Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Opera and Chrome no longer open, internet problems


  • This topic is locked This topic is locked
21 replies to this topic

#1 m267

m267

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 14 October 2012 - 09:42 AM

Hello and thank you in advance for any help you can give me with this problem.#

Earlier this week AVG detected a trojan and successfully (or so I thought at the time) put it in the virus vault. After this, however, Opera and Chrome no longer launch and I cannot reinstall them. More troubling is that several times since AVG has again detected trojans and attempted to remove them. I have scanned with AVG and it found nothing so I tried superantispyware, which found some trojans and deleted them. However, later AVG detected and attempted to remove a trojan so I then downloaded spybot search and destroy and it also found more viruses and removed them. This too did not stop the messages. At this point I was desperate and ran combofix. I had not come across this forum at that point so I apologize for being an idiot and running that before consulting. I have not received any virus notifications since then, but my computer is now very buggy and slow (slow in the sense that it is pretty much impossible to do anything on it) whenever I plug in my wifi adapter. When the adapter has not been plugged in, it's useable, but still noticeably slower than normal. I ran dds and I can post the combofix log if need be. Thank you again.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by John at 18:12:50 on 2012-10-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2528 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\windows\System32\alg.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\windows\system32\sppsvc.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [JMB36X IDE Setup] C:\windows\RaidTool\xInsIDE.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{008484AD-D406-4922-BEDF-83B6DF869414} : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{153C1341-344C-4C8E-8D9E-5C1EDF3AEA1E} : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{17115B73-1532-40D1-A1AE-9389F65AD25D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4E444605-93E2-42AB-B657-750B6E082A9C} : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{86A8EAB1-E65D-4CF0-A01E-90EE52482C5D}\B494E4743575942554C4543535 : DhcpNameServer = 137.73.254.10 159.92.254.10
TCP: Interfaces\{A2DD8F42-5FF7-4745-8711-A8653EAF68E8} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AF410816-4534-4BB5-B236-E90376FE9970} : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{CC1B9995-8B81-4F38-A5BD-61F49B54FFC4} : DhcpNameServer = 137.73.254.10 159.92.254.10
TCP: Interfaces\{F54E1781-E677-4904-A523-18BD3C28211E} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [JMB36X IDE Setup] C:\windows\RaidTool\xInsIDE.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0wmjyopw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
---- FIREFOX POLICIES ----
FF - user.js: -
FF - user.js: security.enable_tls - false
FF - user.js: network.http.accept-encoding -
FF - user.js: secnetwork.http.accept-encodingurity.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 SCMNdisP;General NDIS Protocol Driver;C:\windows\system32\DRIVERS\scmndisp.sys --> C:\windows\system32\DRIVERS\scmndisp.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\windows\system32\DRIVERS\lvuvc64.sys --> C:\windows\system32\DRIVERS\lvuvc64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca7c3c1c64d5ea;Google Update Service (gupdate1ca7c3c1c64d5ea);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-13 133104]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-14 2253120]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2012-9-20 272864]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 250808]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2010-11-28 401920]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\windows\system32\DRIVERS\bcmwlhigh664.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-13 133104]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\system32\drivers\rdpvideominiport.sys --> C:\windows\system32\drivers\rdpvideominiport.sys [?]
S3 rt70x64;Linksys Home Wireless-G USB Adaptor Driver;C:\windows\system32\DRIVERS\netr7064.sys --> C:\windows\system32\DRIVERS\netr7064.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-10-12 17:00:58 1441852 ----a-w- C:\windows\System32\PerfStringBackup.TMP
2012-10-12 16:48:23 -------- d-sh--w- C:\$RECYCLE.BIN
2012-10-12 09:25:46 98816 ----a-w- C:\windows\sed.exe
2012-10-12 09:25:46 518144 ----a-w- C:\windows\SWREG.exe
2012-10-12 09:25:46 256000 ----a-w- C:\windows\PEV.exe
2012-10-12 09:25:46 208896 ----a-w- C:\windows\MBR.exe
2012-10-11 22:13:18 4096000 ----a-w- C:\Program Files (x86)\GUTD367.tmp
2012-10-11 22:13:18 -------- d-----w- C:\Program Files (x86)\GUMD366.tmp
2012-10-11 22:13:04 4096000 ----a-w- C:\Program Files (x86)\GUT9B85.tmp
2012-10-11 22:13:04 -------- d-----w- C:\Program Files (x86)\GUM9B84.tmp
2012-10-11 22:12:50 4096000 ----a-w- C:\Program Files (x86)\GUT6385.tmp
2012-10-11 22:12:50 -------- d-----w- C:\Program Files (x86)\GUM6374.tmp
2012-10-11 19:55:34 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-10-11 19:55:34 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-10-10 17:44:52 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-10-10 17:44:52 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-10-10 17:15:00 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-10-10 13:59:29 -------- d-----w- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
2012-10-10 13:52:55 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-02 11:17:58 5171904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-09-20 23:34:48 294912 ----a-w- C:\windows\System32\browserchoice.exe
2012-09-20 23:29:49 751104 ----a-w- C:\windows\System32\win32spl.dll
2012-09-20 23:29:49 67072 ----a-w- C:\windows\splwow64.exe
2012-09-20 23:29:49 559104 ----a-w- C:\windows\System32\spoolsv.exe
2012-09-20 23:29:49 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
2012-09-20 23:29:47 503808 ----a-w- C:\windows\System32\srcore.dll
2012-09-20 23:29:47 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2012-09-20 23:29:46 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-09-20 23:29:46 41472 ----a-w- C:\windows\System32\drivers\RNDISMP.sys
2012-09-20 23:29:21 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-09-20 23:29:21 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2012-09-20 15:41:57 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-09-20 15:41:08 -------- d-----w- C:\Program Files\iPod
2012-09-20 15:41:07 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-20 15:41:07 -------- d-----w- C:\Program Files\iTunes
2012-09-20 13:37:36 25312 ----a-w- C:\windows\System32\drivers\SCMNdisP.sys
2012-09-20 13:37:31 47632 ----a-w- C:\windows\System32\drivers\npf.sys
2012-09-20 13:37:31 -------- d-----w- C:\Program Files (x86)\NETGEAR
.
==================== Find3M ====================
.
2012-10-12 09:46:53 20048 ----a-w- C:\windows\System32\drivers\WS2IFSL.SYS
2012-10-12 09:46:53 20048 ----a-w- C:\windows\System32\drivers\AFD.SYS
2012-10-11 06:13:11 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-11 06:13:11 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 13:52:35 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-10-10 13:52:35 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-08-24 19:43:16 384352 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2012-08-24 18:05:07 220160 ----a-w- C:\windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 12:01:20 125872 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-08-21 12:01:20 106928 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2012-08-11 00:56:03 715776 ----a-w- C:\windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\windows\SysWow64\kerberos.dll
2012-07-26 07:21:28 291680 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 18:16:21.23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:20 AM

Posted 14 October 2012 - 09:28 PM

Greetings m267 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. If you would allow me to call you by your first name I would prefer to do that. :thumbup2:


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided. While I am doing that I would like you to post the Combofix log, as instructed below.


===================================================


Obtaining Current ComboFix.txt

--------------------

Please copy and paste the contents of the following file in your reply.

C:\ComboFix.txt


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 m267

m267
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 15 October 2012 - 06:05 AM

Hi Gary, thanks for your help. My name's John, by the way. Here's the log file created by combofix

ComboFix 12-10-12.01 - John 10/12/2012 12:20:09.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2656 [GMT 1:00]
Running from: I:\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-12 to 2012-10-12 )))))))))))))))))))))))))))))))
.
.
2012-10-12 11:31 . 2012-10-12 11:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-12 11:31 . 2012-10-12 11:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-11 22:13 . 2012-10-11 22:13 4096000 ----a-w- c:\program files (x86)\GUTD367.tmp
2012-10-11 22:13 . 2012-10-11 22:13 -------- d-----w- c:\program files (x86)\GUMD366.tmp
2012-10-11 22:13 . 2012-10-11 22:13 4096000 ----a-w- c:\program files (x86)\GUT9B85.tmp
2012-10-11 22:13 . 2012-10-11 22:13 -------- d-----w- c:\program files (x86)\GUM9B84.tmp
2012-10-11 22:12 . 2012-10-11 22:12 4096000 ----a-w- c:\program files (x86)\GUT6385.tmp
2012-10-11 22:12 . 2012-10-11 22:12 -------- d-----w- c:\program files (x86)\GUM6374.tmp
2012-10-11 19:55 . 2012-10-11 20:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-11 19:55 . 2012-10-11 19:57 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-10-10 17:44 . 2012-10-11 05:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-10 17:44 . 2012-10-10 17:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-10 17:15 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 13:59 . 2012-10-10 13:59 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com
2012-10-10 13:53 . 2012-10-10 13:53 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-10 13:52 . 2012-10-10 13:52 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-02 11:17 . 2012-10-02 11:17 5171904 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-09-20 23:34 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-09-20 23:29 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-09-20 23:29 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-09-20 23:29 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-09-20 23:29 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-09-20 23:29 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-09-20 23:29 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-09-20 23:29 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-20 23:29 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-20 23:29 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-20 23:29 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-20 15:41 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-20 15:41 . 2012-09-20 15:41 -------- d-----w- c:\program files\iPod
2012-09-20 15:41 . 2012-09-20 15:41 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-20 15:41 . 2012-09-20 15:41 -------- d-----w- c:\program files\iTunes
2012-09-20 13:37 . 2007-01-19 22:24 25312 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
2012-09-20 13:37 . 2012-09-20 13:37 -------- d-----w- c:\program files (x86)\NETGEAR
2012-09-20 13:37 . 2010-02-03 15:20 47632 ----a-w- c:\windows\system32\drivers\npf.sys
2012-09-12 15:10 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 15:10 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 15:10 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 09:46 . 2012-02-15 23:57 20048 ----a-w- c:\windows\system32\drivers\AFD.SYS
2012-10-12 09:46 . 2009-07-14 00:10 20048 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS
2012-10-11 06:13 . 2012-04-01 23:57 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-11 06:13 . 2011-05-24 13:17 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 17:17 . 2009-11-29 00:57 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-10 13:52 . 2012-05-12 18:52 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-10 13:52 . 2010-10-08 22:43 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-24 19:43 . 2012-08-24 19:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-08-21 12:01 . 2009-11-28 16:53 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 12:01 . 2009-11-28 16:53 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-26 07:21 . 2012-07-26 07:21 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-07-18 18:15 . 2012-08-22 19:55 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-11 5664640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2012-9-20 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1ca7c3c1c64d5ea;Google Update Service (gupdate1ca7c3c1c64d5ea);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-13 133104]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-08-19 272864]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 250808]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-13 133104]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 rt70x64;Linksys Home Wireless-G USB Adaptor Driver;c:\windows\system32\DRIVERS\netr7064.sys [2010-04-27 388448]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-26 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-11-10 4162784]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 06:13]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-13 21:34]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-13 21:34]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3039023501-1864894584-1336937131-1000Core.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 22:14]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3039023501-1864894584-1336937131-1000UA.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 22:14]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{AF410816-4534-4BB5-B236-E90376FE9970}: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0wmjyopw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: -
FF - user.js: security.enable_tls - false
FF - user.js: network.http.accept-encoding -
FF - user.js: secnetwork.http.accept-encodingurity.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Wow6432Node-HKCU-Run-{6143BF86-D603-490A-5A75-42F0AB4FC962} - c:\users\John\AppData\Roaming\Adobe\Flash Player\APSPrivateData2\0\ed47eb4\R6Uz1DHckRR4BcuLJ8DtKrlEk2s=\SuskIAWiNnhy0kNSYD9EHWWDSh8I=\OTFENTE1MDYtMDQyQy0zQzk2LTk2RkUtMEE2M0Q0NzdFMjE3\w32tm.exe
AddRemove-dBpoweramp AIFF Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Nero AAC Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Utilities - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Calculate Audio CRC] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ID Tag Update] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ReplayGain] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Tag From Filename] Codec - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3039023501-1864894584-1336937131-1000\Software\SecuROM\License information*]
"datasecu"=hex:19,78,aa,ce,27,82,c3,cb,53,2c,b3,96,aa,da,a6,b0,3a,3b,2d,27,d8,
b9,a1,02,21,59,9c,47,03,76,57,33,9f,c3,36,1a,e3,5b,b4,21,23,19,c3,7d,5d,2a,\
"rkeysecu"=hex:43,28,38,fe,3c,80,ab,79,95,5c,a1,36,be,fe,a7,a0
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-12 12:36:21
ComboFix-quarantined-files.txt 2012-10-12 11:36
ComboFix2.txt 2012-10-12 09:45
.
Pre-Run: 624,865,984,512 bytes free
Post-Run: 624,474,738,688 bytes free
.
- - End Of File - - D1F1BA3BB9DFFEB6B0A4F592EBE3C6F0

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:20 AM

Posted 15 October 2012 - 09:14 AM

Hi John,

Thank you for the information. This first post will be a bit labor intensive. I need to gather some information since I am coming in mid stream in the virus removal process. Doesn't put us at a disadvantage necessarily, I just need to catch up a bit so I can try and determine what is going on.

Spybot is no longer recommended by BleepingComputer. Since we will be using other tools I will provide you with details about that program and request we uninstall it.

If you could answer the following questions it would be most helpful:

  • Do you recall what viruses were found on your computer?
  • Does Internet Explorer launch?
  • How are you trying to uninstall Opera and Chrome? (add-remove programs?)
  • Have you had difficulties uninstalling or running other programs?
I would like you to run the following programs for me to take a better look at the state of your computer.


===================================================


Spybot S&D No Longer Recommended

--------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

Further, most people don't understand Spybot's TeaTimer or how to use it and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and even prevent disinfection of malware by those tools.

I strongly recommend uninstalling Spybot Search & Destroy. The presence of this program can make cleaning your computer more difficult.

Please go to Start > Control Panel > Add/Remove Programs (or Programs and Features) and delete the program.

Reboot your computer prior to the next step.


===================================================


Run TDSSKiller by Kaspersky on Vista/7

--------------------

  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.


    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.


    Posted Image

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


    Posted Image

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis. Please submit these results with your next reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    Posted Image
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    Posted Image
  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


OTL

--------------------

Please download OTL here.

  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Copy and paste the two reports in your next reply.

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Response to questions
  • TDSSKiller log
  • aswMBR log
  • OTL.txt
  • Extra.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 m267

m267
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 15 October 2012 - 03:31 PM

I looked in the vault and found 'IDP.trojan.874B4F37' but I deleted the rest of the vault earlier in the week just to get rid of the files from my computer, sorry.

Internet explorer does launch as does mozilla firefox.

I tried to uninstall Opera from the add/remove programs section to see exactly where it stopped working (before, I think I clicked the uninstall button and then it stopped), but this time it said it was successfully uninstalled.

The other program I had trouble uninstall/repairing was the netgear software, but before I posted here I manage to successfully uninstall and reinstall it. The internet still does not work and after I plug my wifi adapter in and try to connect to a network the computer begins to freeze up.

here are the logs, I was not able to update aswmbr as you asked but I was not able to connect to the internet, so I hope that doesn't damage anything


20:29:17.0323 3316 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
20:29:17.0385 3316 ============================================================
20:29:17.0385 3316 Current date / time: 2012/10/15 20:29:17.0385
20:29:17.0385 3316 SystemInfo:
20:29:17.0385 3316
20:29:17.0385 3316 OS Version: 6.1.7601 ServicePack: 1.0
20:29:17.0385 3316 Product type: Workstation
20:29:17.0385 3316 ComputerName: BISMARCK
20:29:17.0385 3316 UserName: John
20:29:17.0385 3316 Windows directory: C:\windows
20:29:17.0385 3316 System windows directory: C:\windows
20:29:17.0385 3316 Running under WOW64
20:29:17.0385 3316 Processor architecture: Intel x64
20:29:17.0385 3316 Number of processors: 8
20:29:17.0385 3316 Page size: 0x1000
20:29:17.0385 3316 Boot type: Normal boot
20:29:17.0385 3316 ============================================================
20:29:19.0632 3316 Drive \Device\Harddisk0\DR0 - Size: 0x15D50E5DE00 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2F509, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:29:19.0632 3316 Drive \Device\Harddisk1\DR1 - Size: 0x3C100000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:29:19.0632 3316 ============================================================
20:29:19.0632 3316 \Device\Harddisk0\DR0:
20:29:19.0632 3316 MBR partitions:
20:29:19.0632 3316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAEA54000
20:29:19.0632 3316 \Device\Harddisk1\DR1:
20:29:19.0632 3316 MBR partitions:
20:29:19.0632 3316 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x1E07E0
20:29:19.0632 3316 ============================================================
20:29:19.0663 3316 C: <-> \Device\Harddisk0\DR0\Partition1
20:29:19.0663 3316 ============================================================
20:29:19.0663 3316 Initialize success
20:29:19.0663 3316 ============================================================
20:29:23.0095 3472 ============================================================
20:29:23.0095 3472 Scan started
20:29:23.0095 3472 Mode: Manual;
20:29:23.0095 3472 ============================================================
20:29:24.0249 3472 ================ Scan system memory ========================
20:29:24.0249 3472 System memory - ok
20:29:24.0249 3472 ================ Scan services =============================
20:29:24.0327 3472 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:29:24.0327 3472 !SASCORE - ok
20:29:24.0468 3472 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
20:29:24.0483 3472 1394ohci - ok
20:29:24.0530 3472 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
20:29:24.0530 3472 ACPI - ok
20:29:24.0561 3472 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
20:29:24.0577 3472 AcpiPmi - ok
20:29:24.0702 3472 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:29:24.0702 3472 AdobeARMservice - ok
20:29:24.0811 3472 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:29:24.0826 3472 AdobeFlashPlayerUpdateSvc - ok
20:29:24.0904 3472 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
20:29:24.0904 3472 adp94xx - ok
20:29:24.0936 3472 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
20:29:24.0936 3472 adpahci - ok
20:29:24.0951 3472 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
20:29:24.0951 3472 adpu320 - ok
20:29:24.0982 3472 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
20:29:24.0982 3472 AeLookupSvc - ok
20:29:25.0029 3472 [ A3C13A0135BEAE18C7E2310D95F0D605 ] AFD C:\windows\system32\drivers\afd.sys
20:29:25.0029 3472 AFD - ok
20:29:25.0076 3472 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
20:29:25.0076 3472 agp440 - ok
20:29:25.0107 3472 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
20:29:25.0107 3472 ALG - ok
20:29:25.0123 3472 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
20:29:25.0123 3472 aliide - ok
20:29:25.0201 3472 [ FF6F0F6A2D72065AE4300426FA414693 ] Amazon Download Agent C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
20:29:25.0216 3472 Amazon Download Agent - ok
20:29:25.0232 3472 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
20:29:25.0232 3472 amdide - ok
20:29:25.0279 3472 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
20:29:25.0279 3472 AmdK8 - ok
20:29:25.0294 3472 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
20:29:25.0294 3472 AmdPPM - ok
20:29:25.0341 3472 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
20:29:25.0341 3472 amdsata - ok
20:29:25.0388 3472 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
20:29:25.0388 3472 amdsbs - ok
20:29:25.0404 3472 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
20:29:25.0419 3472 amdxata - ok
20:29:25.0466 3472 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
20:29:25.0466 3472 AppID - ok
20:29:25.0482 3472 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
20:29:25.0482 3472 AppIDSvc - ok
20:29:25.0544 3472 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
20:29:25.0544 3472 Appinfo - ok
20:29:25.0622 3472 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:29:25.0622 3472 Apple Mobile Device - ok
20:29:25.0669 3472 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\windows\System32\appmgmts.dll
20:29:25.0669 3472 AppMgmt - ok
20:29:25.0684 3472 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
20:29:25.0684 3472 arc - ok
20:29:25.0700 3472 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
20:29:25.0700 3472 arcsas - ok
20:29:25.0825 3472 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:29:25.0903 3472 aspnet_state - ok
20:29:25.0950 3472 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
20:29:25.0950 3472 AsyncMac - ok
20:29:25.0965 3472 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
20:29:25.0965 3472 atapi - ok
20:29:26.0012 3472 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
20:29:26.0012 3472 AudioEndpointBuilder - ok
20:29:26.0028 3472 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
20:29:26.0028 3472 AudioSrv - ok
20:29:26.0215 3472 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
20:29:26.0308 3472 AVGIDSAgent - ok
20:29:26.0371 3472 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdrivera.sys
20:29:26.0371 3472 AVGIDSDriver - ok
20:29:26.0418 3472 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\windows\system32\DRIVERS\avgidsfiltera.sys
20:29:26.0418 3472 AVGIDSFilter - ok
20:29:26.0449 3472 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\windows\system32\DRIVERS\avgidsha.sys
20:29:26.0449 3472 AVGIDSHA - ok
20:29:26.0496 3472 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\windows\system32\DRIVERS\avgldx64.sys
20:29:26.0496 3472 Avgldx64 - ok
20:29:26.0527 3472 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\windows\system32\DRIVERS\avgmfx64.sys
20:29:26.0527 3472 Avgmfx64 - ok
20:29:26.0542 3472 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\windows\system32\DRIVERS\avgrkx64.sys
20:29:26.0542 3472 Avgrkx64 - ok
20:29:26.0558 3472 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\windows\system32\DRIVERS\avgtdia.sys
20:29:26.0558 3472 Avgtdia - ok
20:29:26.0589 3472 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
20:29:26.0589 3472 avgwd - ok
20:29:26.0652 3472 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
20:29:26.0652 3472 AxInstSV - ok
20:29:26.0714 3472 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
20:29:26.0714 3472 b06bdrv - ok
20:29:26.0761 3472 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
20:29:26.0761 3472 b57nd60a - ok
20:29:26.0839 3472 [ 6FA3557EA5FA09BA705298CC6B0E9F5A ] BCMH43XX C:\windows\system32\DRIVERS\bcmwlhigh664.sys
20:29:26.0870 3472 BCMH43XX - ok
20:29:26.0886 3472 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
20:29:26.0901 3472 BDESVC - ok
20:29:26.0917 3472 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
20:29:26.0917 3472 Beep - ok
20:29:26.0964 3472 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
20:29:26.0964 3472 BFE - ok
20:29:27.0010 3472 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
20:29:27.0120 3472 BITS - ok
20:29:27.0151 3472 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
20:29:27.0151 3472 blbdrive - ok
20:29:27.0244 3472 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:29:27.0244 3472 Bonjour Service - ok
20:29:27.0260 3472 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
20:29:27.0260 3472 bowser - ok
20:29:27.0276 3472 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
20:29:27.0291 3472 BrFiltLo - ok
20:29:27.0307 3472 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
20:29:27.0307 3472 BrFiltUp - ok
20:29:27.0338 3472 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
20:29:27.0338 3472 BridgeMP - ok
20:29:27.0369 3472 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
20:29:27.0369 3472 Browser - ok
20:29:27.0385 3472 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
20:29:27.0400 3472 Brserid - ok
20:29:27.0416 3472 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
20:29:27.0416 3472 BrSerWdm - ok
20:29:27.0416 3472 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
20:29:27.0432 3472 BrUsbMdm - ok
20:29:27.0432 3472 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
20:29:27.0432 3472 BrUsbSer - ok
20:29:27.0463 3472 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
20:29:27.0463 3472 BTHMODEM - ok
20:29:27.0494 3472 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
20:29:27.0494 3472 bthserv - ok
20:29:27.0541 3472 catchme - ok
20:29:27.0556 3472 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
20:29:27.0572 3472 cdfs - ok
20:29:27.0634 3472 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
20:29:27.0634 3472 cdrom - ok
20:29:27.0681 3472 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
20:29:27.0681 3472 CertPropSvc - ok
20:29:27.0712 3472 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
20:29:27.0712 3472 circlass - ok
20:29:27.0744 3472 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
20:29:27.0744 3472 CLFS - ok
20:29:27.0790 3472 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:29:27.0790 3472 clr_optimization_v2.0.50727_32 - ok
20:29:27.0822 3472 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:29:27.0837 3472 clr_optimization_v2.0.50727_64 - ok
20:29:27.0915 3472 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:29:28.0056 3472 clr_optimization_v4.0.30319_32 - ok
20:29:28.0102 3472 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:29:28.0134 3472 clr_optimization_v4.0.30319_64 - ok
20:29:28.0180 3472 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
20:29:28.0180 3472 CmBatt - ok
20:29:28.0196 3472 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
20:29:28.0212 3472 cmdide - ok
20:29:28.0227 3472 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
20:29:28.0227 3472 CNG - ok
20:29:28.0243 3472 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
20:29:28.0258 3472 Compbatt - ok
20:29:28.0305 3472 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
20:29:28.0305 3472 CompositeBus - ok
20:29:28.0321 3472 COMSysApp - ok
20:29:28.0352 3472 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
20:29:28.0352 3472 crcdisk - ok
20:29:28.0368 3472 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
20:29:28.0368 3472 CryptSvc - ok
20:29:28.0414 3472 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\windows\system32\drivers\csc.sys
20:29:28.0414 3472 CSC - ok
20:29:28.0446 3472 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\windows\System32\cscsvc.dll
20:29:28.0446 3472 CscService - ok
20:29:28.0477 3472 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
20:29:28.0477 3472 DcomLaunch - ok
20:29:28.0508 3472 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
20:29:28.0508 3472 defragsvc - ok
20:29:28.0539 3472 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
20:29:28.0555 3472 DfsC - ok
20:29:28.0602 3472 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
20:29:28.0602 3472 Dhcp - ok
20:29:28.0617 3472 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
20:29:28.0617 3472 discache - ok
20:29:28.0664 3472 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
20:29:28.0664 3472 Disk - ok
20:29:28.0711 3472 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
20:29:28.0711 3472 Dnscache - ok
20:29:28.0758 3472 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
20:29:28.0758 3472 dot3svc - ok
20:29:28.0773 3472 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
20:29:28.0773 3472 DPS - ok
20:29:28.0820 3472 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
20:29:28.0836 3472 drmkaud - ok
20:29:28.0851 3472 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
20:29:28.0867 3472 DXGKrnl - ok
20:29:28.0898 3472 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
20:29:28.0898 3472 EapHost - ok
20:29:28.0960 3472 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
20:29:29.0038 3472 ebdrv - ok
20:29:29.0070 3472 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
20:29:29.0070 3472 EFS - ok
20:29:29.0116 3472 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
20:29:29.0116 3472 ehRecvr - ok
20:29:29.0163 3472 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
20:29:29.0163 3472 ehSched - ok
20:29:29.0210 3472 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
20:29:29.0210 3472 elxstor - ok
20:29:29.0257 3472 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
20:29:29.0257 3472 ErrDev - ok
20:29:29.0304 3472 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
20:29:29.0304 3472 EventSystem - ok
20:29:29.0335 3472 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
20:29:29.0335 3472 exfat - ok
20:29:29.0350 3472 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
20:29:29.0350 3472 fastfat - ok
20:29:29.0413 3472 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
20:29:29.0413 3472 Fax - ok
20:29:29.0428 3472 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
20:29:29.0428 3472 fdc - ok
20:29:29.0444 3472 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
20:29:29.0444 3472 fdPHost - ok
20:29:29.0444 3472 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
20:29:29.0444 3472 FDResPub - ok
20:29:29.0460 3472 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
20:29:29.0460 3472 FileInfo - ok
20:29:29.0475 3472 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
20:29:29.0475 3472 Filetrace - ok
20:29:29.0491 3472 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
20:29:29.0491 3472 flpydisk - ok
20:29:29.0506 3472 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
20:29:29.0506 3472 FltMgr - ok
20:29:29.0538 3472 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
20:29:29.0569 3472 FontCache - ok
20:29:29.0647 3472 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:29:29.0647 3472 FontCache3.0.0.0 - ok
20:29:29.0662 3472 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
20:29:29.0662 3472 FsDepends - ok
20:29:29.0694 3472 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
20:29:29.0694 3472 Fs_Rec - ok
20:29:29.0740 3472 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
20:29:29.0740 3472 fvevol - ok
20:29:29.0787 3472 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
20:29:29.0787 3472 gagp30kx - ok
20:29:29.0850 3472 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\windows\gdrv.sys
20:29:29.0850 3472 gdrv - ok
20:29:29.0912 3472 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:29:29.0912 3472 GEARAspiWDM - ok
20:29:29.0959 3472 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
20:29:29.0959 3472 gpsvc - ok
20:29:29.0990 3472 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca7c3c1c64d5ea C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:29:30.0006 3472 gupdate1ca7c3c1c64d5ea - ok
20:29:30.0021 3472 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:29:30.0021 3472 gupdatem - ok
20:29:30.0037 3472 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
20:29:30.0037 3472 hcw85cir - ok
20:29:30.0099 3472 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
20:29:30.0099 3472 HdAudAddService - ok
20:29:30.0146 3472 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
20:29:30.0146 3472 HDAudBus - ok
20:29:30.0162 3472 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
20:29:30.0162 3472 HidBatt - ok
20:29:30.0193 3472 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
20:29:30.0193 3472 HidBth - ok
20:29:30.0208 3472 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
20:29:30.0208 3472 HidIr - ok
20:29:30.0224 3472 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
20:29:30.0224 3472 hidserv - ok
20:29:30.0286 3472 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
20:29:30.0286 3472 HidUsb - ok
20:29:30.0318 3472 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
20:29:30.0318 3472 hkmsvc - ok
20:29:30.0364 3472 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
20:29:30.0364 3472 HomeGroupListener - ok
20:29:30.0380 3472 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
20:29:30.0380 3472 HomeGroupProvider - ok
20:29:30.0427 3472 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
20:29:30.0442 3472 HpSAMD - ok
20:29:30.0505 3472 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
20:29:30.0505 3472 HTTP - ok
20:29:30.0536 3472 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
20:29:30.0536 3472 hwpolicy - ok
20:29:30.0583 3472 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
20:29:30.0583 3472 i8042prt - ok
20:29:30.0614 3472 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
20:29:30.0630 3472 iaStorV - ok
20:29:30.0676 3472 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:29:30.0676 3472 idsvc - ok
20:29:30.0708 3472 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
20:29:30.0708 3472 iirsp - ok
20:29:30.0739 3472 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
20:29:30.0739 3472 IKEEXT - ok
20:29:30.0770 3472 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
20:29:30.0770 3472 intelide - ok
20:29:30.0817 3472 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
20:29:30.0817 3472 intelppm - ok
20:29:30.0848 3472 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
20:29:30.0848 3472 IPBusEnum - ok
20:29:30.0879 3472 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
20:29:30.0879 3472 IpFilterDriver - ok
20:29:30.0926 3472 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
20:29:30.0942 3472 iphlpsvc - ok
20:29:30.0957 3472 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
20:29:30.0957 3472 IPMIDRV - ok
20:29:30.0973 3472 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
20:29:30.0973 3472 IPNAT - ok
20:29:31.0035 3472 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:29:31.0051 3472 iPod Service - ok
20:29:31.0066 3472 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
20:29:31.0066 3472 IRENUM - ok
20:29:31.0066 3472 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
20:29:31.0066 3472 isapnp - ok
20:29:31.0098 3472 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
20:29:31.0098 3472 iScsiPrt - ok
20:29:31.0144 3472 [ 79A55E8907F34AB569029505418C35EF ] JRAID C:\windows\system32\DRIVERS\jraid.sys
20:29:31.0144 3472 JRAID - ok
20:29:31.0191 3472 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
20:29:31.0191 3472 kbdclass - ok
20:29:31.0222 3472 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
20:29:31.0222 3472 kbdhid - ok
20:29:31.0238 3472 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
20:29:31.0238 3472 KeyIso - ok
20:29:31.0269 3472 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
20:29:31.0269 3472 KSecDD - ok
20:29:31.0285 3472 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
20:29:31.0285 3472 KSecPkg - ok
20:29:31.0300 3472 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
20:29:31.0300 3472 ksthunk - ok
20:29:31.0332 3472 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
20:29:31.0332 3472 KtmRm - ok
20:29:31.0378 3472 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
20:29:31.0378 3472 LanmanServer - ok
20:29:31.0425 3472 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
20:29:31.0425 3472 LanmanWorkstation - ok
20:29:31.0472 3472 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
20:29:31.0472 3472 lltdio - ok
20:29:31.0488 3472 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
20:29:31.0503 3472 lltdsvc - ok
20:29:31.0503 3472 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
20:29:31.0503 3472 lmhosts - ok
20:29:31.0566 3472 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
20:29:31.0566 3472 LSI_FC - ok
20:29:31.0581 3472 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
20:29:31.0581 3472 LSI_SAS - ok
20:29:31.0612 3472 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
20:29:31.0612 3472 LSI_SAS2 - ok
20:29:31.0628 3472 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
20:29:31.0628 3472 LSI_SCSI - ok
20:29:31.0675 3472 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
20:29:31.0675 3472 luafv - ok
20:29:31.0768 3472 [ A8D7C97016E6B76EF472A4C7AB357EE3 ] LVUVC64 C:\windows\system32\DRIVERS\lvuvc64.sys
20:29:31.0784 3472 LVUVC64 - ok
20:29:31.0831 3472 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\windows\system32\DRIVERS\mcdbus.sys
20:29:31.0846 3472 mcdbus - ok
20:29:31.0878 3472 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
20:29:31.0878 3472 Mcx2Svc - ok
20:29:31.0893 3472 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
20:29:31.0893 3472 megasas - ok
20:29:31.0909 3472 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
20:29:31.0909 3472 MegaSR - ok
20:29:31.0924 3472 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
20:29:31.0924 3472 MMCSS - ok
20:29:31.0940 3472 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
20:29:31.0940 3472 Modem - ok
20:29:31.0987 3472 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
20:29:32.0002 3472 monitor - ok
20:29:32.0034 3472 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\drivers\mouclass.sys
20:29:32.0034 3472 mouclass - ok
20:29:32.0080 3472 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
20:29:32.0080 3472 mouhid - ok
20:29:32.0127 3472 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
20:29:32.0127 3472 mountmgr - ok
20:29:32.0158 3472 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
20:29:32.0158 3472 mpio - ok
20:29:32.0205 3472 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
20:29:32.0205 3472 mpsdrv - ok
20:29:32.0252 3472 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
20:29:32.0252 3472 MpsSvc - ok
20:29:32.0283 3472 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
20:29:32.0299 3472 MRxDAV - ok
20:29:32.0330 3472 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
20:29:32.0330 3472 mrxsmb - ok
20:29:32.0377 3472 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
20:29:32.0377 3472 mrxsmb10 - ok
20:29:32.0424 3472 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
20:29:32.0424 3472 mrxsmb20 - ok
20:29:32.0439 3472 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
20:29:32.0439 3472 msahci - ok
20:29:32.0455 3472 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
20:29:32.0470 3472 msdsm - ok
20:29:32.0486 3472 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
20:29:32.0502 3472 MSDTC - ok
20:29:32.0533 3472 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
20:29:32.0533 3472 Msfs - ok
20:29:32.0548 3472 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
20:29:32.0548 3472 mshidkmdf - ok
20:29:32.0580 3472 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
20:29:32.0580 3472 msisadrv - ok
20:29:32.0626 3472 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
20:29:32.0626 3472 MSiSCSI - ok
20:29:32.0626 3472 msiserver - ok
20:29:32.0673 3472 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
20:29:32.0673 3472 MSKSSRV - ok
20:29:32.0673 3472 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
20:29:32.0673 3472 MSPCLOCK - ok
20:29:32.0689 3472 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
20:29:32.0689 3472 MSPQM - ok
20:29:32.0736 3472 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
20:29:32.0736 3472 MsRPC - ok
20:29:32.0751 3472 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
20:29:32.0751 3472 mssmbios - ok
20:29:32.0751 3472 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
20:29:32.0751 3472 MSTEE - ok
20:29:32.0767 3472 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
20:29:32.0767 3472 MTConfig - ok
20:29:32.0767 3472 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
20:29:32.0782 3472 Mup - ok
20:29:32.0798 3472 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
20:29:32.0798 3472 napagent - ok
20:29:32.0845 3472 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
20:29:32.0845 3472 NativeWifiP - ok
20:29:32.0907 3472 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
20:29:32.0907 3472 NDIS - ok
20:29:32.0938 3472 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
20:29:32.0938 3472 NdisCap - ok
20:29:32.0970 3472 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
20:29:32.0970 3472 NdisTapi - ok
20:29:33.0016 3472 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
20:29:33.0016 3472 Ndisuio - ok
20:29:33.0048 3472 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
20:29:33.0048 3472 NdisWan - ok
20:29:33.0094 3472 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
20:29:33.0094 3472 NDProxy - ok
20:29:33.0110 3472 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
20:29:33.0110 3472 NetBIOS - ok
20:29:33.0126 3472 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
20:29:33.0126 3472 NetBT - ok
20:29:33.0141 3472 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
20:29:33.0141 3472 Netlogon - ok
20:29:33.0157 3472 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
20:29:33.0172 3472 Netman - ok
20:29:33.0219 3472 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:29:33.0266 3472 NetMsmqActivator - ok
20:29:33.0266 3472 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:29:33.0266 3472 NetPipeActivator - ok
20:29:33.0282 3472 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
20:29:33.0297 3472 netprofm - ok
20:29:33.0297 3472 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:29:33.0297 3472 NetTcpActivator - ok
20:29:33.0297 3472 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:29:33.0297 3472 NetTcpPortSharing - ok
20:29:33.0344 3472 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
20:29:33.0344 3472 nfrd960 - ok
20:29:33.0375 3472 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
20:29:33.0375 3472 NlaSvc - ok
20:29:33.0453 3472 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\windows\system32\DRIVERS\npf.sys
20:29:33.0453 3472 NPF - ok
20:29:33.0469 3472 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
20:29:33.0484 3472 Npfs - ok
20:29:33.0484 3472 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
20:29:33.0484 3472 nsi - ok
20:29:33.0500 3472 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
20:29:33.0500 3472 nsiproxy - ok
20:29:33.0562 3472 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
20:29:33.0578 3472 Ntfs - ok
20:29:33.0594 3472 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
20:29:33.0594 3472 Null - ok
20:29:33.0843 3472 [ 9C1996DD3C0469BC8933321F15709F5A ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
20:29:33.0906 3472 nvlddmkm - ok
20:29:33.0952 3472 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
20:29:33.0952 3472 nvraid - ok
20:29:33.0984 3472 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
20:29:33.0984 3472 nvstor - ok
20:29:34.0062 3472 [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:29:34.0077 3472 nvsvc - ok
20:29:34.0171 3472 [ 7E22DE30E222BFDFCEC7E77032BAF3CD ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:29:34.0233 3472 nvUpdatusService - ok
20:29:34.0264 3472 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
20:29:34.0280 3472 nv_agp - ok
20:29:34.0311 3472 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
20:29:34.0327 3472 ohci1394 - ok
20:29:34.0342 3472 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
20:29:34.0358 3472 p2pimsvc - ok
20:29:34.0374 3472 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
20:29:34.0374 3472 p2psvc - ok
20:29:34.0389 3472 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
20:29:34.0389 3472 Parport - ok
20:29:34.0436 3472 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
20:29:34.0436 3472 partmgr - ok
20:29:34.0452 3472 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
20:29:34.0452 3472 PcaSvc - ok
20:29:34.0467 3472 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
20:29:34.0467 3472 pci - ok
20:29:34.0483 3472 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
20:29:34.0483 3472 pciide - ok
20:29:34.0498 3472 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
20:29:34.0514 3472 pcmcia - ok
20:29:34.0514 3472 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
20:29:34.0514 3472 pcw - ok
20:29:34.0530 3472 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
20:29:34.0545 3472 PEAUTH - ok
20:29:34.0592 3472 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll
20:29:34.0592 3472 PeerDistSvc - ok
20:29:34.0654 3472 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
20:29:34.0748 3472 PerfHost - ok
20:29:34.0810 3472 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
20:29:34.0826 3472 pla - ok
20:29:34.0888 3472 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
20:29:34.0888 3472 PlugPlay - ok
20:29:34.0920 3472 PnkBstrA - ok
20:29:34.0951 3472 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
20:29:34.0966 3472 PNRPAutoReg - ok
20:29:34.0982 3472 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
20:29:34.0982 3472 PNRPsvc - ok
20:29:34.0998 3472 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
20:29:34.0998 3472 PolicyAgent - ok
20:29:35.0029 3472 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
20:29:35.0029 3472 Power - ok
20:29:35.0076 3472 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
20:29:35.0091 3472 PptpMiniport - ok
20:29:35.0091 3472 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
20:29:35.0107 3472 Processor - ok
20:29:35.0154 3472 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
20:29:35.0154 3472 ProfSvc - ok
20:29:35.0169 3472 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
20:29:35.0169 3472 ProtectedStorage - ok
20:29:35.0216 3472 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
20:29:35.0216 3472 Psched - ok
20:29:35.0278 3472 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
20:29:35.0310 3472 ql2300 - ok
20:29:35.0310 3472 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
20:29:35.0325 3472 ql40xx - ok
20:29:35.0341 3472 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
20:29:35.0341 3472 QWAVE - ok
20:29:35.0341 3472 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
20:29:35.0341 3472 QWAVEdrv - ok
20:29:35.0356 3472 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
20:29:35.0356 3472 RasAcd - ok
20:29:35.0388 3472 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
20:29:35.0388 3472 RasAgileVpn - ok
20:29:35.0388 3472 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
20:29:35.0388 3472 RasAuto - ok
20:29:35.0434 3472 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
20:29:35.0434 3472 Rasl2tp - ok
20:29:35.0481 3472 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
20:29:35.0481 3472 RasMan - ok
20:29:35.0512 3472 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
20:29:35.0512 3472 RasPppoe - ok
20:29:35.0528 3472 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
20:29:35.0528 3472 RasSstp - ok
20:29:35.0544 3472 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
20:29:35.0559 3472 rdbss - ok
20:29:35.0575 3472 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
20:29:35.0590 3472 rdpbus - ok
20:29:35.0590 3472 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
20:29:35.0590 3472 RDPCDD - ok
20:29:35.0637 3472 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
20:29:35.0637 3472 RDPDR - ok
20:29:35.0684 3472 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
20:29:35.0684 3472 RDPENCDD - ok
20:29:35.0684 3472 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
20:29:35.0684 3472 RDPREFMP - ok
20:29:35.0778 3472 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
20:29:35.0778 3472 RdpVideoMiniport - ok
20:29:35.0824 3472 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
20:29:35.0824 3472 RDPWD - ok
20:29:35.0871 3472 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
20:29:35.0871 3472 rdyboost - ok
20:29:35.0887 3472 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
20:29:35.0887 3472 RemoteAccess - ok
20:29:35.0902 3472 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
20:29:35.0918 3472 RemoteRegistry - ok
20:29:35.0934 3472 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
20:29:35.0934 3472 RpcEptMapper - ok
20:29:35.0965 3472 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
20:29:35.0965 3472 RpcLocator - ok
20:29:35.0996 3472 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
20:29:36.0012 3472 RpcSs - ok
20:29:36.0058 3472 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
20:29:36.0058 3472 rspndr - ok
20:29:36.0090 3472 [ 5BFF00B29F7CC14AF67760C0E868109F ] RT2500USB C:\windows\system32\DRIVERS\rt2500usb.sys
20:29:36.0090 3472 RT2500USB - ok
20:29:36.0152 3472 [ 3641E624C8C5D5EA089AE9B5340B5B79 ] rt70x64 C:\windows\system32\DRIVERS\netr7064.sys
20:29:36.0152 3472 rt70x64 - ok
20:29:36.0199 3472 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
20:29:36.0199 3472 RTL8167 - ok
20:29:36.0246 3472 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\windows\system32\drivers\vms3cap.sys
20:29:36.0246 3472 s3cap - ok
20:29:36.0261 3472 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
20:29:36.0261 3472 SamSs - ok
20:29:36.0339 3472 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:29:36.0339 3472 SASDIFSV - ok
20:29:36.0386 3472 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:29:36.0386 3472 SASKUTIL - ok
20:29:36.0433 3472 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
20:29:36.0433 3472 sbp2port - ok
20:29:36.0448 3472 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
20:29:36.0464 3472 SCardSvr - ok
20:29:36.0495 3472 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
20:29:36.0495 3472 scfilter - ok
20:29:36.0542 3472 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
20:29:36.0558 3472 Schedule - ok
20:29:36.0636 3472 [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP C:\windows\system32\DRIVERS\scmndisp.sys
20:29:36.0636 3472 SCMNdisP - ok
20:29:36.0667 3472 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
20:29:36.0682 3472 SCPolicySvc - ok
20:29:36.0698 3472 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
20:29:36.0698 3472 SDRSVC - ok
20:29:36.0745 3472 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
20:29:36.0745 3472 secdrv - ok
20:29:36.0760 3472 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
20:29:36.0760 3472 seclogon - ok
20:29:36.0776 3472 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
20:29:36.0776 3472 SENS - ok
20:29:36.0792 3472 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
20:29:36.0792 3472 SensrSvc - ok
20:29:36.0838 3472 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
20:29:36.0838 3472 Serenum - ok
20:29:36.0854 3472 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
20:29:36.0854 3472 Serial - ok
20:29:36.0901 3472 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
20:29:36.0901 3472 sermouse - ok
20:29:36.0963 3472 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
20:29:36.0963 3472 SessionEnv - ok
20:29:36.0979 3472 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
20:29:36.0979 3472 sffdisk - ok
20:29:36.0994 3472 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
20:29:37.0010 3472 sffp_mmc - ok
20:29:37.0010 3472 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
20:29:37.0010 3472 sffp_sd - ok
20:29:37.0026 3472 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
20:29:37.0026 3472 sfloppy - ok
20:29:37.0088 3472 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
20:29:37.0104 3472 SharedAccess - ok
20:29:37.0150 3472 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
20:29:37.0150 3472 ShellHWDetection - ok
20:29:37.0166 3472 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
20:29:37.0166 3472 SiSRaid2 - ok
20:29:37.0182 3472 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
20:29:37.0182 3472 SiSRaid4 - ok
20:29:37.0338 3472 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:29:37.0369 3472 Skype C2C Service - ok
20:29:37.0447 3472 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:29:37.0447 3472 SkypeUpdate - ok
20:29:37.0494 3472 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
20:29:37.0494 3472 Smb - ok
20:29:37.0556 3472 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
20:29:37.0556 3472 SNMPTRAP - ok
20:29:37.0587 3472 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
20:29:37.0587 3472 spldr - ok
20:29:37.0618 3472 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
20:29:37.0618 3472 Spooler - ok
20:29:37.0712 3472 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
20:29:37.0728 3472 sppsvc - ok
20:29:37.0759 3472 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
20:29:37.0759 3472 sppuinotify - ok
20:29:37.0806 3472 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
20:29:37.0806 3472 srv - ok
20:29:37.0821 3472 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
20:29:37.0821 3472 srv2 - ok
20:29:37.0837 3472 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
20:29:37.0837 3472 srvnet - ok
20:29:37.0852 3472 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
20:29:37.0852 3472 SSDPSRV - ok
20:29:37.0868 3472 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
20:29:37.0868 3472 SstpSvc - ok
20:29:37.0930 3472 Steam Client Service - ok
20:29:37.0946 3472 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
20:29:37.0946 3472 stexstor - ok
20:29:38.0008 3472 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
20:29:38.0008 3472 stisvc - ok
20:29:38.0055 3472 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\windows\system32\drivers\vmstorfl.sys
20:29:38.0055 3472 storflt - ok
20:29:38.0071 3472 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\windows\system32\drivers\storvsc.sys
20:29:38.0071 3472 storvsc - ok
20:29:38.0102 3472 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
20:29:38.0118 3472 swenum - ok
20:29:38.0133 3472 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
20:29:38.0133 3472 swprv - ok
20:29:38.0149 3472 Synth3dVsc - ok
20:29:38.0211 3472 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
20:29:38.0227 3472 SysMain - ok
20:29:38.0258 3472 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
20:29:38.0274 3472 TabletInputService - ok
20:29:38.0305 3472 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
20:29:38.0320 3472 TapiSrv - ok
20:29:38.0336 3472 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
20:29:38.0336 3472 TBS - ok
20:29:38.0383 3472 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
20:29:38.0383 3472 Tcpip - ok
20:29:38.0461 3472 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
20:29:38.0476 3472 TCPIP6 - ok
20:29:38.0508 3472 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
20:29:38.0508 3472 tcpipreg - ok
20:29:38.0523 3472 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
20:29:38.0523 3472 TDPIPE - ok
20:29:38.0554 3472 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
20:29:38.0554 3472 TDTCP - ok
20:29:38.0617 3472 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
20:29:38.0617 3472 tdx - ok
20:29:38.0664 3472 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
20:29:38.0664 3472 TermDD - ok
20:29:38.0679 3472 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
20:29:38.0695 3472 TermService - ok
20:29:38.0710 3472 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
20:29:38.0710 3472 Themes - ok
20:29:38.0726 3472 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
20:29:38.0726 3472 THREADORDER - ok
20:29:38.0726 3472 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
20:29:38.0742 3472 TrkWks - ok
20:29:38.0788 3472 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
20:29:38.0788 3472 TrustedInstaller - ok
20:29:38.0835 3472 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
20:29:38.0835 3472 tssecsrv - ok
20:29:38.0866 3472 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
20:29:38.0866 3472 TsUsbFlt - ok
20:29:38.0866 3472 tsusbhub - ok
20:29:38.0929 3472 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
20:29:38.0929 3472 tunnel - ok
20:29:38.0960 3472 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
20:29:38.0960 3472 uagp35 - ok
20:29:39.0007 3472 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
20:29:39.0007 3472 udfs - ok
20:29:39.0054 3472 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
20:29:39.0054 3472 UI0Detect - ok
20:29:39.0069 3472 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
20:29:39.0069 3472 uliagpkx - ok
20:29:39.0116 3472 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
20:29:39.0116 3472 umbus - ok
20:29:39.0132 3472 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
20:29:39.0132 3472 UmPass - ok
20:29:39.0178 3472 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\windows\System32\umrdp.dll
20:29:39.0178 3472 UmRdpService - ok
20:29:39.0210 3472 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
20:29:39.0210 3472 upnphost - ok
20:29:39.0225 3472 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
20:29:39.0225 3472 USBAAPL64 - ok
20:29:39.0303 3472 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
20:29:39.0303 3472 usbaudio - ok
20:29:39.0334 3472 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\drivers\usbccgp.sys
20:29:39.0334 3472 usbccgp - ok
20:29:39.0381 3472 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
20:29:39.0381 3472 usbcir - ok
20:29:39.0412 3472 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
20:29:39.0412 3472 usbehci - ok
20:29:39.0444 3472 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
20:29:39.0444 3472 usbhub - ok
20:29:39.0475 3472 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
20:29:39.0475 3472 usbohci - ok
20:29:39.0475 3472 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
20:29:39.0475 3472 usbprint - ok
20:29:39.0522 3472 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
20:29:39.0522 3472 usbscan - ok
20:29:39.0537 3472 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
20:29:39.0553 3472 USBSTOR - ok
20:29:39.0568 3472 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
20:29:39.0600 3472 usbuhci - ok
20:29:39.0646 3472 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
20:29:39.0646 3472 usbvideo - ok
20:29:39.0678 3472 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
20:29:39.0678 3472 UxSms - ok
20:29:39.0693 3472 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
20:29:39.0693 3472 VaultSvc - ok
20:29:39.0724 3472 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
20:29:39.0724 3472 vdrvroot - ok
20:29:39.0771 3472 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
20:29:39.0771 3472 vds - ok
20:29:39.0818 3472 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
20:29:39.0834 3472 vga - ok
20:29:39.0834 3472 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
20:29:39.0834 3472 VgaSave - ok
20:29:39.0834 3472 VGPU - ok
20:29:39.0880 3472 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
20:29:39.0880 3472 vhdmp - ok
20:29:39.0896 3472 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
20:29:39.0896 3472 viaide - ok
20:29:39.0927 3472 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\windows\system32\drivers\vmbus.sys
20:29:39.0927 3472 vmbus - ok
20:29:39.0943 3472 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\windows\system32\drivers\VMBusHID.sys
20:29:39.0943 3472 VMBusHID - ok
20:29:39.0958 3472 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
20:29:39.0958 3472 volmgr - ok
20:29:40.0005 3472 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
20:29:40.0005 3472 volmgrx - ok
20:29:40.0052 3472 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
20:29:40.0052 3472 volsnap - ok
20:29:40.0099 3472 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
20:29:40.0099 3472 vsmraid - ok
20:29:40.0161 3472 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
20:29:40.0177 3472 VSS - ok
20:29:40.0208 3472 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
20:29:40.0208 3472 vwifibus - ok
20:29:40.0239 3472 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
20:29:40.0239 3472 vwififlt - ok
20:29:40.0270 3472 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
20:29:40.0270 3472 W32Time - ok
20:29:40.0286 3472 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
20:29:40.0302 3472 WacomPen - ok
20:29:40.0348 3472 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
20:29:40.0348 3472 WANARP - ok
20:29:40.0348 3472 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
20:29:40.0348 3472 Wanarpv6 - ok
20:29:40.0442 3472 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
20:29:40.0504 3472 WatAdminSvc - ok
20:29:40.0551 3472 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
20:29:40.0567 3472 wbengine - ok
20:29:40.0614 3472 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
20:29:40.0614 3472 WbioSrvc - ok
20:29:40.0660 3472 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
20:29:40.0660 3472 wcncsvc - ok
20:29:40.0676 3472 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
20:29:40.0676 3472 WcsPlugInService - ok
20:29:40.0707 3472 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
20:29:40.0707 3472 Wd - ok
20:29:40.0723 3472 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
20:29:40.0723 3472 Wdf01000 - ok
20:29:40.0770 3472 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
20:29:40.0770 3472 WdiServiceHost - ok
20:29:40.0770 3472 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
20:29:40.0770 3472 WdiSystemHost - ok
20:29:40.0816 3472 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
20:29:40.0816 3472 WebClient - ok
20:29:40.0832 3472 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
20:29:40.0832 3472 Wecsvc - ok
20:29:40.0863 3472 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
20:29:40.0863 3472 wercplsupport - ok
20:29:40.0910 3472 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
20:29:40.0910 3472 WerSvc - ok
20:29:40.0941 3472 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
20:29:40.0957 3472 WfpLwf - ok
20:29:40.0972 3472 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
20:29:40.0972 3472 WIMMount - ok
20:29:41.0004 3472 WinDefend - ok
20:29:41.0004 3472 WinHttpAutoProxySvc - ok
20:29:41.0035 3472 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
20:29:41.0050 3472 Winmgmt - ok
20:29:41.0097 3472 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
20:29:41.0113 3472 WinRM - ok
20:29:41.0160 3472 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
20:29:41.0160 3472 WinUsb - ok
20:29:41.0191 3472 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
20:29:41.0206 3472 Wlansvc - ok
20:29:41.0284 3472 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:29:41.0300 3472 wlidsvc - ok
20:29:41.0347 3472 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
20:29:41.0347 3472 WmiAcpi - ok
20:29:41.0378 3472 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
20:29:41.0378 3472 wmiApSrv - ok
20:29:41.0425 3472 WMPNetworkSvc - ok
20:29:41.0440 3472 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
20:29:41.0456 3472 WPCSvc - ok
20:29:41.0487 3472 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
20:29:41.0503 3472 WPDBusEnum - ok
20:29:41.0503 3472 [ A3C13A0135BEAE18C7E2310D95F0D605 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
20:29:41.0503 3472 ws2ifsl - ok
20:29:41.0581 3472 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
20:29:41.0596 3472 wscsvc - ok
20:29:41.0596 3472 WSearch - ok
20:29:41.0674 3472 [ A2C4DC335656FB7A5A3AC076282534CB ] WSWNDA3100 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
20:29:41.0674 3472 WSWNDA3100 - ok
20:29:41.0737 3472 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
20:29:41.0986 3472 wuauserv - ok
20:29:42.0002 3472 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
20:29:42.0002 3472 WudfPf - ok
20:29:42.0064 3472 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
20:29:42.0064 3472 WUDFRd - ok
20:29:42.0096 3472 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
20:29:42.0111 3472 wudfsvc - ok
20:29:42.0127 3472 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
20:29:42.0142 3472 WwanSvc - ok
20:29:42.0189 3472 ================ Scan global ===============================
20:29:42.0220 3472 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
20:29:42.0252 3472 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
20:29:42.0267 3472 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
20:29:42.0283 3472 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
20:29:42.0298 3472 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
20:29:42.0298 3472 [Global] - ok
20:29:42.0298 3472 ================ Scan MBR ==================================
20:29:42.0314 3472 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:29:42.0486 3472 \Device\Harddisk0\DR0 - ok
20:29:42.0486 3472 [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR1
20:29:47.0244 3472 \Device\Harddisk1\DR1 - ok
20:29:47.0244 3472 ================ Scan VBR ==================================
20:29:47.0259 3472 [ 28847B54D36C8950A43A4518EAD4BDDF ] \Device\Harddisk0\DR0\Partition1
20:29:47.0259 3472 \Device\Harddisk0\DR0\Partition1 - ok
20:29:47.0275 3472 [ 82CABDC3DFE5B309AC2C36997C5C01F4 ] \Device\Harddisk1\DR1\Partition1
20:29:47.0275 3472 \Device\Harddisk1\DR1\Partition1 - ok
20:29:47.0275 3472 ============================================================
20:29:47.0275 3472 Scan finished
20:29:47.0275 3472 ============================================================
20:29:47.0275 3648 Detected object count: 0
20:29:47.0275 3648 Actual detected object count: 0
20:30:26.0961 3296 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-15 20:34:19
-----------------------------
20:34:19.659 OS Version: Windows x64 6.1.7601 Service Pack 1
20:34:19.659 Number of processors: 8 586 0x1A04
20:34:19.659 ComputerName: BISMARCK UserName: John
20:34:23.294 Initialize success
20:34:44.401 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:34:44.401 Disk 0 Vendor: ST31500341AS CC1H Size: 1430798MB BusType: 3
20:34:44.416 Disk 0 MBR read successfully
20:34:44.416 Disk 0 MBR scan
20:34:44.416 Disk 0 Windows 7 default MBR code
20:34:44.432 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1430696 MB offset 206848
20:34:44.463 Disk 0 scanning C:\windows\system32\drivers
20:34:53.698 Service scanning
20:35:11.763 Modules scanning
20:35:11.763 Disk 0 trace - called modules:
20:35:11.794 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:35:11.794 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d3d790]
20:35:11.794 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004b4e520]
20:35:11.794 5 ACPI.sys[fffff88000f1d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b33060]
20:35:11.810 Scan finished successfully
20:35:38.018 Disk 0 MBR has been saved successfully to "I:\MBR.dat"
20:35:38.626 The log file has been saved successfully to "I:\aswMBR.txt"


OTL logfile created on: 10/15/2012 8:36:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 63.27% Memory free
4.97 Gb Paging File | 3.30 Gb Available in Paging File | 66.42% Paging File free
Paging file location(s): c:\pagefile.sys 1000 10240e:\page [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.16 Gb Total Space | 579.88 Gb Free Space | 41.50% Space Free | Partition Type: NTFS
Drive D: | 47.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 956.98 Mb Total Space | 544.60 Mb Free Space | 56.91% Space Free | Partition Type: FAT32

Computer Name: BISMARCK | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/15 19:52:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/31 08:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 09:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 18:01:17 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/08/27 09:32:50 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2010/08/19 20:25:00 | 000,272,864 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/11/11 21:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/25 03:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/25 03:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/08/27 09:32:50 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
MOD - [2010/07/08 16:24:42 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/07/11 19:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/11 07:13:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/08/13 08:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/13 18:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/24 18:06:25 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/14 09:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/01 18:01:17 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/08/19 20:25:00 | 000,272,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/23 18:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/24 20:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/26 08:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/19 09:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 09:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 18:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 18:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 18:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/19 09:52:20 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/25 16:27:40 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/10 08:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2010/04/27 18:40:58 | 000,388,448 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7064.sys -- (rt70x64)
DRV:64bit: - [2010/02/03 16:20:32 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/02 04:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/02/25 00:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/01/19 23:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2006/11/08 20:46:30 | 000,245,248 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rt2500usb.sys -- (RT2500USB)
DRV - [2011/06/08 19:46:55 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/25 00:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3039023501-1864894584-1336937131-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3072253
IE - HKU\S-1-5-21-3039023501-1864894584-1336937131-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3039023501-1864894584-1336937131-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 8F 6A 9F 7E 70 CA 01 [binary data]
IE - HKU\S-1-5-21-3039023501-1864894584-1336937131-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3039023501-1864894584-1336937131-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3039023501-1864894584-1336937131-1000\..\SearchScopes\{C743B833-0E84-4C29-9ED2-61F6F2C78237}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
IE - HKU\S-1-5-21-3039023501-1864894584-1336937131-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=UT2
IE - HKU\S-1-5-21-3039023501-1864894584-1336937131-1000\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=en&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
IE - HKU\S-1-5-21-3039023501-1864894584-1336937131-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3039023501-1864894584-1336937131-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\John\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\John\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\John\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\John\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/10 16:31:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/05 23:58:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/21 00:50:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/15 03:22:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\John\AppData\Roaming\Move Networks [2010/04/05 00:20:19 | 000,000,000 | ---D | M]

[2009/11/29 00:50:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2009/11/29 00:30:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\extensions
[2009/11/29 00:30:23 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2012/05/06 01:35:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0wmjyopw.default\extensions
[2010/06/15 02:11:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0wmjyopw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/18 05:39:24 | 000,000,935 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0wmjyopw.default\searchplugins\conduit.xml
[2012/01/16 23:16:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/11 07:13:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/08 02:27:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/10 21:25:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/01 17:21:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/10 21:25:45 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\John\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\John\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: AdBlock = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: AVG Safe Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: StayFocusd = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.3.5_0\
CHR - Extension: Skype Click to Call = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: AVG Do Not Track = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

O1 HOSTS File: ([2012/10/12 10:43:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKU\S-1-5-21-3039023501-1864894584-1336937131-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3039023501-1864894584-1336937131-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3039023501-1864894584-1336937131-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3039023501-1864894584-1336937131-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{008484AD-D406-4922-BEDF-83B6DF869414}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{153C1341-344C-4C8E-8D9E-5C1EDF3AEA1E}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17115B73-1532-40D1-A1AE-9389F65AD25D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E444605-93E2-42AB-B657-750B6E082A9C}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2DD8F42-5FF7-4745-8711-A8653EAF68E8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF410816-4534-4BB5-B236-E90376FE9970}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F54E1781-E677-4904-A523-18BD3C28211E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/01 07:14:36 | 000,358,880 | R--- | M] (NETGEAR Inc.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/05/29 09:27:40 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/15 20:29:08 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\John\Desktop\tdsskiller.exe
[2012/10/15 20:28:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/10/15 20:28:50 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2012/10/14 18:13:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/14 18:11:48 | 000,000,000 | ---D | C] -- C:\d26fe0b9fe7e53c0a0707f
[2012/10/13 09:54:02 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\windows\SysWow64\wpcap.dll
[2012/10/13 09:54:01 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- C:\windows\SysWow64\Packet.dll
[2012/10/12 18:55:08 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Witcher 2
[2012/10/12 18:55:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\The Witcher 2
[2012/10/12 17:48:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/12 12:36:23 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/10/12 10:25:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/10/12 10:25:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/10/12 10:25:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/10/12 10:25:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/12 10:24:59 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/10/11 20:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/10/11 20:55:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/10/10 18:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/10/10 18:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/10/10 18:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/10/10 18:15:00 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/10/10 18:14:59 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/10/10 18:14:59 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/10/10 18:14:38 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012/10/10 18:14:37 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2012/10/10 18:14:28 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/10/10 14:59:29 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
[2012/10/10 14:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/10 14:53:08 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2012/10/10 14:52:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2012/10/10 14:52:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2012/10/10 14:52:55 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2012/10/08 22:38:22 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\Readings
[2012/10/08 22:37:06 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\Books
[2012/09/25 12:03:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/09/25 12:03:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/09/25 12:03:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/09/25 12:03:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/09/25 12:03:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/09/25 12:03:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/09/25 12:03:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/09/25 12:03:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/09/25 12:03:35 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/09/25 12:03:35 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/09/25 12:03:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/09/25 12:03:35 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/09/25 12:03:31 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/09/25 12:03:31 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/09/25 12:03:31 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/09/21 00:34:48 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browserchoice.exe
[2012/09/21 00:29:49 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2012/09/21 00:29:49 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2012/09/21 00:29:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\splwow64.exe
[2012/09/21 00:29:47 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
[2012/09/21 00:29:46 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\RNDISMP.sys
[2012/09/21 00:29:21 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2012/09/20 16:42:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/20 16:41:57 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2012/09/20 16:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/20 16:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/20 16:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/09/20 14:37:36 | 000,025,312 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\windows\SysNative\drivers\SCMNdisP.sys
[2012/09/20 14:37:31 | 000,047,632 | ---- | C] (CACE Technologies, Inc.) -- C:\windows\SysNative\drivers\npf.sys
[2012/09/20 14:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA3100v2 Smart Wizard
[2012/09/20 14:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR
[6 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[6 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/15 20:33:34 | 000,000,374 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics
[2012/10/15 20:33:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/15 20:32:57 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/15 20:31:29 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/15 20:31:29 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/15 20:23:13 | 000,001,254 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/15 20:19:12 | 000,003,280 | ---- | M] () -- C:\bootsqm.dat
[2012/10/15 19:52:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/10/15 19:52:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2012/10/15 19:51:16 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\John\Desktop\tdsskiller.exe
[2012/10/14 23:41:20 | 001,613,340 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/10/14 23:41:20 | 000,694,672 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/10/14 23:41:20 | 000,660,280 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/10/14 23:41:20 | 000,147,796 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/10/14 23:41:20 | 000,121,208 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/10/14 18:16:59 | 001,596,062 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/10/13 09:54:01 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2012/10/13 09:54:00 | 000,001,135 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2012/10/12 10:57:09 | 000,031,796 | ---- | M] () -- C:\Users\John\AppData\Roaming\wklnhst.dat
[2012/10/12 10:43:46 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/10/12 10:43:39 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/12 10:22:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/12 10:09:02 | 097,181,935 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/10/12 10:07:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3039023501-1864894584-1336937131-1000UA.job
[2012/10/12 00:59:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/10/11 21:36:30 | 000,000,087 | ---- | M] () -- C:\windows\wininit.ini
[2012/10/11 18:08:11 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3039023501-1864894584-1336937131-1000Core.job
[2012/10/11 07:13:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/10/11 07:13:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/10 22:15:02 | 000,302,592 | ---- | M] () -- C:\Users\John\Desktop\2x30vl8z.exe
[2012/10/10 14:57:36 | 064,536,365 | R--- | M] () -- C:\Users\John\Desktop\Batman_-_The_Dark_Knight_Returns.cbr
[2012/10/10 14:52:36 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2012/10/10 14:52:35 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2012/10/10 14:52:35 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2012/10/10 14:52:35 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2012/10/10 14:52:35 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2012/10/10 14:52:35 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2012/10/09 19:44:34 | 000,000,000 | ---- | M] () -- C:\Users\John\AppData\Roaming\SharedSettings.ccs
[2012/10/08 22:37:33 | 000,001,175 | ---- | M] () -- C:\Users\John\Desktop\The Return of Martin Fierro - Shortcut.lnk
[2012/10/08 22:37:33 | 000,001,139 | ---- | M] () -- C:\Users\John\Desktop\Martin Fierro El Gaucho - Shortcut.lnk
[2012/10/08 22:37:33 | 000,001,085 | ---- | M] () -- C:\Users\John\Desktop\Gravity's Rainbow - Shortcut.lnk
[2012/10/08 21:43:44 | 000,593,917 | ---- | M] () -- C:\Users\John\Desktop\johnwolfevoting.pdf
[2012/10/08 17:15:04 | 000,278,310 | ---- | M] () -- C:\Users\John\Desktop\Johnwolfehealthforms.pdf
[2012/10/03 16:09:36 | 000,311,090 | ---- | M] () -- C:\Users\John\Desktop\fwab_envelope.pdf
[2012/10/03 16:09:31 | 000,571,786 | ---- | M] () -- C:\Users\John\Desktop\fwab (1).pdf
[2012/10/01 17:56:35 | 000,123,189 | ---- | M] () -- C:\Users\John\Desktop\absentee_ballot.pdf
[2012/09/29 17:36:35 | 000,373,444 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/09/22 00:11:06 | 000,368,032 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/09/21 01:38:49 | 000,027,520 | ---- | M] () -- C:\Users\John\AppData\Local\dt.dat
[2012/09/20 14:40:06 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
[6 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[6 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/15 20:19:12 | 000,003,280 | ---- | C] () -- C:\bootsqm.dat
[2012/10/13 09:54:02 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll
[2012/10/13 09:54:01 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2012/10/12 10:25:46 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/10/12 10:25:46 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/10/12 10:25:46 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/10/12 10:25:46 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/10/12 10:25:46 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/10/11 21:36:30 | 000,000,087 | ---- | C] () -- C:\windows\wininit.ini
[2012/10/10 22:15:02 | 000,302,592 | ---- | C] () -- C:\Users\John\Desktop\2x30vl8z.exe
[2012/10/10 14:56:58 | 064,536,365 | R--- | C] () -- C:\Users\John\Desktop\Batman_-_The_Dark_Knight_Returns.cbr
[2012/10/09 19:44:34 | 000,000,000 | ---- | C] () -- C:\Users\John\AppData\Roaming\SharedSettings.ccs
[2012/10/08 22:37:33 | 000,001,175 | ---- | C] () -- C:\Users\John\Desktop\The Return of Martin Fierro - Shortcut.lnk
[2012/10/08 22:37:33 | 000,001,139 | ---- | C] () -- C:\Users\John\Desktop\Martin Fierro El Gaucho - Shortcut.lnk
[2012/10/08 22:37:33 | 000,001,085 | ---- | C] () -- C:\Users\John\Desktop\Gravity's Rainbow - Shortcut.lnk
[2012/10/08 21:43:44 | 000,593,917 | ---- | C] () -- C:\Users\John\Desktop\johnwolfevoting.pdf
[2012/10/08 17:15:01 | 000,278,310 | ---- | C] () -- C:\Users\John\Desktop\Johnwolfehealthforms.pdf
[2012/10/03 16:09:36 | 000,311,090 | ---- | C] () -- C:\Users\John\Desktop\fwab_envelope.pdf
[2012/10/03 16:09:31 | 000,571,786 | ---- | C] () -- C:\Users\John\Desktop\fwab (1).pdf
[2012/10/01 17:56:35 | 000,123,189 | ---- | C] () -- C:\Users\John\Desktop\absentee_ballot.pdf
[2012/09/21 01:38:49 | 000,027,520 | ---- | C] () -- C:\Users\John\AppData\Local\dt.dat
[2012/09/20 14:40:06 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
[2012/09/20 14:37:31 | 000,001,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2012/08/23 00:13:18 | 000,031,748 | ---- | C] () -- C:\Users\John\logo.gif
[2012/05/03 18:45:37 | 000,003,181 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp m4a Utilities.dat
[2012/05/03 18:44:30 | 000,003,627 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp m4a Nero AAC Encoder.dat
[2012/05/03 18:43:17 | 000,001,086 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp AIFF Codec.dat
[2012/05/03 18:43:10 | 000,002,869 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2012/05/03 18:43:02 | 000,002,900 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
[2012/05/03 18:42:56 | 000,002,901 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2012/05/03 18:42:49 | 000,002,884 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2012/04/12 02:10:42 | 057,428,513 | ---- | C] () -- C:\Users\John\single5.tif
[2012/04/12 02:10:40 | 040,924,355 | ---- | C] () -- C:\Users\John\single4.tif
[2012/04/12 02:10:38 | 050,390,837 | ---- | C] () -- C:\Users\John\single3.tif
[2012/04/12 02:10:36 | 044,493,829 | ---- | C] () -- C:\Users\John\single2.tif
[2012/04/12 02:10:34 | 042,957,829 | ---- | C] () -- C:\Users\John\single1.tif
[2012/04/12 02:10:32 | 046,000,007 | ---- | C] () -- C:\Users\John\single0.tif
[2012/04/12 02:08:35 | 282,195,399 | ---- | C] () -- C:\Users\John\single.tif
[2011/10/21 22:11:59 | 000,126,976 | ---- | C] () -- C:\windows\SysWow64\MFSBaseLib2889.dll
[2011/10/21 22:11:59 | 000,061,440 | ---- | C] () -- C:\windows\SysWow64\MFSIFLib2889.dll
[2011/10/15 05:54:52 | 000,321,856 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe
[2011/08/22 16:19:17 | 001,596,062 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/06/01 15:31:31 | 000,000,000 | ---- | C] () -- C:\Users\John\AppData\Local\{E9100FCD-80F3-4FDD-86D8-2B247B8871CC}
[2011/04/09 23:55:28 | 000,179,261 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2011/02/14 22:30:13 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2010/12/04 20:45:48 | 002,434,856 | ---- | C] () -- C:\windows\SysWow64\pbsvc_bc2.exe
[2010/11/10 08:45:32 | 000,102,744 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe
[2010/11/10 08:45:30 | 010,871,128 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2010/11/10 08:45:20 | 000,316,248 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2010/10/19 19:25:38 | 000,013,082 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/10/19 19:25:35 | 000,017,950 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/03/10 04:46:49 | 000,000,218 | ---- | C] () -- C:\Users\John\.recently-used.xbel
[2009/12/02 03:34:27 | 000,031,796 | ---- | C] () -- C:\Users\John\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >



OTL Extras logfile created on: 10/15/2012 8:36:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 63.27% Memory free
4.97 Gb Paging File | 3.30 Gb Available in Paging File | 66.42% Paging File free
Paging file location(s): c:\pagefile.sys 1000 10240e:\page [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.16 Gb Total Space | 579.88 Gb Free Space | 41.50% Space Free | Partition Type: NTFS
Drive D: | 47.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 956.98 Mb Total Space | 544.60 Mb Free Space | 56.91% Space Free | Partition Type: FAT32

Computer Name: BISMARCK | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3039023501-1864894584-1336937131-1000\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\windows\system32\rundll32.exe" "C:\windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [tralih] -- "C:\Program Files (x86)\Trader's Little Helper\tralih.exe" /0 "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [tralih] -- "C:\Program Files (x86)\Trader's Little Helper\tralih.exe" /0 "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01818D29-B23E-41B7-AC37-388C7F152874}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0A2611C4-7EE6-437E-907B-CC61535C1E7E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1463D9B7-E764-4878-B09B-4FF19B3BFE91}" = rport=138 | protocol=17 | dir=out | app=system |
"{2E6DBC08-9837-44EA-A73E-763870B09012}" = lport=138 | protocol=17 | dir=in | app=system |
"{3F4830AD-8A64-4DC5-AF58-BAA820E0C8D5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{411FBD37-78C6-4C5E-868E-C5685ED23A05}" = lport=5353 | protocol=17 | dir=in | name=bonjour |
"{4218B970-1FEF-4465-AA14-A286CE950A79}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46B81D8D-357E-4EA4-8E97-CFF31B69D696}" = rport=137 | protocol=17 | dir=out | app=system |
"{5370C7F0-0B1E-4CFA-ABD7-B71F2A1729CE}" = lport=445 | protocol=6 | dir=in | app=system |
"{59158E1C-8D26-4422-8438-E78E0F6EAC2B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5A3E2E7C-56F1-4D82-A883-E8EB1AD5FA78}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{61030973-7552-4AB0-B872-B7BB77C9CE82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{623AAB0B-0307-4D97-9F16-825A6A921800}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6C8E482A-156A-48C1-B09B-14E6FE0A2AED}" = rport=2869 | protocol=6 | dir=out | app=system |
"{6DE36E3C-8A46-451B-9FFE-7ECF8C1E4424}" = lport=139 | protocol=6 | dir=in | app=system |
"{73B5E0E4-07D5-40FA-9E37-BF05D0D0923A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{792398C4-6D0C-44C8-8595-88E81C1A5C3B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{83254F80-5CCD-4478-8E59-54BCB005A6AB}" = rport=445 | protocol=6 | dir=out | app=system |
"{8A889E0A-78CB-40CB-98BE-1E69E106686A}" = rport=139 | protocol=6 | dir=out | app=system |
"{90FEC8D9-4273-4A25-8BF0-B2E89AE9BAAC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{97747AC6-C65F-4D51-A9D5-09EB612FD5F4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{99E2733C-6E27-4E60-9DFC-9FCFAE655C28}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AD5CCFA8-5EFE-446D-84C8-8486C98FF6E6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B33A681A-5E02-4822-BD88-C2F94D6E8BC6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B5A4CC0D-5598-4B97-A892-7791E8184E3A}" = lport=137 | protocol=17 | dir=in | app=system |
"{BCCB5CA0-CC6E-49EC-9098-39019F7434A1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BEC89EEE-32EB-4E81-A89B-F89006F3EE76}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C43E69BC-A95C-4180-A94B-A15EC89AD6FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C5D38835-B66C-41A2-836F-736BA7AE22D1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C76A2D98-410B-4E31-91CC-564B0F75A621}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D646582C-E35A-40B1-8C78-CC3DC07802B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D92D4CB6-B08D-4FF3-9525-8BB1168FAFE8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC2D4DCA-61D4-46D3-AD51-9C52ABA4EBD9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EA3EC697-AA5B-4A82-9897-5F2760BE401B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F76346F1-96BA-4D36-BB6A-BB33E1F9C51D}" = lport=5353 | protocol=17 | dir=in | name=rendezvous |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AECF9C-04A5-49E5-843E-AAEC454B87DF}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{03606993-9B5B-428B-B5E9-5572F265CF53}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{037B472B-F6C0-4644-A3B6-DB4132676614}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war red tide\redtide.exe |
"{0505084F-7B34-48F6-BB8F-DDBEDA273FD1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{05CEBE52-F077-4583-9E87-787463006814}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{05D2B786-0EDE-4C14-B987-64FC23E01A33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war red tide\redtide.exe |
"{06E04376-607E-4AFE-A23F-3F2AC496AA22}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{079E79E7-FAFB-4487-A003-C252243C92F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat |
"{0D2B936F-D2C5-4BC1-BFF0-0DEC485D0EAC}" = protocol=6 | dir=out | app=system |
"{0D49C050-4C7C-4108-96D8-6D182179093B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe |
"{0E94BFC3-23FE-47B2-8841-EEF84C0CA0E3}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{10E22075-E7A8-485A-BCC4-C4F75E0E520D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{12AB71B1-833B-4B97-B8B5-156DC00C4A80}" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\spotify\spotify.exe |
"{12E03895-20CC-4609-B3B5-AEC6909425C7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{14B3564A-866C-4549-B30D-ADC814DD298D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{168C3FD0-66E6-44B4-B659-9F68751008B2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{176680E4-B004-445E-9FD3-20BFB03664CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{190E7618-2CA1-452E-A7DD-BC0390E9CC42}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{1AC6C310-8A96-4EEB-BDC1-E950F2984E12}" = protocol=6 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{1CB83F25-8B31-4FCD-92EB-E0ADCE558539}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{1D1C54C4-FC9A-483A-A0C0-FAE4321F139A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{1E5D3459-B4CE-4B2F-9A0F-A14E57043827}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{20E3963E-6475-4F9E-A880-7BA4BCC30287}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{21F8D694-2E7A-4A2E-930C-233E4C27C451}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat |
"{2200C150-BABA-447C-B3EA-ACE71AD03111}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2328BCBF-7F49-46B8-886A-164B5DFAC470}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{23C6B9F7-5189-4840-884F-EDEC399074D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow.exe |
"{243D3560-0CC6-473B-8A8C-831F8773C319}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{2513FCC7-B54E-4E92-BD69-9394B94FA2D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{2D75C5BB-05DF-480A-8468-FE59CE417A16}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\support\ea help\electronic_arts_technical_support.htm |
"{2DC3257D-498D-4853-84D6-8B696FA8913B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{33A62179-24F8-4904-96F8-6A00D936CE79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{33B010CB-1453-447C-9F91-37F66FA4CEE9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{342C1621-55E0-4C91-900E-82558894E44B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{361C50A9-3713-4360-89FA-53C46E0F89F7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{36272152-8321-4047-AB50-614F90BB2CEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{39F3A907-7796-47EF-BEEA-03FB925B500E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{3A9B1EFC-52D5-4D43-9F59-EEC934D7CB02}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3B3D03AA-E5D5-4066-A0B0-21EB3C1CD459}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{3B468A84-63F9-4D3F-B0EF-BCC819D0E791}" = dir=in | app=c:\program files (x86)\airport\apagent.exe |
"{3DC6B560-289C-4806-AD3E-1D5DA00042E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe |
"{3F1AD394-7767-4FFD-97A3-2120BFE83D0C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{3FFC4414-CFB1-4057-A3A0-B3366AA52DCA}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{413A0D8F-1FAA-452A-A374-C3FB44367A2B}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe |
"{415D2993-F30C-4C48-BB98-DDAD16B29586}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{423FD1D2-AE71-4BB3-AB29-032C31E8EE5E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{43ABA4DE-CF17-486E-BDEB-35659253EB46}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{46696124-3C5A-4DF4-9A4E-48DB0F80BB91}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{46923B65-0CCA-4A4F-8040-7F47ED23A109}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{479C6923-06CC-4A59-B886-CC733C1CA34C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe |
"{4A447747-7009-4F50-9687-DAA545229986}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4B454BAD-F759-4AA3-9BC2-2521828AD19C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame european escalation\wargame.exe |
"{4BBDE93B-D567-48FE-A16B-A044F68F5BA4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{4CBBB28C-8832-4214-B879-F369B46D381D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame european escalation\wargame.exe |
"{4DBBC7FE-17D8-4DC4-BCAE-7EC9319E7AEB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\support\ea help\electronic_arts_technical_support.htm |
"{4F187EB9-8522-40EA-84DB-30C939C8AD77}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{4FCC3BC0-C3B0-4896-9C69-A0A9741661EB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{5169DF02-9E41-4B5F-A6C8-9E90125A6710}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe |
"{521F3B9C-5958-4561-93B3-C7BE06E0106E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow_editor.exe |
"{527865E5-B373-4B5A-9703-5233FAEBF61C}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{53169C85-1049-4278-8DD5-4ED6F933D07E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{56821AFB-456D-42D0-9AA4-D611C2FF3910}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{574B1DA0-7481-42B7-825C-96328F9D8679}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5BBEDFE3-2555-44C6-B915-112E3F2EABAD}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{5CDC09B6-33E4-47FF-AE5A-8771F523249A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{5CEE8178-0115-4CB7-9D48-EA3F6541B2ED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5DB1B3CD-CE83-4753-8E12-978338FBAD90}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{5DB4E090-CB53-4DF9-A9E1-5369E369CFAA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{60AE868A-0CE8-4A87-8453-97208C96752A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6149B93C-BFCD-4B71-BB20-4D088EE923F2}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{633BDCB9-8FD0-4F37-977B-A091339D760A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{63D189A5-9806-4C39-B47C-0B8CCF005C66}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{668D1978-206F-4268-81AD-D858E5B28663}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{67840CFA-AD37-45B8-BA70-64562C76BA67}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame european escalation\wargame.exe |
"{67BF5F33-F5F4-4256-88B8-F44B79061351}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{6B21728C-F5C9-4653-A7A4-93269D54A9FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\operation flashpoint dragon rising\mission editor\missioneditor.exe |
"{6C0F4C92-F44F-4DF9-8F10-6D604CF1CC13}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{6DFA30E4-2015-4A6E-84B4-587D9BA7EAA8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{6E1F08F2-E888-44C0-8AB7-F6A876AFEE7E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{6F05C922-276B-4BEB-8103-66B3892574EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe |
"{6F1D1F11-0BCE-4B62-A283-C22B81C3BB11}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{6F971276-ECCF-416E-A395-32D7A0DB6F27}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{723D7215-884C-4577-9524-F0E2637427EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{725F7D53-332F-4F37-899C-48BBD4526DC8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{73FBCDFE-4773-4670-AD26-9A89150BDE9B}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{76202825-0C95-438E-BB7D-4599CA708C09}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe |
"{78E125F2-9BCE-4E1A-A77B-2994E8C6EA3F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{794828FF-0D8B-4879-8840-BAA2DF188740}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{79AD4088-FA7C-4024-B23A-7310B3AF87D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{7AACA0A2-ABE6-4325-A864-1D6A72F9A428}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D32141A-8FE6-4A48-ADC4-4EE2C8B567D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{7D3CECFA-8520-42BD-A542-B68029C370A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame european escalation\wargame.exe |
"{7EA68003-5C55-48BF-8462-00B32E124FDF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe |
"{8370DDC3-DE8D-49C9-BBBF-E6CC194CDBEB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{838B07FB-D3DD-4D69-A92E-51272DE8C6BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe |
"{8496A0CB-DB6D-4008-8764-BB20AC0D52A9}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8695EEB2-C8C5-40EF-959D-4FC342B35265}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{86F6A67B-0361-4957-B8AF-4137F0FC84B1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{87AF4B0C-AFF8-4C05-97CC-5787AC647193}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{89B6203A-BE35-417D-BC0B-2D53D1124BE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
"{89CCA5A7-9BAF-4785-9F47-BDFA3333C2EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{8C6C4852-D200-49CC-BC06-128CAAE793F9}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{8CF03AA4-71AA-42D9-A34F-FE9A548194ED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{8CF8383E-E09E-4745-8A51-F0FD0500A57A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8EA5884D-EED1-46C4-87E7-A026BC4DCB9F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow_editor.exe |
"{8EBD4437-6478-4AC4-A7D6-52FE6964412B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{8F1A5288-F6A3-477D-9F78-05D298E15BF0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{9184E6DF-93B3-4332-9AFF-4627178DCA65}" = protocol=17 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{92D9EF57-4F12-46A8-825D-3B849E650409}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{93BB8859-5DCF-475C-B1EA-10199CC513CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{94E38736-9B30-4818-90B0-7DDF3C7923DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war condemned heroes\condemnedheroes.exe |
"{981D0E82-450C-4B37-8BAD-622B34039F17}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{982B9658-4A8B-4FAB-BF2C-0ADE71369F21}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{98473AF9-F886-4A14-B2DD-3DC4FD8990A2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{9D9B070A-CA76-40F0-98D7-1783B4476630}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9E95642F-BEBA-4965-B33A-18221427877C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\support\ea help\electronic_arts_technical_support.htm |
"{9EEE2280-AAA3-4487-93BD-64DE0DA7886A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{A061D8C1-E8B7-4C1D-B355-6381687E9DCB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow.exe |
"{A178187D-6F2F-4928-8BF3-C89856ACF071}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A4631A60-3B9B-4393-8E26-DDA68D198A72}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\operation flashpoint dragon rising\mission editor\missioneditor.exe |
"{A46DFE48-528E-4451-B8E5-684AC94E3199}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{A49E8F5D-8006-438B-AB00-B81BADE64AF1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe |
"{A5CC6ED5-80C7-46EF-B1C6-5DCC5251DDA3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{A90EC333-17B3-4E31-970E-31E214D63770}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{A9CAF01C-8796-4B15-AEE2-EDB809D112B3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AAEDFD71-688A-4E30-A6F8-71AF00CDFB6D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ACE28142-B544-4AD4-A6DD-D2F6B56104D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
"{ADB1644E-C771-4BC3-88BA-EADAB15F51F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{AF19B9AD-8C70-4183-8CE6-6F381184F8AB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B005AC27-1983-4F17-8D44-E87E113CFB12}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{B0F384AD-AF3D-40AE-AEAD-ACE35F9D56B9}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{B191F8AF-50C2-43FB-AC0E-7FB18BBA9C49}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{B2B7F68E-73B6-4FBC-9208-4E945CE07FD7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{B7C00EF5-8DC8-4D94-9029-E26C593BAFA6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
"{B8766453-F2E2-4206-B9EF-346ECE026C0B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{B89DE446-BA98-47E0-A38B-3D74C30D8BB9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{BAA4C7E4-7FA3-4F35-85A5-A9DC4CD1B4A7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BBAB0BCB-96E1-46F7-9962-77550C179443}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC8003FB-8089-4C96-81E2-84BDB77390E3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{BFE22227-AB31-4CA9-A825-61436E5DD418}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{C20C0248-F087-439A-B67F-3660983A32C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\support\ea help\electronic_arts_technical_support.htm |
"{C61CFF4B-BAD5-41DA-9799-BF0A280B5CBF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CA8F5FAB-A8EF-479C-8E22-108E99EC9F8B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{CACEDA02-4602-429B-8F2A-DA69CA626E49}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{CB446739-88F1-43FB-9400-778F11AA6B3B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CC1BFD30-7CE2-443E-A749-30AE4ECC0213}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
"{CDE7DE80-718B-4572-A58D-52A88864A31F}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{CF6B9B5A-16A2-4E0D-A732-B88B8E11A48A}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D0FAF435-51B4-47E1-957A-B171CA9E2449}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{D540841B-0B12-4301-B088-FC0971DE4A14}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB2E222F-B37D-41BD-B9A5-A3441336F533}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DBBFA9EF-AFA8-4587-B17C-C6D4F4899103}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DBD794A3-C3CE-4BD1-B363-9E00B0D4B7D7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{DBFE78FD-6134-4CAD-9EE5-82C5EE7662BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{DC91285B-BB91-4FDC-A2E2-B9305B9D62FA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{DDD617D2-328B-4BB7-991A-7D640AF224E2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{DFAEAC64-6EEA-452B-9819-5CE841FD22E2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{E12A9B7E-7AEF-479F-8837-0FA8E170177A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{E19061C9-4498-424B-A431-ED0786B972DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E21A1874-0F0E-4785-A6AD-8B8E4BE0D488}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E296B320-7888-4052-8F8B-4B2068933EF2}" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\spotify\spotify.exe |
"{E523C0B5-D541-40FB-9C94-BBE209E750CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war condemned heroes\condemnedheroes.exe |
"{E6A61927-5E26-41DE-9E13-6DCF8D79F87D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{E750C996-2065-4656-80AC-AC5B0262E3D3}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{EE51DB38-AC49-4E56-858E-5B3AED2FB3A2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EF542508-82A6-4CE9-B528-491A97ABA1BE}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{EF98170F-3789-44EC-832A-CEB1AF194AA9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{F0913030-2BB4-4258-9580-5EB0D1E042AE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F21026A7-391C-4EAE-91A4-74D92E5AFB1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{F2B7198F-B2C0-4F7B-82B7-C2336DC6AFA6}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe |
"{F37BECAC-CA2B-4CEF-B183-C0937A8D4F92}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{F37DCBAA-7FD2-4B43-9A4D-8EDE1A562667}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F42B59E0-26D5-43C2-AF50-CF748065D0CD}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F48CF13A-FEDC-4EBD-8D83-83180242D94F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F4DA77DA-B973-4A12-83B0-476B99606EE4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{F7CC3D7C-CC20-4DFF-8BD0-FDF1DD29894D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{F8325D06-56AC-4248-8855-5D43265A9A06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FA219BD8-7430-4C2A-90B1-2BD3F5080F4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe |
"{FA57A2B9-DE88-4964-9EDD-65AE31F405AE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FA648C56-BE4D-4E09-8EBD-1F0738431472}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"TCP Query User{023EAC37-A8AD-49AD-A722-390C05550AC0}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{04B71053-9E4B-4181-B3F9-AC43AC7ADDF4}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{05B51B68-284A-4C44-BF88-97D745A5D999}C:\program files (x86)\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
"TCP Query User{08306FF3-9F00-4885-8E44-4E937678EC21}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{174843D0-8ABC-42D0-84B8-0A54DC03A5E3}C:\program files (x86)\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
"TCP Query User{19AEDF6B-45D9-47FE-B493-B98E192B4036}C:\program files (x86)\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
"TCP Query User{28AB6661-ED5E-4450-9350-791E38C9476A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{2A3D952D-3507-4E42-9EEB-6612AADFF5EC}C:\program files (x86)\xchat\xchat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xchat\xchat.exe |
"TCP Query User{3346DCD6-9C4E-4C71-A8CE-FCF3FC43F392}C:\program files (x86)\mass effect 2\binaries\eacoreserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\eacoreserver.exe |
"TCP Query User{3FDEB80A-40EE-4330-9761-9AACB043CEF7}C:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe |
"TCP Query User{469D7F87-3ADD-47E0-836B-8C81A229141F}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{4D3E4F13-7CD0-4D11-B864-0B598DF4181F}C:\users\john\appdata\local\opera\opera\temporary_downloads\keygen.dbpoweramp.music.converter.v13.45042.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\local\opera\opera\temporary_downloads\keygen.dbpoweramp.music.converter.v13.45042.exe |
"TCP Query User{77CA5178-D8FF-4809-89C0-1C7916CA8EE1}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{8647ABE4-3C39-44F0-9779-F22A770E643E}C:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\eflc.exe |
"TCP Query User{87ED7F6B-0737-4213-83C3-FF9CF0D5815F}C:\program files (x86)\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\quicktime\quicktimeplayer.exe |
"TCP Query User{8C865F09-5A64-4B5F-8A6C-2565FC856C61}C:\program files (x86)\steam\steamapps\common\men of war\mow.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow.exe |
"TCP Query User{906B0E2C-85A0-4909-8AF1-CD8C99A0BB75}C:\program files (x86)\activision\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackops.exe |
"TCP Query User{9C920723-1202-4F86-AF81-66AA0452E715}C:\program files (x86)\origin games\battlefield 2142 deluxe edition\bf2142.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 2142 deluxe edition\bf2142.exe |
"TCP Query User{AD49AD77-0E57-4F58-868A-1AC1B30A1970}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"TCP Query User{ADF627E1-93BA-4395-9478-6D011B2B8478}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"TCP Query User{B2D3E6F5-6E3C-4AEA-B648-09D996744773}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
"TCP Query User{BEF4D6E4-54E1-4ECA-8B37-DD3060958BA3}C:\program files (x86)\origin games\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\crysis 2\bin32\crysis2.exe |
"TCP Query User{D21E506A-73D1-4B3C-A97F-D288E394DDD8}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{D8D299A3-D97C-4233-877B-3011E0C79A7A}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"TCP Query User{DB82E537-CEA0-4EAA-AB19-8EACABB94445}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"TCP Query User{E0CE2036-6829-4B15-8892-2ACA1B36F02C}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{EADD65A5-DE93-4B82-ABF2-6B97FF729F4E}G:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=g:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{0359DAFE-8D36-4626-8AEE-A8DEA9334187}C:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\eflc.exe |
"UDP Query User{0393D728-F079-4B29-BC58-190265CCA326}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"UDP Query User{0E4DA211-945D-4B16-B784-F33B9447321F}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{25CEC3E8-7185-490A-8FA5-4695F8649A2D}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
"UDP Query User{434832C5-B0E0-4B01-8AE1-741C370B3040}C:\program files (x86)\xchat\xchat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xchat\xchat.exe |
"UDP Query User{441B8113-2211-4E22-BD71-B1346B551FCB}C:\users\john\appdata\local\opera\opera\temporary_downloads\keygen.dbpoweramp.music.converter.v13.45042.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\local\opera\opera\temporary_downloads\keygen.dbpoweramp.music.converter.v13.45042.exe |
"UDP Query User{46642158-F17D-406B-9AE7-48DD34CE4A1F}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{4797C151-C836-493F-BF70-E5662FEE01CC}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{48CA9A76-9D35-469D-A9B1-646C9BFAE84A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{68247059-5FA7-4605-A646-78A355A299C3}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{6886C3BB-CC01-4880-B07F-EE7C96033828}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{7EB13F52-226E-4108-AB16-53EE63E1B144}C:\program files (x86)\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\quicktime\quicktimeplayer.exe |
"UDP Query User{7F86DFAC-2565-43AA-B0C4-1B5620C8F5E4}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"UDP Query User{8215B4C7-4123-4D47-A71F-9177A4344471}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"UDP Query User{87B03786-E049-46F7-A907-8A675F48BB13}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{8B9FB182-08E9-4F71-ACB9-E4B6B3189DDB}G:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=g:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{8F425248-5893-4889-8DF2-CBBDD2F7C41A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{91CF09D0-C49B-4178-923E-A7CE59BDAAA5}C:\program files (x86)\origin games\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\crysis 2\bin32\crysis2.exe |
"UDP Query User{AA239430-FA2D-4289-9374-A4A8026D084E}C:\program files (x86)\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
"UDP Query User{B456B9C5-CF5F-4A05-B38C-968D3962689C}C:\program files (x86)\mass effect 2\binaries\eacoreserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\eacoreserver.exe |
"UDP Query User{BAE16CDE-2F36-44FA-9169-20ABB092FCEE}C:\program files (x86)\steam\steamapps\common\men of war\mow.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow.exe |
"UDP Query User{BAFE4DB7-5798-4E33-8493-0AA2425C1DC6}C:\program files (x86)\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
"UDP Query User{C5CC1F54-7F50-493E-9992-4FA5C24A3DFF}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"UDP Query User{C8CF34E8-2B68-4CBE-B24C-1D6D68A1AFFC}C:\program files (x86)\origin games\battlefield 2142 deluxe edition\bf2142.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 2142 deluxe edition\bf2142.exe |
"UDP Query User{E5CA9F09-829A-41D8-996E-E54AA9C21FF4}C:\program files (x86)\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
"UDP Query User{F676C5CB-1A9B-4614-84C0-FA080710A27D}C:\program files (x86)\activision\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackops.exe |
"UDP Query User{FBD4AB10-B7AA-427A-B079-6A38313A6990}C:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{344C0D46-2EF4-4BC8-AE03-3DACDA9B9485}" = AVG 2012
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"CCleaner" = CCleaner
"ComicRack" = ComicRack v0.9.154
"Defraggler" = Defraggler
"ImageMagick 6.7.6 Q16_is1" = ImageMagick 6.7.6-5 Q16 (2012-05-01)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"VueScan" = VueScan

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{186A63A2-4256-43C6-8061-95EF77A5CDB6}" = Sid Meier's Civilization 4
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37306C0F-1248-4C2E-9B86-E964AAA81101}" = Minolta DiMAGE Scan Dual3 ver 1.0
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{894084B6-BC69-43B7-BF06-B93AECFEA520}" = GameSpy Comrade
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BCC07D2-4841-4450-81AA-A074C0969C44}_is1" = Civilization V Deluxe Edition
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DADCF758-378B-4EF8-BB3F-AF60B5B6FCDD}" = AirPort
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142 Deluxe Edition
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F324D324-6531-33DC-F5BA-CD360B156275}" = Comcast Access
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{Stalker Complete 2009 v1.4.4}}_is1" = Stalker Complete 2009 v1.4.4
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"Battlelog Web Plugins" = Battlelog Web Plugins
"com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1" = Comcast Access
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"DarthMod Ultimate Commander Edition" = DarthMod Ultimate Commander Edition
"dBpoweramp [Calculate Audio CRC] Codec" = dBpoweramp [Calculate Audio CRC] Codec
"dBpoweramp [ID Tag Update] Codec" = dBpoweramp [ID Tag Update] Codec
"dBpoweramp [ReplayGain] Codec" = dBpoweramp [ReplayGain] Codec
"dBpoweramp [Tag From Filename] Codec" = dBpoweramp [Tag From Filename] Codec
"dBpoweramp AIFF Codec" = dBpoweramp AIFF Codec
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp m4a Nero AAC Encoder" = dBpoweramp m4a Nero AAC Encoder
"dBpoweramp m4a Utilities" = dBpoweramp m4a Utilities
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DiskAid_is1" = DiskAid 3.11
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"EA Installer.-2099549384" = EA Installer
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"Google Chrome" = Google Chrome
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"InstallShield_{DADCF758-378B-4EF8-BB3F-AF60B5B6FCDD}" = AirPort
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Origin" = Origin
"Pidgin" = Pidgin
"PunkBusterSvc" = PunkBuster Services
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
"Steam App 10500" = Empire: Total War
"Steam App 12830" = Operation Flashpoint: Dragon Rising
"Steam App 204860" = Men of War: Condemned Heroes
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition
"Steam App 24860" = Battlefield 2
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 3130" = Men of War: Red Tide
"Steam App 34030" = Napoleon: Total War
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat
"Steam App 4560" = Company of Heroes
"Steam App 50130" = Mafia II
"Steam App 57400" = Batman: Arkham City™
"Steam App 58610" = Wargame: European Escalation
"Steam App 64000" = Men of War: Assault Squad
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 7670" = BioShock
"Steam App 7830" = Men of War
"Steam App 8190" = Just Cause 2
"Steam App 8850" = BioShock 2
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 8980" = Borderlands
"Steam App 9340" = Company of Heroes: Opposing Fronts
"TradersLittleHelper_is1" = Trader's Little Helper 2.5.0
"Trillian" = Trillian
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"Xilisoft iPod Manager" = Xilisoft iPod Rip

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3039023501-1864894584-1336937131-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (John)
"GoogleToolBar" = GoogleToolBar
"Move Media Player" = Move Media Player
"MusicManager" = Music Manager
"Spotify" = Spotify
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/3/2011 6:45:04 PM | Computer Name = Bismarck | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/3/2011 6:45:04 PM | Computer Name = Bismarck | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6006

Error - 11/3/2011 6:45:04 PM | Computer Name = Bismarck | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6006

Error - 11/3/2011 6:45:05 PM | Computer Name = Bismarck | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/3/2011 6:45:05 PM | Computer Name = Bismarck | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7004

Error - 11/3/2011 6:45:05 PM | Computer Name = Bismarck | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7004

Error - 11/3/2011 6:45:06 PM | Computer Name = Bismarck | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/3/2011 6:45:06 PM | Computer Name = Bismarck | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8003

Error - 11/3/2011 6:45:06 PM | Computer Name = Bismarck | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8003

Error - 11/3/2011 8:01:09 PM | Computer Name = Bismarck | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ System Events ]
Error - 10/15/2012 3:33:33 PM | Computer Name = Bismarck | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = The BITS service failed to start. Error 2147952450.

Error - 10/15/2012 3:33:33 PM | Computer Name = Bismarck | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error %%-2147014846.

Error - 10/15/2012 3:34:03 PM | Computer Name = Bismarck | Source = DCOM | ID = 10010
Description =

Error - 10/15/2012 3:35:36 PM | Computer Name = Bismarck | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Update Service Daemon service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/15/2012 3:35:37 PM | Computer Name = Bismarck | Source = Service Control Manager | ID = 7000
Description = The HTTP service failed to start due to the following error: %%22

Error - 10/15/2012 3:35:37 PM | Computer Name = Bismarck | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the HTTP service which failed to start because of the following error: %%22

Error - 10/15/2012 3:35:39 PM | Computer Name = Bismarck | Source = Service Control Manager | ID = 7023
Description = The Windows Update service terminated with the following error: %%-2147014846

Error - 10/15/2012 3:36:20 PM | Computer Name = Bismarck | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = The BITS service failed to start. Error 2147952450.

Error - 10/15/2012 3:36:20 PM | Computer Name = Bismarck | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error %%-2147014846.

Error - 10/15/2012 3:36:50 PM | Computer Name = Bismarck | Source = DCOM | ID = 10010
Description =


< End of report >



Thanks again, you've been a terrific help already.

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:20 AM

Posted 15 October 2012 - 04:47 PM

Hi John,

Thanks for your efforts and detailed explanation. It does help quite a bit.

A couple of follow-up issues:

  • Were you able to uninstall Spybot?
  • Are your trying to uninstall Chrome because it won't launch or because you want to delete it?
Please consider and perform the following for me.


===================================================


CRACKING SOFTWARE WARNING

--------------------


Post by quietman7, on 02 October 2009 - 05:16 AM, said:


A Keygen is a program which is used to illegally bypass copy protection on games and commercial software by generating a random serial number, or "cd key", that matches the software it is intended to be used with.

A Cracking tool is used to copy commercial software illegally by breaking the various copy-protection and registration techniques being used.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Quote
Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

Quote
...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

Quote
...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

Quote
...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

Some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.



===================================================


P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.


===================================================


Run OTL Fix

--------------------

  • Double click on the Posted Image icon on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    IE - HKU\S-1-5-21-3039023501-1864894584-1336937131-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3072253
    IE - HKU\S-1-5-21-3039023501-1864894584-1336937131-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=UT2
    FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    [2009/11/29 00:30:23 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    [2012/04/18 05:39:24 | 000,000,935 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0wmjyopw.default\searchplugins\conduit.xml
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2011/06/01 15:31:31 | 000,000,000 | ---- | C] () -- C:\Users\John\AppData\Local\{E9100FCD-80F3-4FDD-86D8-2B247B8871CC}
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

===================================================


Virustotal Online Virus Scanner

--------------------

  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file, double click on it so the file name is populated, then click Scan it!

    C:\Users\John\Desktop\2x30vl8z.exe
  • Once completed, highlight the information in the address bar and copy then paste the link in your reply


    Posted Image

===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Questions
  • OTL.txt
  • VirusTotal link
  • FSS.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 m267

m267
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 15 October 2012 - 05:17 PM

Thanks for the help, I hope it hasn't been too much trouble.

I was able to uninstall spybot, it seemed to go smoothly, although it said somethings would have to be removed manually.

I was trying to uninstall chrome because I thought maybe it had been damaged by the virus and thus a new install would launch. Chrome is my secondary browser (Opera being the primary).

========== OTL ==========
HKU\S-1-5-21-3039023501-1864894584-1336937131-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3039023501-1864894584-1336937131-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
Prefs.js: "uTorrentControl2 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0wmjyopw.default\searchplugins\conduit.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\John\AppData\Local\{E9100FCD-80F3-4FDD-86D8-2B247B8871CC} moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 10152012_230703


https://www.virustotal.com/file/ce723717c56b2231ea7843f5408225b07a997b466584d38d278db5e7cf2c2eb0/analysis/1350339208/


Farbar Service Scanner Version: 07-10-2012
Ran by John (administrator) on 15-10-2012 at 23:08:19
Running from "C:\Users\John\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-16 00:57] - [2012-10-12 10:46] - 0020048 ____A (AVG Technologies CZ, s.r.o. ) A3C13A0135BEAE18C7E2310D95F0D605

ATTENTION!=====> C:\Windows\System32\drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-10 18:14] - [2012-06-02 06:41] - 0184320 ____A (Microsoft Corporation) 9C01375BE382E834CC26D1B7EAF2C4FE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Good luck!

#8 m267

m267
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 15 October 2012 - 05:19 PM

Ah, I forgot to say that the file you wanted me to scan is just GMER, that's why it has such a strange name. But I scanned it anyways.

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:20 AM

Posted 15 October 2012 - 05:42 PM

Hi John,

that the file you wanted me to scan is just GMER

I thought that file was legitimate and assoicated with a malware detection program but I could not locate any other entries with that day and time. Thanks for following up.

We will deal with Chrome after we take a stab at your internet issue. Farbar Service Scanner revealed some things that need to be repaired.

First step, please do this.


===================================================


SystemLook by jpshortstuff

--------------------

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:

    :filefind
    afd.*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • SystemLook results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 m267

m267
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 15 October 2012 - 05:58 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 23:53 on 15/10/2012 by John
Administrator - Elevation successful

========== filefind ==========

Searching for "afd.*"
C:\Windows\System32\drivers\AFD.SYS --a---- 20048 bytes [23:57 15/02/2012] [09:46 12/10/2012] A3C13A0135BEAE18C7E2310D95F0D605
C:\Windows\System32\drivers\de-DE\afd.sys.mui --a---- 16896 bytes [14:09 07/04/2011] [23:09 13/07/2009] 99FDC900232F195FEE2B3553469E9040
C:\Windows\System32\drivers\en-US\afd.sys.mui --a---- 14848 bytes [05:35 14/07/2009] [02:30 14/07/2009] E6A5E6AD9C6F4F30061068F321C0EC5A
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.1.7600.16385_de-de_feecdc09a93995c9\afd.sys.mui --a---- 16896 bytes [14:09 07/04/2011] [23:09 13/07/2009] 99FDC900232F195FEE2B3553469E9040
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a7ddb2029817a18e\afd.sys.mui --a---- 14848 bytes [05:35 14/07/2009] [02:30 14/07/2009] E6A5E6AD9C6F4F30061068F321C0EC5A
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys --a---- 500224 bytes [23:21 13/07/2009] [23:21 13/07/2009] B9384E03479D2506BC924C16A3DB87BC
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys --a---- 499712 bytes [05:42 29/06/2011] [02:44 25/04/2011] 6EF20DDF3172E97D69F596FB90602F29
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys --a---- 499200 bytes [23:57 15/02/2012] [03:59 28/12/2011] DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys --a---- 499712 bytes [05:42 29/06/2011] [02:44 25/04/2011] FBFF8B7C9D116229E9208A0D1CAEB49B
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys --a---- 499200 bytes [23:57 15/02/2012] [04:01 28/12/2011] CCA39961E76B491DDF44B1E90FC8971D
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys --a---- 499712 bytes [20:51 24/02/2011] [09:23 20/11/2010] D31DC7A16DEA4A9BAF179F3D6FBDB38C
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys --a---- 499200 bytes [05:42 29/06/2011] [02:34 25/04/2011] D5B031C308A409A0A576BFF4CF083D30
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys --a---- 498688 bytes [23:57 15/02/2012] [03:59 28/12/2011] 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys --a---- 499200 bytes [05:42 29/06/2011] [03:09 25/04/2011] F4AD06143EAC303F55D0E86C40802976
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys --a---- 498176 bytes [23:57 15/02/2012] [04:01 28/12/2011] 36A14FD1A23F57046361733B792CA8DB

-= EOF =-

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:20 AM

Posted 15 October 2012 - 06:06 PM

Hi John,

Excellent. Now please do this.

BTW, no trouble at all. We haven't even broken a sweat yet! :thumbup2:


===================================================


Copying and Overwriting a File Using CMD

--------------------

  • Press windows key Posted Image + r on your keyboard at the same time
  • Type cmd, press Enter, and a black screen will appear
  • Copy and paste (pasting requires you right click and select paste) the following after the command prompt and then press Enter

    copy C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys C:\Windows\System32\drivers\afd.sys
  • When asked if you want to overwrite the file hit the Y key and press Enter
  • You should receive a notification indicating 1 file(s) copied.
  • Type Exit then hit Enter
  • Reboot your computer
  • Re-Run Farbar's Service Scanner

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Did the file copy successfully?
  • FSS.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 m267

m267
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 15 October 2012 - 06:38 PM

Everything copied just fine.



Farbar Service Scanner Version: 07-10-2012
Ran by John (administrator) on 16-10-2012 at 00:32:38
Running from "C:\Users\John\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-10 18:14] - [2012-06-02 06:41] - 0184320 ____A (Microsoft Corporation) 9C01375BE382E834CC26D1B7EAF2C4FE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Thanks!

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:20 AM

Posted 15 October 2012 - 06:44 PM

Hi John,

Perfect. Now we are going to try to manually uninstall Chrome and see if that goes OK. Please do this for me.


===================================================


Manually Uninstalling Chrome

--------------------

  • Click Start, Control Panel, then Folder Options
  • Click the View tab
  • Make sure the Hide extensions for known file types checkbox is deselected
  • Press windows key Posted Image + r on your keyboard at the same time
  • Type Notepad and press Enter
  • Copy/paste the following text inside the code box into a new notepad document.

    Windows Registry Editor Version 5.00
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML] 
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\chrome.exe] 
    [HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
    "Chrome"=-
    
    [-HKEY_CURRENT_USER\SOFTWARE\Classes\ChromeHTML] 
    [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\chrome.exe] 
    [HKEY_CURRENT_USER\SOFTWARE\RegisteredApplications]
    "Chrome"=-
    
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Chrome]
    [-HKEY_CURRENT_USER\Software\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    [-HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    
    [-HKEY_CURRENT_USER\Software\Google\Update\Clients\{00058422-BABE-4310-9B8B-B8DEB5D0B68A}]
    [-HKEY_CURRENT_USER\Software\Google\Update\ClientState\{00058422-BABE-4310-9B8B-B8DEB5D0B68A}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
  • Click File, then Save As...
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input google.reg.
  • Click Save
  • Double click google.reg and answer Yes to the prompts. You should receive the message that the entries have been successfully merged. If not, post back with the error message.
  • Delete google.reg after use.
  • Reboot your computer
  • Click Start, then Run
  • Enter one of the following commands in the text field, depending on your operating system:

    %USERPROFILE%\Local Settings\Application Data\Google (XP)
    %LOCALAPPDATA%\Google (7/Vista)

  • Delete the Chrome folder in the directory that opens
  • Reboot your computer
  • Attempt to install Chrome

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • How did it go?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 m267

m267
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 15 October 2012 - 07:11 PM

All right, Chrome is running again and I can get on the internet. Thanks so much, really fantastic job. Is there anything else I need to do?

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:20 AM

Posted 15 October 2012 - 07:44 PM

Hi John,

Yes there are a few more things to do. It appears Windows Automatic Update is disabled and I would like to make sure we can activate it. There are 2 other items to address in this post.

Please do this.


===================================================


adwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Search
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================


Uninstalling a Program using Add/Remove Program

--------------------

  • Press windows key Posted Image + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of programs installed will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

    Java™ 6 Update 29

===================================================


Modifying Windows Automatic Update Settings

--------------------

  • Press the windows key Posted Image + r on your keyboard at the same time
  • Copy and paste the following and hit Enter

    %windir%\system32\wuapp.exe startmenu
  • Select Change Settings
  • Select the type of Automatic Update you would like
  • Click OK


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • AdwCleaner[R1].txt
  • Did Java uninstall?
  • Is Windows Update activated?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users