 4836 BFE - ok
23:25:03.0028 4836 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
23:25:03.0075 4836 BITS - ok
23:25:03.0091 4836 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
23:25:03.0106 4836 blbdrive - ok
23:25:03.0216 4836 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
23:25:03.0247 4836 Bonjour Service - ok
23:25:03.0278 4836 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
23:25:03.0294 4836 bowser - ok
23:25:03.0309 4836 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:25:03.0309 4836 BrFiltLo - ok
23:25:03.0325 4836 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:25:03.0325 4836 BrFiltUp - ok
23:25:03.0356 4836 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
23:25:03.0372 4836 BridgeMP - ok
23:25:03.0403 4836 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
23:25:03.0418 4836 Browser - ok
23:25:03.0450 4836 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:25:03.0465 4836 Brserid - ok
23:25:03.0481 4836 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:25:03.0496 4836 BrSerWdm - ok
23:25:03.0512 4836 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:25:03.0512 4836 BrUsbMdm - ok
23:25:03.0528 4836 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:25:03.0528 4836 BrUsbSer - ok
23:25:03.0574 4836 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
23:25:03.0590 4836 BthEnum - ok
23:25:03.0606 4836 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
23:25:03.0606 4836 BTHMODEM - ok
23:25:03.0652 4836 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
23:25:03.0668 4836 BthPan - ok
23:25:03.0730 4836 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
23:25:03.0746 4836 BTHPORT - ok
23:25:03.0793 4836 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
23:25:03.0808 4836 bthserv - ok
23:25:03.0855 4836 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
23:25:03.0855 4836 BTHUSB - ok
23:25:03.0996 4836 catchme - ok
23:25:04.0027 4836 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:25:04.0027 4836 cdfs - ok
23:25:04.0089 4836 cdrblock (84c33915fa6635aab705bcbfb74cf9c3) C:\Windows\system32\DRIVERS\cdrblock.sys
23:25:04.0120 4836 cdrblock - ok
23:25:04.0167 4836 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
23:25:04.0183 4836 cdrom - ok
23:25:04.0230 4836 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
23:25:04.0245 4836 CertPropSvc - ok
23:25:04.0276 4836 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
23:25:04.0292 4836 circlass - ok
23:25:04.0323 4836 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:25:04.0354 4836 CLFS - ok
23:25:04.0432 4836 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:25:04.0479 4836 clr_optimization_v2.0.50727_32 - ok
23:25:04.0557 4836 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:25:04.0604 4836 clr_optimization_v4.0.30319_32 - ok
23:25:04.0620 4836 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
23:25:04.0635 4836 CmBatt - ok
23:25:04.0651 4836 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
23:25:04.0666 4836 cmdide - ok
23:25:04.0698 4836 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
23:25:04.0744 4836 CNG - ok
23:25:04.0994 4836 CodeMeter.exe (1c15404ea8fc42dab8a7b3765ed53e58) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
23:25:05.0103 4836 CodeMeter.exe - ok
23:25:05.0290 4836 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
23:25:05.0290 4836 Compbatt - ok
23:25:05.0337 4836 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
23:25:05.0337 4836 CompositeBus - ok
23:25:05.0353 4836 COMSysApp - ok
23:25:05.0368 4836 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
23:25:05.0384 4836 crcdisk - ok
23:25:05.0446 4836 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
23:25:05.0462 4836 CryptSvc - ok
23:25:05.0509 4836 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
23:25:05.0540 4836 DcomLaunch - ok
23:25:05.0571 4836 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
23:25:05.0587 4836 defragsvc - ok
23:25:05.0634 4836 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
23:25:05.0634 4836 DfsC - ok
23:25:05.0696 4836 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
23:25:05.0712 4836 Dhcp - ok
23:25:05.0727 4836 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:25:05.0743 4836 discache - ok
23:25:05.0774 4836 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
23:25:05.0805 4836 Disk - ok
23:25:05.0836 4836 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
23:25:05.0852 4836 Dnscache - ok
23:25:05.0899 4836 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
23:25:05.0914 4836 dot3svc - ok
23:25:05.0961 4836 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
23:25:05.0977 4836 DPS - ok
23:25:06.0024 4836 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:25:06.0024 4836 drmkaud - ok
23:25:06.0102 4836 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
23:25:06.0133 4836 DXGKrnl - ok
23:25:06.0180 4836 eamonm (04238864710460c5682e260207d06192) C:\Windows\system32\DRIVERS\eamonm.sys
23:25:06.0211 4836 eamonm - ok
23:25:06.0258 4836 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
23:25:06.0273 4836 EapHost - ok
23:25:06.0710 4836 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
23:25:06.0835 4836 ebdrv - ok
23:25:07.0100 4836 Echo3G (fd56134285d611907e7c84a2174f6576) C:\Windows\system32\drivers\echo3g.sys
23:25:07.0116 4836 Echo3G - ok
23:25:07.0162 4836 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
23:25:07.0162 4836 EFS - ok
23:25:07.0209 4836 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\Windows\system32\DRIVERS\ehdrv.sys
23:25:07.0225 4836 ehdrv - ok
23:25:07.0318 4836 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
23:25:07.0350 4836 ehRecvr - ok
23:25:07.0381 4836 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
23:25:07.0381 4836 ehSched - ok
23:25:07.0521 4836 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
23:25:07.0521 4836 ekrn - ok
23:25:07.0708 4836 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
23:25:07.0755 4836 elxstor - ok
23:25:07.0771 4836 epfwwfpr (f39c91795ebdb9ecbeb5a388ff2841fe) C:\Windows\system32\DRIVERS\epfwwfpr.sys
23:25:07.0786 4836 epfwwfpr - ok
23:25:07.0818 4836 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
23:25:07.0818 4836 ErrDev - ok
23:25:07.0896 4836 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
23:25:07.0911 4836 EventSystem - ok
23:25:07.0927 4836 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:25:07.0942 4836 exfat - ok
23:25:07.0974 4836 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:25:07.0989 4836 fastfat - ok
23:25:08.0067 4836 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
23:25:08.0083 4836 Fax - ok
23:25:08.0098 4836 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
23:25:08.0114 4836 fdc - ok
23:25:08.0130 4836 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
23:25:08.0130 4836 fdPHost - ok
23:25:08.0130 4836 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
23:25:08.0145 4836 FDResPub - ok
23:25:08.0161 4836 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:25:08.0161 4836 FileInfo - ok
23:25:08.0176 4836 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:25:08.0176 4836 Filetrace - ok
23:25:08.0332 4836 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:25:08.0379 4836 FLEXnet Licensing Service - ok
23:25:08.0410 4836 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
23:25:08.0426 4836 flpydisk - ok
23:25:08.0457 4836 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:25:08.0473 4836 FltMgr - ok
23:25:08.0551 4836 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
23:25:08.0582 4836 FontCache - ok
23:25:08.0676 4836 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:25:08.0707 4836 FontCache3.0.0.0 - ok
23:25:08.0722 4836 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:25:08.0722 4836 FsDepends - ok
23:25:08.0754 4836 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
23:25:08.0754 4836 Fs_Rec - ok
23:25:08.0800 4836 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
23:25:08.0816 4836 fvevol - ok
23:25:08.0847 4836 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:25:08.0863 4836 gagp30kx - ok
23:25:08.0878 4836 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:25:08.0894 4836 GEARAspiWDM - ok
23:25:09.0003 4836 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
23:25:09.0034 4836 gpsvc - ok
23:25:09.0175 4836 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
23:25:09.0190 4836 gupdate - ok
23:25:09.0206 4836 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
23:25:09.0206 4836 gupdatem - ok
23:25:09.0237 4836 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:25:09.0253 4836 gusvc - ok
23:25:09.0378 4836 HCW85BDA (89364cc2a694364f4aa148b7cb802d57) C:\Windows\system32\drivers\HCW85BDA.sys
23:25:09.0440 4836 HCW85BDA - ok
23:25:09.0627 4836 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:25:09.0643 4836 hcw85cir - ok
23:25:09.0705 4836 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
23:25:09.0736 4836 HdAudAddService - ok
23:25:09.0783 4836 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
23:25:09.0783 4836 HDAudBus - ok
23:25:09.0799 4836 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
23:25:09.0814 4836 HidBatt - ok
23:25:09.0830 4836 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
23:25:09.0846 4836 HidBth - ok
23:25:09.0877 4836 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
23:25:09.0892 4836 HidIr - ok
23:25:09.0924 4836 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
23:25:09.0924 4836 hidserv - ok
23:25:09.0955 4836 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
23:25:09.0955 4836 HidUsb - ok
23:25:10.0002 4836 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
23:25:10.0002 4836 hkmsvc - ok
23:25:10.0033 4836 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
23:25:10.0048 4836 HomeGroupListener - ok
23:25:10.0080 4836 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
23:25:10.0095 4836 HomeGroupProvider - ok
23:25:10.0126 4836 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
23:25:10.0142 4836 HpSAMD - ok
23:25:10.0220 4836 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
23:25:10.0251 4836 HTTP - ok
23:25:10.0298 4836 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
23:25:10.0298 4836 hwpolicy - ok
23:25:10.0329 4836 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
23:25:10.0345 4836 i8042prt - ok
23:25:10.0376 4836 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
23:25:10.0423 4836 iaStorV - ok
23:25:10.0516 4836 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:25:10.0532 4836 IDriverT - ok
23:25:10.0657 4836 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:25:10.0688 4836 idsvc - ok
23:25:10.0844 4836 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
23:25:10.0860 4836 iirsp - ok
23:25:10.0953 4836 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
23:25:11.0016 4836 IKEEXT - ok
23:25:11.0094 4836 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
23:25:11.0109 4836 intelide - ok
23:25:11.0140 4836 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
23:25:11.0140 4836 intelppm - ok
23:25:11.0187 4836 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
23:25:11.0187 4836 IPBusEnum - ok
23:25:11.0203 4836 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:25:11.0234 4836 IpFilterDriver - ok
23:25:11.0281 4836 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
23:25:11.0312 4836 iphlpsvc - ok
23:25:11.0359 4836 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
23:25:11.0359 4836 IPMIDRV - ok
23:25:11.0390 4836 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:25:11.0406 4836 IPNAT - ok
23:25:11.0530 4836 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
23:25:11.0562 4836 iPod Service - ok
23:25:11.0593 4836 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:25:11.0608 4836 IRENUM - ok
23:25:11.0624 4836 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
23:25:11.0624 4836 isapnp - ok
23:25:11.0655 4836 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
23:25:11.0671 4836 iScsiPrt - ok
23:25:11.0796 4836 jswpsapi (cd9f4e53da79ed4cd7562604fe9523a6) C:\Program Files\D-Link\DWA-552 revA\jswpsapi.exe
23:25:11.0858 4836 jswpsapi - ok
23:25:12.0030 4836 jswpslwf (55c9b4252b751226b838eed2bc50bb64) C:\Windows\system32\DRIVERS\jswpslwf.sys
23:25:12.0030 4836 jswpslwf - ok
23:25:12.0076 4836 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:25:12.0092 4836 kbdclass - ok
23:25:12.0139 4836 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
23:25:12.0139 4836 kbdhid - ok
23:25:12.0170 4836 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:25:12.0170 4836 KeyIso - ok
23:25:12.0373 4836 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
23:25:12.0388 4836 KSecDD - ok
23:25:12.0404 4836 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
23:25:12.0420 4836 KSecPkg - ok
23:25:12.0482 4836 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
23:25:12.0498 4836 KtmRm - ok
23:25:12.0560 4836 kx1avs (eb3c76b3807d5c085addffe86502508d) C:\Windows\system32\Drivers\kx1avs.sys
23:25:12.0576 4836 kx1avs - ok
23:25:12.0622 4836 kx1usb_svc (1ba806859401eefed5f9334cba313f0d) C:\Windows\system32\Drivers\kx1usb.sys
23:25:12.0622 4836 kx1usb_svc - ok
23:25:12.0669 4836 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
23:25:12.0685 4836 LanmanServer - ok
23:25:12.0716 4836 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
23:25:12.0732 4836 LanmanWorkstation - ok
23:25:12.0872 4836 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
23:25:12.0888 4836 LBTServ - ok
23:25:12.0919 4836 LEqdUsb (717e6714bca808f2a372e636aff3d15a) C:\Windows\system32\Drivers\LEqdUsb.Sys
23:25:12.0934 4836 LEqdUsb - ok
23:25:13.0012 4836 LHidEqd (2786f7b4003adff88ce28bc1800b5407) C:\Windows\system32\Drivers\LHidEqd.Sys
23:25:13.0028 4836 LHidEqd - ok
23:25:13.0075 4836 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys
23:25:13.0090 4836 LHidFilt - ok
23:25:13.0137 4836 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:25:13.0153 4836 lltdio - ok
23:25:13.0200 4836 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
23:25:13.0215 4836 lltdsvc - ok
23:25:13.0246 4836 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
23:25:13.0246 4836 lmhosts - ok
23:25:13.0262 4836 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys
23:25:13.0293 4836 LMouFilt - ok
23:25:13.0324 4836 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:25:13.0340 4836 LSI_FC - ok
23:25:13.0356 4836 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:25:13.0371 4836 LSI_SAS - ok
23:25:13.0402 4836 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:25:13.0402 4836 LSI_SAS2 - ok
23:25:13.0434 4836 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:25:13.0449 4836 LSI_SCSI - ok
23:25:13.0449 4836 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
23:25:13.0465 4836 luafv - ok
23:25:13.0496 4836 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
23:25:13.0512 4836 Mcx2Svc - ok
23:25:13.0527 4836 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
23:25:13.0527 4836 megasas - ok
23:25:13.0558 4836 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
23:25:13.0574 4836 MegaSR - ok
23:25:13.0605 4836 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:25:13.0605 4836 MMCSS - ok
23:25:13.0621 4836 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:25:13.0636 4836 Modem - ok
23:25:13.0652 4836 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:25:13.0652 4836 monitor - ok
23:25:13.0699 4836 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
23:25:13.0714 4836 mouclass - ok
23:25:13.0746 4836 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:25:13.0746 4836 mouhid - ok
23:25:13.0792 4836 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
23:25:13.0792 4836 mountmgr - ok
23:25:13.0886 4836 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:25:13.0917 4836 MozillaMaintenance - ok
23:25:13.0948 4836 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
23:25:13.0964 4836 mpio - ok
23:25:13.0980 4836 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:25:13.0995 4836 mpsdrv - ok
23:25:14.0073 4836 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
23:25:14.0104 4836 MpsSvc - ok
23:25:14.0151 4836 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
23:25:14.0167 4836 MRxDAV - ok
23:25:14.0214 4836 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:25:14.0229 4836 mrxsmb - ok
23:25:14.0245 4836 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:25:14.0260 4836 mrxsmb10 - ok
23:25:14.0276 4836 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:25:14.0292 4836 mrxsmb20 - ok
23:25:14.0307 4836 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
23:25:14.0323 4836 msahci - ok
23:25:14.0338 4836 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
23:25:14.0370 4836 msdsm - ok
23:25:14.0416 4836 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
23:25:14.0432 4836 MSDTC - ok
23:25:14.0463 4836 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:25:14.0479 4836 Msfs - ok
23:25:14.0494 4836 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:25:14.0494 4836 mshidkmdf - ok
23:25:14.0510 4836 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
23:25:14.0526 4836 msisadrv - ok
23:25:14.0557 4836 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
23:25:14.0572 4836 MSiSCSI - ok
23:25:14.0588 4836 msiserver - ok
23:25:14.0619 4836 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:25:14.0619 4836 MSKSSRV - ok
23:25:14.0635 4836 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:25:14.0635 4836 MSPCLOCK - ok
23:25:14.0650 4836 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:25:14.0650 4836 MSPQM - ok
23:25:14.0666 4836 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:25:14.0682 4836 MsRPC - ok
23:25:14.0728 4836 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
23:25:14.0728 4836 mssmbios - ok
23:25:14.0728 4836 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:25:14.0728 4836 MSTEE - ok
23:25:14.0744 4836 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
23:25:14.0744 4836 MTConfig - ok
23:25:14.0806 4836 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
23:25:14.0806 4836 MTsensor - ok
23:25:14.0806 4836 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:25:14.0822 4836 Mup - ok
23:25:14.0869 4836 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
23:25:14.0884 4836 napagent - ok
23:25:14.0947 4836 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:25:14.0978 4836 NativeWifiP - ok
23:25:15.0040 4836 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
23:25:15.0072 4836 NDIS - ok
23:25:15.0087 4836 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
23:25:15.0087 4836 NdisCap - ok
23:25:15.0118 4836 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:25:15.0118 4836 NdisTapi - ok
23:25:15.0165 4836 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
23:25:15.0165 4836 Ndisuio - ok
23:25:15.0212 4836 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
23:25:15.0228 4836 NdisWan - ok
23:25:15.0259 4836 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
23:25:15.0274 4836 NDProxy - ok
23:25:15.0306 4836 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:25:15.0321 4836 NetBIOS - ok
23:25:15.0352 4836 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
23:25:15.0368 4836 NetBT - ok
23:25:15.0446 4836 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:25:15.0462 4836 Netlogon - ok
23:25:15.0696 4836 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
23:25:15.0711 4836 Netman - ok
23:25:15.0820 4836 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:25:15.0867 4836 NetMsmqActivator - ok
23:25:15.0867 4836 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:25:15.0867 4836 NetPipeActivator - ok
23:25:15.0914 4836 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
23:25:15.0930 4836 netprofm - ok
23:25:15.0930 4836 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:25:15.0930 4836 NetTcpActivator - ok
23:25:15.0930 4836 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:25:15.0930 4836 NetTcpPortSharing - ok
23:25:15.0945 4836 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
23:25:15.0976 4836 nfrd960 - ok
23:25:16.0320 4836 NIHardwareService (873efdad84e52facc986aca66b3f18b3) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
23:25:16.0476 4836 NIHardwareService - ok
23:25:16.0663 4836 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
23:25:16.0678 4836 NlaSvc - ok
23:25:16.0741 4836 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:25:16.0741 4836 Npfs - ok
23:25:16.0772 4836 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
23:25:16.0788 4836 nsi - ok
23:25:16.0803 4836 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:25:16.0803 4836 nsiproxy - ok
23:25:16.0912 4836 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
23:25:17.0022 4836 Ntfs - ok
23:25:17.0131 4836 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:25:17.0131 4836 Null - ok
23:25:17.0178 4836 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
23:25:17.0193 4836 nvraid - ok
23:25:17.0240 4836 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
23:25:17.0256 4836 nvstor - ok
23:25:17.0271 4836 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
23:25:17.0287 4836 nv_agp - ok
23:25:17.0302 4836 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
23:25:17.0318 4836 ohci1394 - ok
23:25:17.0458 4836 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:25:17.0474 4836 ose - ok
23:25:17.0817 4836 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:25:18.0004 4836 osppsvc - ok
23:25:18.0192 4836 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:25:18.0207 4836 p2pimsvc - ok
23:25:18.0238 4836 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
23:25:18.0254 4836 p2psvc - ok
23:25:18.0316 4836 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
23:25:18.0332 4836 Parport - ok
23:25:18.0348 4836 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
23:25:18.0379 4836 partmgr - ok
23:25:18.0379 4836 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
23:25:18.0394 4836 Parvdm - ok
23:25:18.0426 4836 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
23:25:18.0441 4836 PcaSvc - ok
23:25:18.0472 4836 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
23:25:18.0488 4836 pci - ok
23:25:18.0504 4836 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
23:25:18.0519 4836 pciide - ok
23:25:18.0550 4836 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
23:25:18.0566 4836 pcmcia - ok
23:25:18.0613 4836 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
23:25:18.0628 4836 pcouffin - ok
23:25:18.0644 4836 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:25:18.0644 4836 pcw - ok
23:25:18.0706 4836 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:25:18.0738 4836 PEAUTH - ok
23:25:18.0878 4836 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
23:25:18.0940 4836 pla - ok
23:25:19.0128 4836 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
23:25:19.0143 4836 PlugPlay - ok
23:25:19.0190 4836 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
23:25:19.0206 4836 PNRPAutoReg - ok
23:25:19.0221 4836 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:25:19.0221 4836 PNRPsvc - ok
23:25:19.0252 4836 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
23:25:19.0268 4836 PolicyAgent - ok
23:25:19.0315 4836 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
23:25:19.0330 4836 Power - ok
23:25:19.0377 4836 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:25:19.0393 4836 PptpMiniport - ok
23:25:19.0408 4836 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
23:25:19.0408 4836 Processor - ok
23:25:19.0455 4836 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
23:25:19.0471 4836 ProfSvc - ok
23:25:19.0502 4836 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:25:19.0502 4836 ProtectedStorage - ok
23:25:19.0549 4836 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:25:19.0564 4836 Psched - ok
23:25:19.0658 4836 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
23:25:19.0720 4836 ql2300 - ok
23:25:19.0876 4836 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
23:25:19.0892 4836 ql40xx - ok
23:25:19.0939 4836 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
23:25:19.0970 4836 QWAVE - ok
23:25:19.0970 4836 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:25:19.0986 4836 QWAVEdrv - ok
23:25:20.0001 4836 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:25:20.0001 4836 RasAcd - ok
23:25:20.0048 4836 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:25:20.0079 4836 RasAgileVpn - ok
23:25:20.0079 4836 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
23:25:20.0095 4836 RasAuto - ok
23:25:20.0126 4836 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:25:20.0142 4836 Rasl2tp - ok
23:25:20.0204 4836 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
23:25:20.0220 4836 RasMan - ok
23:25:20.0235 4836 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:25:20.0251 4836 RasPppoe - ok
23:25:20.0266 4836 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:25:20.0282 4836 RasSstp - ok
23:25:20.0313 4836 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
23:25:20.0344 4836 rdbss - ok
23:25:20.0360 4836 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
23:25:20.0376 4836 rdpbus - ok
23:25:20.0407 4836 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:25:20.0407 4836 RDPCDD - ok
23:25:20.0438 4836 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:25:20.0438 4836 RDPENCDD - ok
23:25:20.0438 4836 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:25:20.0438 4836 RDPREFMP - ok
23:25:20.0485 4836 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
23:25:20.0500 4836 RDPWD - ok
23:25:20.0547 4836 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
23:25:20.0563 4836 rdyboost - ok
23:25:20.0610 4836 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
23:25:20.0625 4836 RemoteAccess - ok
23:25:20.0656 4836 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
23:25:20.0672 4836 RemoteRegistry - ok
23:25:20.0719 4836 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
23:25:20.0734 4836 RFCOMM - ok
23:25:20.0797 4836 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
23:25:20.0797 4836 RimUsb - ok
23:25:20.0844 4836 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
23:25:20.0859 4836 RimVSerPort - ok
23:25:20.0890 4836 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
23:25:20.0890 4836 ROOTMODEM - ok
23:25:20.0922 4836 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
23:25:21.0000 4836 RpcEptMapper - ok
23:25:21.0046 4836 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
23:25:21.0046 4836 RpcLocator - ok
23:25:21.0093 4836 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\System32\rpcss.dll
23:25:21.0109 4836 RpcSs - ok
23:25:21.0109 4836 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:25:21.0124 4836 rspndr - ok
23:25:21.0140 4836 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:25:21.0140 4836 SamSs - ok
23:25:21.0218 4836 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
23:25:21.0218 4836 sbp2port - ok
23:25:21.0234 4836 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
23:25:21.0249 4836 SCardSvr - ok
23:25:21.0296 4836 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
23:25:21.0296 4836 scfilter - ok
23:25:21.0390 4836 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
23:25:21.0421 4836 Schedule - ok
23:25:21.0468 4836 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
23:25:21.0468 4836 SCPolicySvc - ok
23:25:21.0514 4836 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
23:25:21.0530 4836 SDRSVC - ok
23:25:21.0561 4836 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:25:21.0561 4836 secdrv - ok
23:25:21.0592 4836 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
23:25:21.0592 4836 seclogon - ok
23:25:21.0624 4836 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
23:25:21.0624 4836 SENS - ok
23:25:21.0670 4836 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
23:25:21.0686 4836 SensrSvc - ok
23:25:21.0702 4836 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
23:25:21.0717 4836 Serenum - ok
23:25:21.0733 4836 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
23:25:21.0733 4836 Serial - ok
23:25:21.0764 4836 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
23:25:21.0764 4836 sermouse - ok
23:25:21.0811 4836 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
23:25:21.0826 4836 SessionEnv - ok
23:25:21.0873 4836 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
23:25:21.0889 4836 sffdisk - ok
23:25:21.0889 4836 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
23:25:21.0904 4836 sffp_mmc - ok
23:25:21.0920 4836 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
23:25:21.0920 4836 sffp_sd - ok
23:25:21.0936 4836 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
23:25:21.0936 4836 sfloppy - ok
23:25:21.0998 4836 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
23:25:22.0014 4836 SharedAccess - ok
23:25:22.0060 4836 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
23:25:22.0092 4836 ShellHWDetection - ok
23:25:22.0107 4836 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
23:25:22.0107 4836 sisagp - ok
23:25:22.0138 4836 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:25:22.0154 4836 SiSRaid2 - ok
23:25:22.0170 4836 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
23:25:22.0185 4836 SiSRaid4 - ok
23:25:22.0263 4836 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
23:25:22.0279 4836 SkypeUpdate - ok
23:25:22.0326 4836 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:25:22.0341 4836 Smb - ok
23:25:22.0404 4836 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\Windows\system32\DRIVERS\snapman.sys
23:25:22.0419 4836 snapman - ok
23:25:22.0450 4836 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
23:25:22.0450 4836 SNMPTRAP - ok
23:25:22.0466 4836 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:25:22.0466 4836 spldr - ok
23:25:22.0528 4836 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
23:25:22.0544 4836 Spooler - ok
23:25:22.0778 4836 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
23:25:22.0903 4836 sppsvc - ok
23:25:23.0121 4836 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
23:25:23.0137 4836 sppuinotify - ok
23:25:23.0184 4836 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
23:25:23.0215 4836 srv - ok
23:25:23.0246 4836 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
23:25:23.0262 4836 srv2 - ok
23:25:23.0277 4836 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
23:25:23.0293 4836 srvnet - ok
23:25:23.0340 4836 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
23:25:23.0355 4836 SSDPSRV - ok
23:25:23.0371 4836 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
23:25:23.0386 4836 SstpSvc - ok
23:25:23.0418 4836 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
23:25:23.0433 4836 stexstor - ok
23:25:23.0511 4836 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
23:25:23.0542 4836 StiSvc - ok
23:25:23.0620 4836 Subsonic (2ae06c18d28d161c1696741d2c2efff8) C:\Subsonic\subsonic-service.exe
23:25:23.0636 4836 Subsonic - ok
23:25:23.0667 4836 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
23:25:23.0698 4836 swenum - ok
23:25:23.0854 4836 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:25:23.0886 4836 SwitchBoard - ok
23:25:23.0917 4836 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
23:25:23.0932 4836 swprv - ok
23:25:24.0042 4836 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
23:25:24.0088 4836 SysMain - ok
23:25:24.0135 4836 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
23:25:24.0151 4836 TabletInputService - ok
23:25:24.0198 4836 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
23:25:24.0213 4836 TapiSrv - ok
23:25:24.0244 4836 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
23:25:24.0244 4836 TBS - ok
23:25:24.0400 4836 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
23:25:24.0463 4836 Tcpip - ok
23:25:24.0681 4836 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
23:25:24.0681 4836 TCPIP6 - ok
23:25:24.0806 4836 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
23:25:24.0822 4836 tcpipreg - ok
23:25:24.0837 4836 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
23:25:24.0853 4836 TDPIPE - ok
23:25:24.0915 4836 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\Windows\system32\DRIVERS\tdrpman.sys
23:25:24.0946 4836 tdrpman - ok
23:25:24.0962 4836 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
23:25:24.0978 4836 TDTCP - ok
23:25:25.0024 4836 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
23:25:25.0024 4836 tdx - ok
23:25:25.0071 4836 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
23:25:25.0087 4836 TermDD - ok
23:25:25.0149 4836 TermService (b0a5a2cd481563430d09b497605497b6) C:\Windows\System32\termsrv.dll
23:25:25.0180 4836 TermService - ok
23:25:25.0212 4836 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
23:25:25.0227 4836 Themes - ok
23:25:25.0258 4836 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:25:25.0258 4836 THREADORDER - ok
23:25:25.0290 4836 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
23:25:25.0305 4836 tifsfilter - ok
23:25:25.0336 4836 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
23:25:25.0352 4836 timounter - ok
23:25:25.0383 4836 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
23:25:25.0414 4836 TrkWks - ok
23:25:25.0477 4836 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
23:25:25.0492 4836 TrustedInstaller - ok
23:25:25.0633 4836 TryAndDecideService (bc236bbb0b16049392e020e53f17d04c) C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
23:25:25.0664 4836 TryAndDecideService - ok
23:25:25.0836 4836 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:25:25.0851 4836 tssecsrv - ok
23:25:25.0882 4836 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
23:25:25.0898 4836 TsUsbFlt - ok
23:25:25.0945 4836 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
23:25:25.0960 4836 tunnel - ok
23:25:26.0007 4836 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
23:25:26.0007 4836 uagp35 - ok
23:25:26.0054 4836 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
23:25:26.0085 4836 udfs - ok
23:25:26.0116 4836 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
23:25:26.0132 4836 UI0Detect - ok
23:25:26.0179 4836 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
23:25:26.0179 4836 uliagpkx - ok
23:25:26.0210 4836 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
23:25:26.0241 4836 umbus - ok
23:25:26.0257 4836 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
23:25:26.0257 4836 UmPass - ok
23:25:26.0288 4836 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
23:25:26.0304 4836 upnphost - ok
23:25:26.0350 4836 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
23:25:26.0366 4836 USBAAPL - ok
23:25:26.0413 4836 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
23:25:26.0428 4836 usbaudio - ok
23:25:26.0444 4836 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
23:25:26.0460 4836 usbccgp - ok
23:25:26.0475 4836 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
23:25:26.0491 4836 usbcir - ok
23:25:26.0506 4836 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
23:25:26.0522 4836 usbehci - ok
23:25:26.0553 4836 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
23:25:26.0569 4836 usbhub - ok
23:25:26.0584 4836 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
23:25:26.0600 4836 usbohci - ok
23:25:26.0631 4836 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
23:25:26.0662 4836 usbprint - ok
23:25:26.0694 4836 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
23:25:26.0709 4836 usbscan - ok
23:25:26.0709 4836 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:25:26.0725 4836 USBSTOR - ok
23:25:26.0740 4836 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
23:25:26.0756 4836 usbuhci - ok
23:25:26.0803 4836 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
23:25:26.0803 4836 usb_rndisx - ok
23:25:26.0850 4836 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
23:25:26.0850 4836 UxSms - ok
23:25:26.0881 4836 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:25:26.0881 4836 VaultSvc - ok
23:25:26.0896 4836 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
23:25:26.0928 4836 vdrvroot - ok
23:25:26.0990 4836 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
23:25:27.0021 4836 vds - ok
23:25:27.0021 4836 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:25:27.0037 4836 vga - ok
23:25:27.0068 4836 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:25:27.0068 4836 VgaSave - ok
23:25:27.0115 4836 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
23:25:27.0130 4836 vhdmp - ok
23:25:27.0162 4836 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
23:25:27.0162 4836 viaagp - ok
23:25:27.0177 4836 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
23:25:27.0193 4836 ViaC7 - ok
23:25:27.0208 4836 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
23:25:27.0208 4836 viaide - ok
23:25:27.0224 4836 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
23:25:27.0240 4836 volmgr - ok
23:25:27.0286 4836 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:25:27.0302 4836 volmgrx - ok
23:25:27.0333 4836 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
23:25:27.0349 4836 volsnap - ok
23:25:27.0474 4836 vpnagent (d6653180d162cb3144fdbc8a651cebb1) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
23:25:27.0505 4836 vpnagent - ok
23:25:27.0536 4836 vpnva (fc94804932cfc35f01b3ae510e3b4d5c) C:\Windows\system32\DRIVERS\vpnva.sys
23:25:27.0567 4836 vpnva - ok
23:25:27.0598 4836 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
23:25:27.0614 4836 vsmraid - ok
23:25:27.0692 4836 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
23:25:27.0754 4836 VSS - ok
23:25:27.0770 4836 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
23:25:27.0770 4836 vwifibus - ok
23:25:27.0786 4836 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
23:25:27.0786 4836 vwififlt - ok
23:25:27.0832 4836 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
23:25:27.0848 4836 W32Time - ok
23:25:27.0895 4836 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
23:25:27.0895 4836 WacomPen - ok
23:25:27.0957 4836 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:25:27.0957 4836 WANARP - ok
23:25:27.0957 4836 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:25:27.0957 4836 Wanarpv6 - ok
23:25:28.0082 4836 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
23:25:28.0160 4836 WatAdminSvc - ok
23:25:28.0378 4836 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
23:25:28.0441 4836 wbengine - ok
23:25:28.0503 4836 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
23:25:28.0519 4836 WbioSrvc - ok
23:25:28.0566 4836 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
23:25:28.0581 4836 wcncsvc - ok
23:25:28.0612 4836 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
23:25:28.0612 4836 WcsPlugInService - ok
23:25:28.0659 4836 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
23:25:28.0659 4836 Wd - ok
23:25:28.0706 4836 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:25:28.0737 4836 Wdf01000 - ok
23:25:28.0753 4836 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:25:28.0753 4836 WdiServiceHost - ok
23:25:28.0768 4836 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:25:28.0768 4836 WdiSystemHost - ok
23:25:28.0815 4836 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
23:25:28.0831 4836 WebClient - ok
23:25:28.0846 4836 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
23:25:28.0862 4836 Wecsvc - ok
23:25:28.0878 4836 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
23:25:28.0893 4836 wercplsupport - ok
23:25:28.0924 4836 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
23:25:28.0940 4836 WerSvc - ok
23:25:28.0956 4836 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
23:25:28.0971 4836 WfpLwf - ok
23:25:28.0987 4836 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
23:25:28.0987 4836 WIMMount - ok
23:25:29.0112 4836 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
23:25:29.0158 4836 WinDefend - ok
23:25:29.0158 4836 WinHttpAutoProxySvc - ok
23:25:29.0205 4836 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
23:25:29.0221 4836 Winmgmt - ok
23:25:29.0314 4836 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
23:25:29.0377 4836 WinRM - ok
23:25:29.0455 4836 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
23:25:29.0455 4836 WinUsb - ok
23:25:29.0533 4836 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
23:25:29.0580 4836 Wlansvc - ok
23:25:29.0689 4836 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:25:29.0689 4836 wlcrasvc - ok
23:25:29.0829 4836 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:25:29.0907 4836 wlidsvc - ok
23:25:30.0079 4836 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
23:25:30.0079 4836 WmiAcpi - ok
23:25:30.0141 4836 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
23:25:30.0157 4836 wmiApSrv - ok
23:25:30.0297 4836 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:25:30.0344 4836 WMPNetworkSvc - ok
23:25:30.0438 4836 WMZuneComm (017695393afffed8de58abd1b085be6d) C:\Program Files\Zune\WMZuneComm.exe
23:25:30.0453 4836 WMZuneComm - ok
23:25:30.0578 4836 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
23:25:30.0594 4836 WPCSvc - ok
23:25:30.0625 4836 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
23:25:30.0641 4836 WPDBusEnum - ok
23:25:30.0687 4836 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
23:25:30.0703 4836 ws2ifsl - ok
23:25:30.0703 4836 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
23:25:30.0719 4836 wscsvc - ok
23:25:30.0765 4836 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
23:25:30.0765 4836 WSDPrintDevice - ok
23:25:30.0765 4836 WSearch - ok
23:25:30.0937 4836 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
23:25:31.0046 4836 wuauserv - ok
23:25:31.0202 4836 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
23:25:31.0233 4836 WudfPf - ok
23:25:31.0249 4836 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:25:31.0265 4836 WUDFRd - ok
23:25:31.0311 4836 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
23:25:31.0327 4836 wudfsvc - ok
23:25:31.0374 4836 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
23:25:31.0374 4836 WwanSvc - ok
23:25:31.0452 4836 XAMPP (16a004d355467e44d217dc4df62ec1e4) c:\xampp\service.exe
23:25:31.0452 4836 XAMPP - ok
23:25:31.0967 4836 ZuneNetworkSvc (1076df9ade4e13ea3bf39d2165aeb903) C:\Program Files\Zune\ZuneNss.exe
23:25:32.0216 4836 ZuneNetworkSvc - ok
23:25:32.0341 4836 ZuneWlanCfgSvc (de1cdb333a402b279f04d627122fa08e) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
23:25:32.0372 4836 ZuneWlanCfgSvc - ok
23:25:32.0403 4836 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:25:32.0559 4836 \Device\Harddisk0\DR0 - ok
23:25:32.0559 4836 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
23:25:32.0575 4836 \Device\Harddisk1\DR1 - ok
23:25:32.0575 4836 Boot (0x1200) (b56aee139cfbfc990206aeafd2ac38c4) \Device\Harddisk0\DR0\Partition0
23:25:32.0575 4836 \Device\Harddisk0\DR0\Partition0 - ok
23:25:32.0591 4836 Boot (0x1200) (5fc5ef37bcfbbe3f25d3f65ff98ef488) \Device\Harddisk0\DR0\Partition1
23:25:32.0591 4836 \Device\Harddisk0\DR0\Partition1 - ok
23:25:32.0606 4836 Boot (0x1200) (5bdd012f62173096266ec8b5a284819f) \Device\Harddisk0\DR0\Partition2
23:25:32.0606 4836 \Device\Harddisk0\DR0\Partition2 - ok
23:25:32.0622 4836 Boot (0x1200) (7685574996dccb51bfd4afd3e4257f54) \Device\Harddisk1\DR1\Partition0
23:25:32.0622 4836 \Device\Harddisk1\DR1\Partition0 - ok
23:25:32.0622 4836 ============================================================
23:25:32.0622 4836 Scan finished
23:25:32.0622 4836 ============================================================
23:25:32.0622 7808 Detected object count: 0
23:25:32.0622 7808 Actual detected object count: 0


aswMBR log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-05 23:27:26
-----------------------------
23:27:26.239 OS Version: Windows 6.1.7601 Service Pack 1
23:27:26.239 Number of processors: 4 586 0xF07
23:27:26.239 ComputerName: SLUGGO-PC UserName: sluggo
23:27:37.892 Initialize success
23:29:10.205 AVAST engine defs: 12070501
23:29:22.779 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
23:29:22.779 Disk 0 Vendor: Maxtor_6B300R0 BAH41B70 Size: 286188MB BusType: 3
23:29:22.795 Disk 0 MBR read successfully
23:29:22.795 Disk 0 MBR scan
23:29:22.795 Disk 0 Windows 7 default MBR code
23:29:22.810 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:29:22.810 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 281962 MB offset 206848
23:29:22.826 Disk 0 Partition - 00 05 Extended 4118 MB offset 577665270
23:29:22.841 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 4118 MB offset 577665333
23:29:22.857 Disk 0 scanning sectors +586099395
23:29:22.997 Disk 0 scanning C:\Windows\system32\drivers
23:29:42.622 Service scanning
23:30:22.121 Modules scanning
23:30:29.313 Disk 0 trace - called modules:
23:30:29.344 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
23:30:29.344 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865eb030]
23:30:29.344 3 CLASSPNP.SYS[8c31159e] -> nt!IofCallDriver -> [0x8649d340]
23:30:29.360 5 ACPI.sys[8baa73d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x8648f540]
23:30:30.670 AVAST engine scan C:\Windows
23:30:36.380 AVAST engine scan C:\Windows\system32
23:34:40.303 AVAST engine scan C:\Windows\system32\drivers
23:34:58.883 AVAST engine scan C:\Users\sluggo
00:16:14.425 AVAST engine scan C:\ProgramData
00:19:39.475 Scan finished successfully
00:19:52.538 Disk 0 MBR has been saved successfully to "C:\Users\sluggo\Desktop\MBR.dat"
00:19:52.601 The log file has been saved successfully to "C:\Users\sluggo\Desktop\aswMBR.txt"


thanks

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:48 PM

Posted 06 July 2012 - 06:12 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 shmish

shmish
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 08 July 2012 - 01:55 PM

My PC seems to be running fine, as far as I can tell.
Thanks.

ComboFix 12-07-08.01 - sluggo 07/08/2012 10:58:26.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.2006 [GMT -7:00]
Running from: c:\users\sluggo\Desktop\ComboFix.exe
Command switches used :: c:\users\sluggo\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\sluggo\AppData\Local\assembly\tmp
c:\users\sluggo\AppData\Roaming\inst.exe
c:\users\sluggo\EULA.txt
c:\users\sluggo\Uninstall.exe
c:\windows\system32\cseDVH.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))
.
.
2012-07-08 18:12 . 2012-07-08 18:13 -------- d-----w- c:\users\sluggo\AppData\Local\temp
2012-07-08 18:12 . 2012-07-08 18:12 -------- d-----w- c:\users\emma\AppData\Local\temp
2012-07-08 18:12 . 2012-07-08 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-08 18:00 . 2012-07-08 18:00 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3EBB95C0-8C58-4C14-859D-D70D043AE171}\offreg.dll
2012-07-06 09:59 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3EBB95C0-8C58-4C14-859D-D70D043AE171}\mpengine.dll
2012-07-02 14:35 . 2012-07-02 14:35 -------- d-----w- c:\program files\DeLorme
2012-06-24 20:05 . 2012-06-24 20:05 -------- d-----w- c:\programdata\GARMIN
2012-06-24 19:54 . 2012-06-24 20:05 -------- d-----w- C:\Garmin
2012-06-24 19:53 . 2003-11-11 01:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-06-24 19:53 . 2003-11-11 01:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-06-24 19:53 . 2003-11-11 01:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-06-24 19:53 . 2003-11-11 01:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-06-24 19:53 . 2003-11-11 01:10 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-06-24 19:53 . 2003-11-11 01:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-06-24 19:53 . 2012-06-24 19:53 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-06-24 19:53 . 2012-06-24 19:53 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-06-24 13:12 . 2012-06-24 13:12 -------- d-----w- C:\SkyDriveTemp
2012-06-23 19:13 . 2012-06-23 19:12 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-23 19:11 . 2012-06-23 19:11 -------- d-----w- c:\programdata\McAfee
2012-06-20 23:39 . 2012-06-20 23:39 -------- d-----w- c:\users\emma\AppData\Local\Macromedia
2012-06-20 11:26 . 2012-06-20 11:26 -------- d-----w- c:\users\sluggo\AppData\Local\Macromedia
2012-06-17 21:00 . 2012-06-17 21:02 -------- d-----w- C:\xampp
2012-06-16 21:30 . 2012-06-16 21:30 -------- d-----w- c:\program files\Box
2012-06-16 21:23 . 2012-06-18 06:13 -------- d-----w- c:\users\sluggo\AppData\Roaming\Notepad++
2012-06-16 21:23 . 2012-06-16 21:23 -------- d-----w- c:\program files\Notepad++
2012-06-13 10:01 . 2012-05-17 22:38 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-06-13 10:01 . 2012-05-17 22:37 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-06-13 10:01 . 2012-05-17 22:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-10 05:54 . 2012-06-10 05:55 -------- d-----w- c:\program files\Safari
2012-06-08 23:30 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-08 23:30 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-08 23:30 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-08 23:30 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-08 23:30 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-08 23:30 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-08 23:30 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-08 23:29 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-08 23:29 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-08 14:25 . 2012-04-06 03:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-08 14:25 . 2011-11-10 15:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 19:12 . 2011-11-07 01:57 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-21 12:29 . 2011-11-08 05:59 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-06-16 21:17 . 2011-11-07 01:24 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-11-14 . B0A5A2CD481563430D09B497605497B6 . 521216 . . [6.1.7601.17514] . . c:\windows\System32\termsrv.dll
[-] 2011-11-14 . B0A5A2CD481563430D09B497605497B6 . 521216 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll
[7] 2009-07-14 . A01E50A04D7B1960B33E92B9080E6A94 . 543232 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-06-08 03:51 208608 ----a-w- c:\users\sluggo\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-06-08 03:51 208608 ----a-w- c:\users\sluggo\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-06-08 03:51 208608 ----a-w- c:\users\sluggo\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\sluggo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\sluggo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\sluggo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2012-03-09 1449824]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-11-24 6497592]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"SkyDrive"="c:\users\sluggo\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-06-08 296672]
"chromium"="c:\users\sluggo\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-06-28 1250328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-10 2595792]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-10 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-10 136472]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Cartes du Ciel Clock.lnk - c:\program files\Ciel\cdcicon.exe [2012-1-14 3495424]
CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2011-7-6 6904208]
Dropbox.lnk - c:\users\sluggo\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2011-7-6 6904208]
Subsonic.lnk - c:\subsonic\subsonic-agent.exe [2011-12-6 206336]
Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-552 revA\wirelesscm.exe [2012-2-29 517440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 XAMPP;XAMPP Service;c:\xampp\service.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\D-Link\DWA-552 revA\jswpsapi.exe [x]
R3 kx1avs;Traktor Kontrol X1 Midi;c:\windows\system32\Drivers\kx1avs.sys [x]
R3 kx1usb_svc;Traktor Kontrol X1;c:\windows\system32\Drivers\kx1usb.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [x]
S3 Echo3G;Echo3G Service;c:\windows\system32\drivers\echo3g.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 14:25]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-25 18:20]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-25 18:20]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4213201847-2594826557-910303953-1001Core.job
- c:\users\sluggo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 01:50]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4213201847-2594826557-910303953-1001UA.job
- c:\users\sluggo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 01:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.100.1
TCP: Interfaces\{B74A15E9-18B1-4402-9A5B-96341AC5C6F8}: NameServer = 208.122.23.22,208.122.23.23
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\TurboTax 2011\ic2011pp.dll
FF - ProfilePath - c:\users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
AddRemove-PSP Nitro 1.1.2 - c:\users\sluggo\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4213201847-2594826557-910303953-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*›Óp]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-4213201847-2594826557-910303953-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*›Óp\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4213201847-2594826557-910303953-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*›Óp]
"0"=hex:66,69,6c,65,3a,2f,2f,2f,4e,3a,2f,44,6f,77,6e,6c,6f,61,64,73,2f,44,65,
6e,6e,69,73,25,32,30,46,65,72,72,65,72,25,32,30,2d,25,32,30,54,72,61,6e,73,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-4213201847-2594826557-910303953-1001\Software\SecuROM\License information*]
"datasecu"=hex:60,4b,c2,54,47,36,de,3f,ef,1f,3c,47,47,82,02,7c,cd,3b,cd,a9,7d,
4b,04,e0,42,7e,b3,c0,7f,aa,c0,a4,8b,7c,30,5a,7c,a7,fc,6e,3d,31,c1,31,dc,67,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(844)
c:\windows\system32\relog_ap.DLL
.
Completion time: 2012-07-08 11:27:45
ComboFix-quarantined-files.txt 2012-07-08 18:27
ComboFix2.txt 2012-07-05 16:01
.
Pre-Run: 110,428,573,696 bytes free
Post-Run: 110,700,720,128 bytes free
.
- - End Of File - - 24328D5498BB1765162D5525FD5BF25A

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:48 PM

Posted 08 July 2012 - 05:51 PM

Greetings shmish

Your reports are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Freecorder 5
Freecorder Toolbar
Java™ 6 Update 33
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 shmish

shmish
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 09 July 2012 - 01:36 AM

Hello,

I now see that SearchEnhance is running in my Chrome search boxes. I'm not 100% sure if it was removed and has come back, or if it never left Chrome. I thought that I had checked all of my browsers.

Here are the results from MBAM and HijackThis

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.09.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
sluggo :: SLUGGO-PC [administrator]

Protection: Disabled

7/8/2012 11:19:18 PM
mbam-log-2012-07-08 (23-19-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235637
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:33:59 PM, on 7/8/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\xampp\apache\bin\httpd.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Live\Mesh\WLSync.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Windows Live\Mesh\MOE.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\explorer.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\sluggo\Desktop\HijackThis.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: PNBHO - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files\DeLorme\SendToGPS\PNPluginForIE.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-RR1OU.exe" /REG /REGSVRMODE
O4 - HKCU\..\Run: [WLSync] "C:\Program Files\Windows Live\Mesh\WLSync.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\sluggo\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [chromium] C:\Users\sluggo\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window
O4 - Startup: Cartes du Ciel Clock.lnk = C:\Program Files\Ciel\cdcicon.exe
O4 - Startup: CodeMeter Control Center.lnk = C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
O4 - Startup: Dropbox.lnk = sluggo\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: CodeMeter Control Center.lnk = C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
O4 - Global Startup: Subsonic.lnk = C:\Subsonic\subsonic-agent.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\DWA-552 revA\wirelesscm.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files\LastPass\context.html?cmd=fillforms
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{B74A15E9-18B1-4402-9A5B-96341AC5C6F8}: NameServer = 208.122.23.22,208.122.23.23
O18 - Protocol: intu-tt2011 - {B3B5DAD9-E96D-45B4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\DWA-552 revA\jswpsapi.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Subsonic - Unknown owner - C:\Subsonic\subsonic-service.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe

--
End of file - 13284 bytes

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:48 PM

Posted 09 July 2012 - 01:47 AM

Greetings


I want you to uninstall chrome and if asked about user data or settings then remove that also


restart the computer and reinstall it and see if you have the same problem

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 shmish

shmish
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 11 July 2012 - 01:36 PM

Thanks, that seems to have worked. I'm currently not getting searchenhance in chrome (or IE, firefox).

Doug

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:48 PM

Posted 11 July 2012 - 09:18 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
      O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-RR1OU.exe" /REG /REGSVRMODE
      O4 - HKCU\..\Run: [WLSync] "C:\Program Files\Windows Live\Mesh\WLSync.exe" /background
      O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
      O4 - HKCU\..\Run: [SkyDrive] "C:\Users\sluggo\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
      O4 - HKCU\..\Run: [chromium] C:\Users\sluggo\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window
      O4 - Startup: Cartes du Ciel Clock.lnk = C:\Program Files\Ciel\cdcicon.exe
      O4 - Startup: CodeMeter Control Center.lnk = C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
      O4 - Startup: Dropbox.lnk = sluggo\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
      O4 - Global Startup: CodeMeter Control Center.lnk = C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
      O4 - Global Startup: Subsonic.lnk = C:\Subsonic\subsonic-agent.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:48 PM

Posted 13 July 2012 - 11:42 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 shmish

shmish
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 16 July 2012 - 01:27 AM

Hi Gringo,

No problems with the above, and nothing found with the ESET online scanner.

thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users