Inactive Svchost.exe, Trojan.Agent, I've exhausted my knowledge base.

promethius235

promethius235

Posts: 11   +0
So, I've recently discovered a virus on my computer and, although I have a semi extensive knowledge of malware removal, my efforts were fruitless. Please help, Tech Spot is my last shot at being rid of this accursed internet thieving trojan.

The reports as per the forum are:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.07.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Joey :: CERBERUS [administrator]

10/7/2012 1:02:01 PM
mbam-log-2012-10-07 (13-02-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226373
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4136 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-07 13:19:09
Windows 6.1.7601 Service Pack 1
Running: nmdugn70.exe


---- Files - GMER 1.0.15 ----

File C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Cookies\KTHOH2SX.txt 91 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02NMWDQS\1[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02NMWDQS\1[2].htm 162 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02NMWDQS\2-002134003-00001j;size=4[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02NMWDQS\2[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02NMWDQS\2[2].htm 171 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02NMWDQS\ping[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02NMWDQS\glamadapt_jsrv[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02NMWDQS\glamadapt_jsrv[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02NMWDQS\3[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02NMWDQS\5555555555[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02NMWDQS\imp[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02NMWDQS\arts-and-culture[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02NMWDQS\jscript[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02NMWDQS\json[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02NMWDQS\visit[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0EAWFNDG.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\L2M9UDSW.txt 105 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\782KORL9.txt 988 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\OHM6SB8G.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\OK3ZKGUI.txt 119 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\OZ64IGED.txt 103 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\P2DUT7JA.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\P3X0D9CW.txt 785 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\P9FS19LR.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\PZLBRNEK.txt 97 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\EAYS2KS4.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\F55P2A4E.txt 1018 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\F87YJ9SS.txt 310 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\FGJERYJI.txt 156 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9YTUKQBR.txt 1738 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ARXKTF0B.txt 393 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\BICJNYGB.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\BX2AT6G5.txt 147 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\3Y0KJN0D.txt 1104 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\47H1VRF4.txt 433 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\RAD8TZWC.txt 86 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\G2L7ZSRV.txt 112 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\G472RVUP.txt 1109 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GODYJ4WF.txt 166 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GSPTN2SM.txt 783 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VB3IL9JQ.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\MQJGFZB4.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1TXDQL2E.txt 149 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\269KY5ZS.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\2BBDF1BN.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\BZNQOROH.txt 708 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\C6FHNROK.txt 290 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\8HOHT625.txt 407 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\8HOR0P0Z.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9Q5OWBVN.txt 202 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Y4U7TJWL.txt 463 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\R6EOQ3Y3.txt 1793 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\R7IP48EB.txt 904 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4TIFNSDC.txt 187 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4Y4SLCV2.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\52QF1FQ4.txt 352 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\536ZU9V8.txt 142 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\57KFDQNY.txt 327 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\57NN7J1E.txt 157 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\5D18GZE5.txt 91 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\HA5ZMC4V.txt 110 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\NH23B9H9.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\NQ46E73O.txt 433 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JCTGIO5I.txt 99 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JEDPJYJX.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JLQJ9JGS.txt 368 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\D54B2125.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\DLUHVXXW.txt 522 bytes

---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by Joey at 12:57:23 on 2012-10-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4108 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
D:\Steam\Steam.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Users\Joey\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Users\Joey\Downloads\mbam-setup-1.65.0.1400.exe
C:\Users\Joey\AppData\Local\Temp\is-UGI5S.tmp\mbam-setup-1.65.0.1400.tmp
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Joey\Downloads\nmdugn70.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9851
mStart Page = hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9851
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spotify] "C:\Users\Joey\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Steam] "D:\Steam\Steam.exe" -silent
uRun: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2645CGY805PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
uRun: [Spotify Web Helper] "C:\Users\Joey\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [RaidCall] C:\Program Files (x86)\RaidCall\raidcall.exe
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Joey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Joey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\system32\RunDll32.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{A06669DE-0934-4BC6-BB01-DF53374540F0} : DhcpNameServer = 192.168.254.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [RaidCall] C:\Program Files (x86)\RaidCall\raidcall.exe
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\pcdmj186.default\
FF - prefs.js: browser.search.selectedEngine - MyTools
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - prefs.js: keyword.URL - hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9851&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Joey\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: D:\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-12-17 381248]
R3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\system32\DRIVERS\Rtnic64.sys --> C:\Windows\system32\DRIVERS\Rtnic64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-17 2348864]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-10-07 17:56:39 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-07 17:56:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-07 17:47:29 20480 ----a-w- C:\Windows\svchost.exe
2012-10-07 17:41:19 -------- d-sh--w- C:\$RECYCLE.BIN
2012-10-07 13:52:13 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-10-07 13:52:11 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C36D045C-3BAA-421F-99EC-DCD281A8A4D5}\mpengine.dll
2012-10-07 11:42:03 98816 ----a-w- C:\Windows\sed.exe
2012-10-07 11:42:03 518144 ----a-w- C:\Windows\SWREG.exe
2012-10-07 11:42:03 256000 ----a-w- C:\Windows\PEV.exe
2012-10-07 11:42:03 208896 ----a-w- C:\Windows\MBR.exe
2012-10-07 11:19:28 -------- d-----w- C:\Program Files\LockHunter
2012-10-06 06:10:23 -------- d-----w- C:\Users\Joey\AppData\Roaming\Malwarebytes
2012-10-06 06:09:51 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-19 05:07:36 -------- d-----w- C:\Users\Joey\AppData\Roaming\raidcall
2012-09-19 05:07:25 -------- d-----w- C:\Program Files (x86)\RaidCall
2012-09-12 16:45:09 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 16:45:09 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 16:45:07 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 16:45:07 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 16:45:06 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 16:45:06 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 16:45:06 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2012-09-05 18:06:33 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-05 18:06:32 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-18 00:28:24 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-14 05:00:22 955840 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-08-14 05:00:22 839096 ----a-w- C:\Windows\System32\deployJava1.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 12:57:47.29 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/16/2012 8:34:32 PM
System Uptime: 10/7/2012 12:46:05 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5K
Processor: Intel(R) Core(TM)2 Extreme CPU Q6850 @ 3.00GHz | LGA775 | 1978/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 69 GiB total, 22.902 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 75.703 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable
H: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&20D7719E&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&20D7719E&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP195: 10/5/2012 8:38:31 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
AC3Filter (remove only)
AC3Filter 1.63b
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
Audacity 2.0
Coupon Printer for Windows
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Web Player
Dropbox
Fraps (remove only)
Guild Wars 2
HP Deskjet 3050A J611 series Help
HP Photo Creations
HP Update
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Java Auto Updater
Java(TM) 6 Update 23
join.me
jZip
Lunar Flight
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
neroxml
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Plants vs. Zombies: Game of the Year
PowerISO
RaidCall
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Sid Meier's Civilization V
Skype™ 5.10
Spotify
Steam
swMSM
Universe Sandbox
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.762
VLC media player 2.0.1
.
==== Event Viewer Messages From Past Week ========
.
10/7/2012 8:54:30 AM, Error: Microsoft Antimalware [2001] -
10/7/2012 8:33:00 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/7/2012 6:49:31 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
10/7/2012 6:43:34 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2012 6:42:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
10/7/2012 6:27:37 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2012 6:27:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/7/2012 6:27:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/7/2012 6:27:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/7/2012 6:27:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/7/2012 6:27:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO discache MpFilter SCDEmu spldr Wanarpv6
10/7/2012 6:27:04 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002fd36ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 100712-25225-01.
10/7/2012 6:21:40 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
10/7/2012 6:21:40 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/7/2012 6:21:40 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/7/2012 6:21:40 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/7/2012 6:21:40 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/7/2012 6:21:40 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/7/2012 6:21:40 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/7/2012 6:21:40 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/7/2012 6:21:40 AM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/7/2012 6:21:40 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/7/2012 6:21:40 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/7/2012 12:48:34 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/7/2012 12:48:34 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
10/7/2012 12:46:35 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
10/7/2012 12:33:52 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/7/2012 12:33:36 PM, Error: Application Popup [1060] - \??\C:\svchost.exe\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================

These are all the reports, in the correct order. Please, for the love of all things good and wholesome, help me kill it. Kill it with the fire of a thousand suns.
 
Welcome aboard :)

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
15:19:53.0508 3292 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:19:54.0039 3292 ============================================================
15:19:54.0039 3292 Current date / time: 2012/10/07 15:19:54.0039
15:19:54.0039 3292 SystemInfo:
15:19:54.0039 3292
15:19:54.0039 3292 OS Version: 6.1.7601 ServicePack: 1.0
15:19:54.0039 3292 Product type: Workstation
15:19:54.0039 3292 ComputerName: CERBERUS
15:19:54.0039 3292 UserName: Joey
15:19:54.0039 3292 Windows directory: C:\Windows
15:19:54.0039 3292 System windows directory: C:\Windows
15:19:54.0039 3292 Running under WOW64
15:19:54.0039 3292 Processor architecture: Intel x64
15:19:54.0039 3292 Number of processors: 4
15:19:54.0039 3292 Page size: 0x1000
15:19:54.0039 3292 Boot type: Normal boot
15:19:54.0039 3292 ============================================================
15:19:56.0831 3292 BG loaded
15:19:57.0372 3292 Drive \Device\Harddisk0\DR0 - Size: 0x114FF30000 (69.25 Gb), SectorSize: 0x200, Cylinders: 0x234F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:19:57.0392 3292 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:19:57.0412 3292 Drive \Device\Harddisk2\DR2 - Size: 0x7A1D2200 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:19:57.0422 3292 ============================================================
15:19:57.0422 3292 \Device\Harddisk0\DR0:
15:19:57.0442 3292 MBR partitions:
15:19:57.0442 3292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8A7818F
15:19:57.0442 3292 \Device\Harddisk1\DR1:
15:19:57.0478 3292 MBR partitions:
15:19:57.0478 3292 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
15:19:57.0478 3292 \Device\Harddisk2\DR2:
15:19:57.0479 3292 MBR partitions:
15:19:57.0479 3292 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x6, StartLBA 0xF5, BlocksNum 0x3D070B
15:19:57.0479 3292 ============================================================
15:19:57.0644 3292 C: <-> \Device\Harddisk0\DR0\Partition1
15:19:57.0804 3292 D: <-> \Device\Harddisk1\DR1\Partition1
15:19:57.0804 3292 ============================================================
15:19:57.0804 3292 Initialize success
15:19:57.0804 3292 ============================================================
 
16:40:33.0065 2660 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:40:33.0595 2660 ============================================================
16:40:33.0595 2660 Current date / time: 2012/10/07 16:40:33.0595
16:40:33.0595 2660 SystemInfo:
16:40:33.0595 2660
16:40:33.0595 2660 OS Version: 6.1.7601 ServicePack: 1.0
16:40:33.0595 2660 Product type: Workstation
16:40:33.0595 2660 ComputerName: CERBERUS
16:40:33.0595 2660 UserName: Joey
16:40:33.0595 2660 Windows directory: C:\Windows
16:40:33.0595 2660 System windows directory: C:\Windows
16:40:33.0595 2660 Running under WOW64
16:40:33.0595 2660 Processor architecture: Intel x64
16:40:33.0595 2660 Number of processors: 4
16:40:33.0595 2660 Page size: 0x1000
16:40:33.0595 2660 Boot type: Normal boot
16:40:33.0595 2660 ============================================================
16:40:34.0095 2660 BG loaded
16:40:34.0297 2660 Drive \Device\Harddisk0\DR0 - Size: 0x114FF30000 (69.25 Gb), SectorSize: 0x200, Cylinders: 0x234F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:40:34.0297 2660 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:40:34.0313 2660 Drive \Device\Harddisk2\DR2 - Size: 0x7A1D2200 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:40:34.0313 2660 ============================================================
16:40:34.0313 2660 \Device\Harddisk0\DR0:
16:40:34.0329 2660 MBR partitions:
16:40:34.0329 2660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8A7818F
16:40:34.0329 2660 \Device\Harddisk1\DR1:
16:40:34.0329 2660 MBR partitions:
16:40:34.0329 2660 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
16:40:34.0329 2660 \Device\Harddisk2\DR2:
16:40:34.0329 2660 MBR partitions:
16:40:34.0329 2660 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x6, StartLBA 0xF5, BlocksNum 0x3D070B
16:40:34.0329 2660 ============================================================
16:40:34.0329 2660 C: <-> \Device\Harddisk0\DR0\Partition1
16:40:34.0344 2660 D: <-> \Device\Harddisk1\DR1\Partition1
16:40:34.0344 2660 ============================================================
16:40:34.0344 2660 Initialize success
16:40:34.0344 2660 ============================================================
16:40:35.0857 5360 ============================================================
16:40:35.0857 5360 Scan started
16:40:35.0857 5360 Mode: Manual;
16:40:35.0857 5360 ============================================================
16:40:36.0528 5360 ================ Scan system memory ========================
16:40:36.0528 5360 System memory - ok
16:40:36.0528 5360 ================ Scan services =============================
16:40:36.0653 5360 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:40:36.0653 5360 1394ohci - ok
16:40:36.0684 5360 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:40:36.0684 5360 ACPI - ok
16:40:36.0700 5360 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:40:36.0700 5360 AcpiPmi - ok
16:40:36.0778 5360 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:40:36.0778 5360 AdobeARMservice - ok
16:40:36.0809 5360 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:40:36.0809 5360 adp94xx - ok
16:40:36.0840 5360 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:40:36.0840 5360 adpahci - ok
16:40:36.0856 5360 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:40:36.0856 5360 adpu320 - ok
16:40:36.0887 5360 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:40:36.0887 5360 AeLookupSvc - ok
16:40:36.0934 5360 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:40:36.0934 5360 AFD - ok
16:40:36.0949 5360 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:40:36.0949 5360 agp440 - ok
16:40:36.0965 5360 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:40:36.0965 5360 ALG - ok
16:40:36.0981 5360 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:40:36.0981 5360 aliide - ok
16:40:37.0012 5360 [ B3E801135E0C81733542C14D9AA8120A ] Alpham1 C:\Windows\system32\DRIVERS\Alpham164.sys
16:40:37.0012 5360 Alpham1 - ok
16:40:37.0043 5360 [ 6493983FEDBC49D9112703ECE9B251FE ] Alpham2 C:\Windows\system32\DRIVERS\Alpham264.sys
16:40:37.0043 5360 Alpham2 - ok
16:40:37.0059 5360 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:40:37.0059 5360 amdide - ok
16:40:37.0059 5360 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:40:37.0059 5360 AmdK8 - ok
16:40:37.0074 5360 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:40:37.0074 5360 AmdPPM - ok
16:40:37.0105 5360 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:40:37.0105 5360 amdsata - ok
16:40:37.0137 5360 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:40:37.0137 5360 amdsbs - ok
16:40:37.0152 5360 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:40:37.0152 5360 amdxata - ok
16:40:37.0168 5360 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:40:37.0168 5360 AppID - ok
16:40:37.0183 5360 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:40:37.0183 5360 AppIDSvc - ok
16:40:37.0199 5360 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:40:37.0199 5360 Appinfo - ok
16:40:37.0246 5360 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:40:37.0246 5360 Apple Mobile Device - ok
16:40:37.0277 5360 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:40:37.0277 5360 arc - ok
16:40:37.0293 5360 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:40:37.0293 5360 arcsas - ok
16:40:37.0371 5360 [ 8065A7659562005127673AC52898675F ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
16:40:37.0371 5360 AsIO - ok
16:40:37.0433 5360 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:40:37.0433 5360 aspnet_state - ok
16:40:37.0464 5360 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
16:40:37.0464 5360 aswFsBlk - ok
16:40:37.0511 5360 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
16:40:37.0511 5360 aswMonFlt - ok
16:40:37.0527 5360 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
16:40:37.0527 5360 aswRdr - ok
16:40:37.0589 5360 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
16:40:37.0589 5360 aswSnx - ok
16:40:37.0620 5360 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
16:40:37.0636 5360 aswSP - ok
16:40:37.0667 5360 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
16:40:37.0667 5360 aswTdi - ok
16:40:37.0667 5360 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:40:37.0667 5360 AsyncMac - ok
16:40:37.0683 5360 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:40:37.0683 5360 atapi - ok
16:40:37.0714 5360 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:40:37.0729 5360 AudioEndpointBuilder - ok
16:40:37.0729 5360 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:40:37.0745 5360 AudioSrv - ok
16:40:37.0807 5360 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:40:37.0807 5360 avast! Antivirus - ok
16:40:37.0839 5360 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:40:37.0839 5360 AxInstSV - ok
16:40:37.0885 5360 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:40:37.0901 5360 b06bdrv - ok
16:40:37.0917 5360 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:40:37.0917 5360 b57nd60a - ok
16:40:37.0948 5360 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:40:37.0948 5360 BDESVC - ok
16:40:37.0963 5360 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:40:37.0963 5360 Beep - ok
16:40:38.0010 5360 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:40:38.0010 5360 BFE - ok
16:40:38.0057 5360 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
16:40:38.0057 5360 BITS - ok
16:40:38.0088 5360 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:40:38.0088 5360 blbdrive - ok
16:40:38.0119 5360 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:40:38.0119 5360 Bonjour Service - ok
16:40:38.0151 5360 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:40:38.0151 5360 bowser - ok
16:40:38.0166 5360 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:40:38.0166 5360 BrFiltLo - ok
16:40:38.0182 5360 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:40:38.0182 5360 BrFiltUp - ok
16:40:38.0197 5360 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:40:38.0197 5360 BridgeMP - ok
16:40:38.0244 5360 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:40:38.0244 5360 Browser - ok
16:40:38.0260 5360 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:40:38.0260 5360 Brserid - ok
16:40:38.0275 5360 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:40:38.0275 5360 BrSerWdm - ok
16:40:38.0291 5360 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:40:38.0291 5360 BrUsbMdm - ok
16:40:38.0307 5360 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:40:38.0307 5360 BrUsbSer - ok
16:40:38.0322 5360 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:40:38.0322 5360 BTHMODEM - ok
16:40:38.0353 5360 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:40:38.0353 5360 bthserv - ok
16:40:38.0369 5360 catchme - ok
16:40:38.0400 5360 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:40:38.0400 5360 cdfs - ok
16:40:38.0431 5360 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:40:38.0431 5360 cdrom - ok
16:40:38.0431 5360 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:40:38.0431 5360 CertPropSvc - ok
16:40:38.0463 5360 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:40:38.0463 5360 circlass - ok
16:40:38.0478 5360 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:40:38.0494 5360 CLFS - ok
16:40:38.0541 5360 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:40:38.0541 5360 clr_optimization_v2.0.50727_32 - ok
16:40:38.0572 5360 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:40:38.0587 5360 clr_optimization_v2.0.50727_64 - ok
16:40:38.0619 5360 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:40:38.0619 5360 clr_optimization_v4.0.30319_32 - ok
16:40:38.0634 5360 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:40:38.0634 5360 clr_optimization_v4.0.30319_64 - ok
16:40:38.0634 5360 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:40:38.0634 5360 CmBatt - ok
16:40:38.0650 5360 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:40:38.0650 5360 cmdide - ok
16:40:38.0681 5360 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:40:38.0681 5360 CNG - ok
16:40:38.0697 5360 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:40:38.0697 5360 Compbatt - ok
16:40:38.0712 5360 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:40:38.0712 5360 CompositeBus - ok
16:40:38.0728 5360 COMSysApp - ok
16:40:38.0728 5360 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:40:38.0728 5360 crcdisk - ok
16:40:38.0775 5360 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:40:38.0775 5360 CryptSvc - ok
16:40:38.0806 5360 [ 5BC67F1EFB6B1D039B151CF7353EC742 ] DAdderFltr C:\Windows\system32\drivers\dadder.sys
16:40:38.0806 5360 DAdderFltr - ok
16:40:38.0837 5360 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:40:38.0853 5360 DcomLaunch - ok
16:40:38.0868 5360 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:40:38.0884 5360 defragsvc - ok
16:40:38.0899 5360 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:40:38.0899 5360 DfsC - ok
16:40:38.0915 5360 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:40:38.0915 5360 Dhcp - ok
16:40:38.0931 5360 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:40:38.0931 5360 discache - ok
16:40:38.0962 5360 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:40:38.0962 5360 Disk - ok
16:40:38.0977 5360 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:40:38.0977 5360 Dnscache - ok
16:40:39.0009 5360 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:40:39.0009 5360 dot3svc - ok
16:40:39.0024 5360 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:40:39.0024 5360 DPS - ok
16:40:39.0055 5360 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:40:39.0055 5360 drmkaud - ok
16:40:39.0087 5360 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:40:39.0102 5360 DXGKrnl - ok
16:40:39.0118 5360 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:40:39.0133 5360 EapHost - ok
16:40:39.0211 5360 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:40:39.0227 5360 ebdrv - ok
16:40:39.0243 5360 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:40:39.0243 5360 EFS - ok
16:40:39.0305 5360 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:40:39.0305 5360 ehRecvr - ok
16:40:39.0336 5360 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:40:39.0336 5360 ehSched - ok
16:40:39.0352 5360 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:40:39.0352 5360 elxstor - ok
16:40:39.0367 5360 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:40:39.0367 5360 ErrDev - ok
16:40:39.0399 5360 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:40:39.0399 5360 EventSystem - ok
16:40:39.0414 5360 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:40:39.0414 5360 exfat - ok
16:40:39.0430 5360 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:40:39.0430 5360 fastfat - ok
16:40:39.0477 5360 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:40:39.0477 5360 Fax - ok
16:40:39.0492 5360 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:40:39.0492 5360 fdc - ok
16:40:39.0508 5360 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:40:39.0508 5360 fdPHost - ok
16:40:39.0508 5360 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:40:39.0508 5360 FDResPub - ok
16:40:39.0523 5360 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:40:39.0523 5360 FileInfo - ok
16:40:39.0539 5360 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:40:39.0539 5360 Filetrace - ok
16:40:39.0539 5360 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:40:39.0539 5360 flpydisk - ok
16:40:39.0555 5360 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:40:39.0555 5360 FltMgr - ok
16:40:39.0601 5360 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:40:39.0601 5360 FontCache - ok
16:40:39.0648 5360 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:40:39.0648 5360 FontCache3.0.0.0 - ok
16:40:39.0664 5360 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:40:39.0664 5360 FsDepends - ok
16:40:39.0679 5360 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:40:39.0679 5360 Fs_Rec - ok
16:40:39.0695 5360 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:40:39.0695 5360 fvevol - ok
16:40:39.0711 5360 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:40:39.0711 5360 gagp30kx - ok
16:40:39.0742 5360 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:40:39.0742 5360 GEARAspiWDM - ok
16:40:39.0773 5360 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:40:39.0773 5360 gpsvc - ok
16:40:39.0835 5360 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:40:39.0835 5360 gupdate - ok
16:40:39.0835 5360 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:40:39.0835 5360 gupdatem - ok
16:40:39.0867 5360 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
16:40:39.0867 5360 hamachi - ok
16:40:39.0882 5360 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:40:39.0882 5360 hcw85cir - ok
16:40:39.0913 5360 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:40:39.0913 5360 HdAudAddService - ok
16:40:39.0929 5360 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:40:39.0945 5360 HDAudBus - ok
16:40:39.0945 5360 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:40:39.0945 5360 HidBatt - ok
16:40:39.0945 5360 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:40:39.0960 5360 HidBth - ok
16:40:39.0960 5360 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:40:39.0960 5360 HidIr - ok
16:40:39.0976 5360 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
16:40:39.0976 5360 hidserv - ok
16:40:40.0007 5360 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:40:40.0007 5360 HidUsb - ok
16:40:40.0054 5360 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:40:40.0054 5360 hkmsvc - ok
16:40:40.0101 5360 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:40:40.0101 5360 HomeGroupListener - ok
16:40:40.0210 5360 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:40:40.0210 5360 HomeGroupProvider - ok
16:40:40.0241 5360 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:40:40.0241 5360 HpSAMD - ok
16:40:40.0272 5360 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
16:40:40.0272 5360 HTCAND64 - ok
16:40:40.0319 5360 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
16:40:40.0319 5360 htcnprot - ok
16:40:40.0366 5360 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:40:40.0366 5360 HTTP - ok
16:40:40.0381 5360 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:40:40.0381 5360 hwpolicy - ok
16:40:40.0413 5360 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:40:40.0413 5360 i8042prt - ok
16:40:40.0428 5360 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:40:40.0444 5360 iaStorV - ok
16:40:40.0491 5360 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:40:40.0491 5360 idsvc - ok
16:40:40.0506 5360 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:40:40.0506 5360 iirsp - ok
16:40:40.0537 5360 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:40:40.0553 5360 IKEEXT - ok
16:40:40.0647 5360 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers

continued in next post...
 
\RTKVHD64.sys
16:40:40.0678 5360 IntcAzAudAddService - ok
16:40:40.0693 5360 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:40:40.0693 5360 intelide - ok
16:40:40.0709 5360 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:40:40.0709 5360 intelppm - ok
16:40:40.0709 5360 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:40:40.0709 5360 IPBusEnum - ok
16:40:40.0725 5360 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:40:40.0725 5360 IpFilterDriver - ok
16:40:40.0740 5360 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:40:40.0756 5360 iphlpsvc - ok
16:40:40.0756 5360 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:40:40.0756 5360 IPMIDRV - ok
16:40:40.0771 5360 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:40:40.0771 5360 IPNAT - ok
16:40:40.0818 5360 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:40:40.0834 5360 iPod Service - ok
16:40:40.0849 5360 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:40:40.0849 5360 IRENUM - ok
16:40:40.0865 5360 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:40:40.0865 5360 isapnp - ok
16:40:40.0881 5360 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:40:40.0881 5360 iScsiPrt - ok
16:40:40.0912 5360 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:40:40.0912 5360 kbdclass - ok
16:40:40.0927 5360 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:40:40.0927 5360 kbdhid - ok
16:40:40.0943 5360 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:40:40.0943 5360 KeyIso - ok
16:40:40.0959 5360 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:40:40.0959 5360 KSecDD - ok
16:40:40.0974 5360 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:40:40.0990 5360 KSecPkg - ok
16:40:40.0990 5360 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:40:40.0990 5360 ksthunk - ok
16:40:41.0021 5360 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:40:41.0021 5360 KtmRm - ok
16:40:41.0052 5360 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:40:41.0052 5360 LanmanServer - ok
16:40:41.0083 5360 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:40:41.0083 5360 LanmanWorkstation - ok
16:40:41.0115 5360 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:40:41.0115 5360 lltdio - ok
16:40:41.0146 5360 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:40:41.0146 5360 lltdsvc - ok
16:40:41.0161 5360 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:40:41.0161 5360 lmhosts - ok
16:40:41.0177 5360 lmimirr - ok
16:40:41.0193 5360 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:40:41.0193 5360 LSI_FC - ok
16:40:41.0208 5360 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:40:41.0208 5360 LSI_SAS - ok
16:40:41.0224 5360 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:40:41.0224 5360 LSI_SAS2 - ok
16:40:41.0239 5360 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:40:41.0239 5360 LSI_SCSI - ok
16:40:41.0271 5360 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:40:41.0271 5360 luafv - ok
16:40:41.0286 5360 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:40:41.0286 5360 Mcx2Svc - ok
16:40:41.0302 5360 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:40:41.0302 5360 megasas - ok
16:40:41.0317 5360 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:40:41.0317 5360 MegaSR - ok
16:40:41.0349 5360 Microsoft SharePoint Workspace Audit Service - ok
16:40:41.0380 5360 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:40:41.0380 5360 MMCSS - ok
16:40:41.0395 5360 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:40:41.0395 5360 Modem - ok
16:40:41.0427 5360 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:40:41.0427 5360 monitor - ok
16:40:41.0442 5360 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:40:41.0442 5360 mouclass - ok
16:40:41.0458 5360 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:40:41.0458 5360 mouhid - ok
16:40:41.0473 5360 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:40:41.0473 5360 mountmgr - ok
16:40:41.0536 5360 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:40:41.0536 5360 MozillaMaintenance - ok
16:40:41.0567 5360 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:40:41.0567 5360 mpio - ok
16:40:41.0567 5360 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:40:41.0567 5360 mpsdrv - ok
16:40:41.0629 5360 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:40:41.0629 5360 MpsSvc - ok
16:40:41.0645 5360 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:40:41.0645 5360 MRxDAV - ok
16:40:41.0661 5360 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:40:41.0661 5360 mrxsmb - ok
16:40:41.0676 5360 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:40:41.0676 5360 mrxsmb10 - ok
16:40:41.0692 5360 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:40:41.0692 5360 mrxsmb20 - ok
16:40:41.0692 5360 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:40:41.0692 5360 msahci - ok
16:40:41.0707 5360 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:40:41.0707 5360 msdsm - ok
16:40:41.0723 5360 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:40:41.0723 5360 MSDTC - ok
16:40:41.0754 5360 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:40:41.0754 5360 Msfs - ok
16:40:41.0770 5360 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:40:41.0770 5360 mshidkmdf - ok
16:40:41.0770 5360 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:40:41.0770 5360 msisadrv - ok
16:40:41.0817 5360 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:40:41.0817 5360 MSiSCSI - ok
16:40:41.0817 5360 msiserver - ok
16:40:41.0848 5360 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:40:41.0848 5360 MSKSSRV - ok
16:40:41.0848 5360 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:40:41.0848 5360 MSPCLOCK - ok
16:40:41.0863 5360 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:40:41.0863 5360 MSPQM - ok
16:40:41.0879 5360 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:40:41.0879 5360 MsRPC - ok
16:40:41.0895 5360 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:40:41.0895 5360 mssmbios - ok
16:40:41.0910 5360 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:40:41.0910 5360 MSTEE - ok
16:40:41.0910 5360 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:40:41.0910 5360 MTConfig - ok
16:40:41.0957 5360 [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
16:40:41.0957 5360 MTsensor - ok
16:40:41.0957 5360 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:40:41.0957 5360 Mup - ok
16:40:42.0004 5360 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:40:42.0019 5360 napagent - ok
16:40:42.0051 5360 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:40:42.0051 5360 NativeWifiP - ok
16:40:42.0113 5360 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:40:42.0113 5360 NDIS - ok
16:40:42.0129 5360 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:40:42.0129 5360 NdisCap - ok
16:40:42.0144 5360 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:40:42.0144 5360 NdisTapi - ok
16:40:42.0175 5360 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:40:42.0175 5360 Ndisuio - ok
16:40:42.0191 5360 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:40:42.0191 5360 NdisWan - ok
16:40:42.0207 5360 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:40:42.0207 5360 NDProxy - ok
16:40:42.0222 5360 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:40:42.0222 5360 NetBIOS - ok
16:40:42.0238 5360 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:40:42.0238 5360 NetBT - ok
16:40:42.0253 5360 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:40:42.0253 5360 Netlogon - ok
16:40:42.0269 5360 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:40:42.0285 5360 Netman - ok
16:40:42.0300 5360 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:40:42.0316 5360 NetMsmqActivator - ok
16:40:42.0316 5360 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:40:42.0316 5360 NetPipeActivator - ok
16:40:42.0331 5360 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:40:42.0347 5360 netprofm - ok
16:40:42.0347 5360 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:40:42.0347 5360 NetTcpActivator - ok
16:40:42.0347 5360 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:40:42.0347 5360 NetTcpPortSharing - ok
16:40:42.0378 5360 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:40:42.0378 5360 nfrd960 - ok
16:40:42.0394 5360 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:40:42.0394 5360 NlaSvc - ok
16:40:42.0409 5360 NMIndexingService - ok
16:40:42.0409 5360 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:40:42.0425 5360 Npfs - ok
16:40:42.0425 5360 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:40:42.0425 5360 nsi - ok
16:40:42.0441 5360 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:40:42.0441 5360 nsiproxy - ok
16:40:42.0487 5360 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:40:42.0503 5360 Ntfs - ok
16:40:42.0519 5360 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:40:42.0519 5360 Null - ok
16:40:42.0784 5360 [ FD7EA1DCFBE760F04146024697329843 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:40:42.0846 5360 nvlddmkm - ok
16:40:42.0877 5360 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:40:42.0877 5360 nvraid - ok
16:40:42.0893 5360 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:40:42.0893 5360 nvstor - ok
16:40:42.0940 5360 [ 687D36F22E3A1B9513135BBEB47D7556 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:40:42.0955 5360 nvsvc - ok
16:40:43.0033 5360 [ 55370B722A62D0B1DCA79A58A05A5712 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:40:43.0049 5360 nvUpdatusService - ok
16:40:43.0049 5360 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:40:43.0049 5360 nv_agp - ok
16:40:43.0065 5360 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:40:43.0065 5360 ohci1394 - ok
16:40:43.0127 5360 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:40:43.0127 5360 ose - ok
16:40:43.0252 5360 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:40:43.0267 5360 osppsvc - ok
16:40:43.0299 5360 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:40:43.0299 5360 p2pimsvc - ok
16:40:43.0330 5360 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:40:43.0345 5360 p2psvc - ok
16:40:43.0377 5360 [ 3A6DCEB1848470320E4A3C12D7A35B1C ] PAC207 C:\Windows\system32\DRIVERS\PFC027.SYS
16:40:43.0392 5360 PAC207 - ok
16:40:43.0408 5360 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:40:43.0408 5360 Parport - ok
16:40:43.0439 5360 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:40:43.0439 5360 partmgr - ok
16:40:43.0486 5360 [ 39B9DCD7040654C2E57D7396736C718E ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
16:40:43.0486 5360 PassThru Service - ok
16:40:43.0501 5360 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:40:43.0501 5360 PcaSvc - ok
16:40:43.0517 5360 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:40:43.0517 5360 pci - ok
16:40:43.0533 5360 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:40:43.0533 5360 pciide - ok
16:40:43.0548 5360 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:40:43.0548 5360 pcmcia - ok
16:40:43.0564 5360 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:40:43.0564 5360 pcw - ok
16:40:43.0579 5360 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:40:43.0579 5360 PEAUTH - ok
16:40:43.0642 5360 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:40:43.0642 5360 PerfHost - ok
16:40:43.0704 5360 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:40:43.0704 5360 pla - ok
16:40:43.0735 5360 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:40:43.0751 5360 PlugPlay - ok
16:40:43.0751 5360 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:40:43.0751 5360 PNRPAutoReg - ok
16:40:43.0767 5360 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:40:43.0767 5360 PNRPsvc - ok
16:40:43.0813 5360 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:40:43.0813 5360 PolicyAgent - ok
16:40:43.0845 5360 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:40:43.0845 5360 Power - ok
16:40:43.0860 5360 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:40:43.0860 5360 PptpMiniport - ok
16:40:43.0860 5360 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:40:43.0860 5360 Processor - ok
16:40:43.0891 5360 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:40:43.0891 5360 ProfSvc - ok
16:40:43.0907 5360 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:40:43.0907 5360 ProtectedStorage - ok
16:40:43.0938 5360 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:40:43.0938 5360 Psched - ok
16:40:43.0985 5360 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:40:43.0985 5360 ql2300 - ok
16:40:44.0001 5360 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:40:44.0001 5360 ql40xx - ok
16:40:44.0032 5360 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:40:44.0032 5360 QWAVE - ok
16:40:44.0047 5360 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:40:44.0047 5360 QWAVEdrv - ok
16:40:44.0047 5360 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:40:44.0063 5360 RasAcd - ok
16:40:44.0079 5360 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:40:44.0079 5360 RasAgileVpn - ok
16:40:44.0094 5360 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:40:44.0094 5360 RasAuto - ok
16:40:44.0110 5360 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:40:44.0110 5360 Rasl2tp - ok
16:40:44.0125 5360 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:40:44.0125 5360 RasMan - ok
16:40:44.0157 5360 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:40:44.0157 5360 RasPppoe - ok
16:40:44.0188 5360 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:40:44.0188 5360 RasSstp - ok
16:40:44.0203 5360 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:40:44.0203 5360 rdbss - ok
16:40:44.0219 5360 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:40:44.0219 5360 rdpbus - ok
16:40:44.0219 5360 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:40:44.0219 5360 RDPCDD - ok
16:40:44.0250 5360 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:40:44.0250 5360 RDPENCDD - ok
16:40:44.0266 5360 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:40:44.0266 5360 RDPREFMP - ok
16:40:44.0281 5360 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:40:44.0281 5360 RDPWD - ok
16:40:44.0297 5360 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:40:44.0297 5360 rdyboost - ok
16:40:44.0313 5360 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:40:44.0313 5360 RemoteAccess - ok
16:40:44.0344 5360 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:40:44.0344 5360 RemoteRegistry - ok
16:40:44.0375 5360 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:40:44.0375 5360 RpcEptMapper - ok
16:40:44.0391 5360 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:40:44.0391 5360 RpcLocator - ok
16:40:44.0422 5360 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:40:44.0437 5360 RpcSs - ok
16:40:44.0437 5360 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:40:44.0437 5360 rspndr - ok
16:40:44.0469 5360 [ 97B6D72C82B2632B3D1AD60DDAC38D46 ] RTL8023x64 C:\Windows\system32\DRIVERS\Rtnic64.sys
16:40:44.0469 5360 RTL8023x64 - ok
16:40:44.0484 5360 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:40:44.0484 5360 SamSs - ok
16:40:44.0500 5360 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:40:44.0500 5360 sbp2port - ok
16:40:44.0531 5360 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:40:44.0531 5360 SCardSvr - ok
16:40:44.0562 5360 [ C81EB41E9FFC35560E5025891DC01A6E ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
16:40:44.0562 5360 SCDEmu - ok
16:40:44.0578 5360 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:40:44.0578 5360 scfilter - ok
16:40:44.0609 5360 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:40:44.0625 5360 Schedule - ok
16:40:44.0640 5360 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:40:44.0640 5360 SCPolicySvc - ok
16:40:44.0656 5360 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:40:44.0656 5360 SDRSVC - ok
16:40:44.0671 5360 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:40:44.0671 5360 secdrv - ok
16:40:44.0687 5360 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:40:44.0687 5360 seclogon - ok
16:40:44.0703 5360 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
16:40:44.0703 5360 SENS - ok
16:40:44.0734 5360 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:40:44.0749 5360 SensrSvc - ok
16:40:44.0749 5360 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:40:44.0749 5360 Serenum - ok
16:40:44.0765 5360 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:40:44.0765 5360 Serial - ok
16:40:44.0781 5360 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:40:44.0781 5360 sermouse - ok
16:40:44.0796 5360 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:40:44.0796 5360 SessionEnv - ok
16:40:44.0812 5360 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:40:44.0812 5360 sffdisk - ok
16:40:44.0827 5360 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:40:44.0827 5360 sffp_mmc - ok
16:40:44.0827 5360 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:40:44.0827 5360 sffp_sd - ok
16:40:44.0827 5360 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:40:44.0827 5360 sfloppy - ok
16:40:44.0859 5360 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:40:44.0874 5360 SharedAccess - ok
16:40:44.0890 5360 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:40:44.0905 5360 ShellHWDetection - ok
16:40:44.0921 5360 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:40:44.0921 5360 SiSRaid2 - ok
16:40:44.0937 5360 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:40:44.0937 5360 SiSRaid4 - ok
16:40:44.0983 5360 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:40:44.0983 5360 SkypeUpdate - ok
16:40:45.0015 5360 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:40:45.0015 5360 Smb - ok
16:40:45.0030 5360 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:40:45.0030 5360 SNMPTRAP - ok
16:40:45.0046 5360 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:40:45.0046 5360 spldr - ok
16:40:45.0077 5360 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:40:45.0077 5360 Spooler - ok
16:40:45.0171 5360 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:40:45.0186 5360 sppsvc - ok
16:40:45.0202 5360 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:40:45.0202 5360 sppuinotify - ok
16:40:45.0233 5360 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:40:45.0233 5360 srv - ok
16:40:45.0249 5360 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:40:45.0249 5360 srv2 - ok
16:40:45.0264 5360 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:40:45.0264 5360 srvnet - ok
16:40:45.0280 5360 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:40:45.0295 5360 SSDPSRV - ok
16:40:45.0311 5360 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:40:45.0311 5360 SstpSvc - ok
16:40:45.0342 5360 Steam Client Service - ok
16:40:45.0389 5360 [ 46CA9DC1AF6F36010816F690906AA7F4 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:40:45.0389 5360 Stereo Service - ok
16:40:45.0405 5360 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:40:45.0405 5360 stexstor - ok
16:40:45.0420 5360 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
16:40:45.0420 5360 StillCam - ok
16:40:45.0467 5360 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:40:45.0467 5360 stisvc - ok
16:40:45.0483 5360 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS
\swenum.sys
16:40:45.0483 5360 swenum - ok
16:40:45.0498 5360 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:40:45.0514 5360 swprv - ok
16:40:45.0545 5360 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:40:45.0561 5360 SysMain - ok
16:40:45.0592 5360 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:40:45.0592 5360 TabletInputService - ok
16:40:45.0607 5360 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:40:45.0607 5360 TapiSrv - ok
16:40:45.0607 5360 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:40:45.0623 5360 TBS - ok
16:40:45.0670 5360 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:40:45.0685 5360 Tcpip - ok
16:40:45.0748 5360 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:40:45.0748 5360 TCPIP6 - ok
16:40:45.0763 5360 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:40:45.0763 5360 tcpipreg - ok
16:40:45.0779 5360 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:40:45.0779 5360 TDPIPE - ok
16:40:45.0795 5360 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:40:45.0795 5360 TDTCP - ok
16:40:45.0826 5360 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:40:45.0826 5360 tdx - ok
16:40:45.0826 5360 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:40:45.0826 5360 TermDD - ok
16:40:45.0857 5360 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:40:45.0857 5360 TermService - ok
16:40:45.0873 5360 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:40:45.0873 5360 Themes - ok
16:40:45.0888 5360 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:40:45.0888 5360 THREADORDER - ok
16:40:45.0904 5360 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:40:45.0904 5360 TrkWks - ok
16:40:45.0951 5360 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:40:45.0951 5360 TrustedInstaller - ok
16:40:45.0951 5360 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:40:45.0966 5360 tssecsrv - ok
16:40:45.0966 5360 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:40:45.0966 5360 TsUsbFlt - ok
16:40:45.0982 5360 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:40:45.0982 5360 TsUsbGD - ok
16:40:46.0013 5360 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:40:46.0013 5360 tunnel - ok
16:40:46.0029 5360 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:40:46.0029 5360 uagp35 - ok
16:40:46.0044 5360 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:40:46.0044 5360 udfs - ok
16:40:46.0060 5360 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:40:46.0060 5360 UI0Detect - ok
16:40:46.0060 5360 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:40:46.0060 5360 uliagpkx - ok
16:40:46.0091 5360 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:40:46.0091 5360 umbus - ok
16:40:46.0091 5360 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:40:46.0091 5360 UmPass - ok
16:40:46.0122 5360 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:40:46.0122 5360 upnphost - ok
16:40:46.0169 5360 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:40:46.0169 5360 usbaudio - ok
16:40:46.0185 5360 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:40:46.0185 5360 usbccgp - ok
16:40:46.0200 5360 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:40:46.0200 5360 usbcir - ok
16:40:46.0216 5360 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:40:46.0216 5360 usbehci - ok
16:40:46.0247 5360 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:40:46.0247 5360 usbhub - ok
16:40:46.0263 5360 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:40:46.0263 5360 usbohci - ok
16:40:46.0278 5360 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:40:46.0294 5360 usbprint - ok
16:40:46.0294 5360 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:40:46.0294 5360 USBSTOR - ok
16:40:46.0309 5360 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:40:46.0309 5360 usbuhci - ok
16:40:46.0325 5360 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:40:46.0325 5360 UxSms - ok
16:40:46.0325 5360 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:40:46.0341 5360 VaultSvc - ok
16:40:46.0341 5360 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:40:46.0341 5360 vdrvroot - ok
16:40:46.0372 5360 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:40:46.0387 5360 vds - ok
16:40:46.0387 5360 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:40:46.0387 5360 vga - ok
16:40:46.0403 5360 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:40:46.0403 5360 VgaSave - ok
16:40:46.0419 5360 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:40:46.0419 5360 vhdmp - ok
16:40:46.0434 5360 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:40:46.0434 5360 viaide - ok
16:40:46.0450 5360 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:40:46.0450 5360 volmgr - ok
16:40:46.0481 5360 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:40:46.0481 5360 volmgrx - ok
16:40:46.0497 5360 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:40:46.0497 5360 volsnap - ok
16:40:46.0528 5360 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:40:46.0528 5360 vsmraid - ok
16:40:46.0575 5360 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:40:46.0590 5360 VSS - ok
16:40:46.0590 5360 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:40:46.0590 5360 vwifibus - ok
16:40:46.0606 5360 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:40:46.0621 5360 W32Time - ok
16:40:46.0637 5360 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:40:46.0637 5360 WacomPen - ok
16:40:46.0668 5360 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:40:46.0668 5360 WANARP - ok
16:40:46.0684 5360 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:40:46.0684 5360 Wanarpv6 - ok
16:40:46.0746 5360 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:40:46.0746 5360 WatAdminSvc - ok
16:40:46.0793 5360 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:40:46.0809 5360 wbengine - ok
16:40:46.0824 5360 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:40:46.0824 5360 WbioSrvc - ok
16:40:46.0840 5360 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:40:46.0840 5360 wcncsvc - ok
16:40:46.0855 5360 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:40:46.0855 5360 WcsPlugInService - ok
16:40:46.0871 5360 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:40:46.0871 5360 Wd - ok
16:40:46.0902 5360 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:40:46.0902 5360 Wdf01000 - ok
16:40:46.0918 5360 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:40:46.0918 5360 WdiServiceHost - ok
16:40:46.0918 5360 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:40:46.0918 5360 WdiSystemHost - ok
16:40:46.0933 5360 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:40:46.0933 5360 WebClient - ok
16:40:46.0949 5360 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:40:46.0965 5360 Wecsvc - ok
16:40:46.0965 5360 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:40:46.0980 5360 wercplsupport - ok
16:40:46.0996 5360 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:40:46.0996 5360 WerSvc - ok
16:40:47.0027 5360 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:40:47.0027 5360 WfpLwf - ok
16:40:47.0043 5360 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:40:47.0043 5360 WIMMount - ok
16:40:47.0058 5360 WinDefend - ok
16:40:47.0058 5360 WinHttpAutoProxySvc - ok
16:40:47.0105 5360 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:40:47.0105 5360 Winmgmt - ok
16:40:47.0183 5360 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:40:47.0199 5360 WinRM - ok
16:40:47.0245 5360 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:40:47.0245 5360 Wlansvc - ok
16:40:47.0261 5360 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:40:47.0261 5360 WmiAcpi - ok
16:40:47.0277 5360 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:40:47.0277 5360 wmiApSrv - ok
16:40:47.0292 5360 WMPNetworkSvc - ok
16:40:47.0308 5360 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:40:47.0308 5360 WPCSvc - ok
16:40:47.0323 5360 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:40:47.0323 5360 WPDBusEnum - ok
16:40:47.0323 5360 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:40:47.0323 5360 ws2ifsl - ok
16:40:47.0339 5360 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
16:40:47.0339 5360 wscsvc - ok
16:40:47.0339 5360 WSearch - ok
16:40:47.0417 5360 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:40:47.0433 5360 wuauserv - ok
16:40:47.0448 5360 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:40:47.0448 5360 WudfPf - ok
16:40:47.0464 5360 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:40:47.0464 5360 WUDFRd - ok
16:40:47.0479 5360 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:40:47.0479 5360 wudfsvc - ok
16:40:47.0495 5360 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:40:47.0495 5360 WwanSvc - ok
16:40:47.0526 5360 ================ Scan global ===============================
16:40:47.0542 5360 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:40:47.0557 5360 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:40:47.0573 5360 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:40:47.0589 5360 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:40:47.0620 5360 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:40:47.0620 5360 [Global] - ok
16:40:47.0620 5360 ================ Scan MBR ==================================
16:40:47.0635 5360 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:40:47.0760 5360 \Device\Harddisk0\DR0 - ok
16:40:47.0760 5360 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
16:40:47.0776 5360 \Device\Harddisk1\DR1 - ok
16:40:47.0776 5360 [ 06449E7C4AF0550B77E260798769AA40 ] \Device\Harddisk2\DR2
16:40:47.0776 5360 \Device\Harddisk2\DR2 - ok
16:40:47.0791 5360 ================ Scan VBR ==================================
16:40:47.0791 5360 [ 17C577155E386E9A9778C21D8818DEB5 ] \Device\Harddisk0\DR0\Partition1
16:40:47.0791 5360 \Device\Harddisk0\DR0\Partition1 - ok
16:40:47.0791 5360 [ FB8E2BBA717569E3E894FA3B39BFF85C ] \Device\Harddisk1\DR1\Partition1
16:40:47.0791 5360 \Device\Harddisk1\DR1\Partition1 - ok
16:40:47.0791 5360 [ E7394AE81E6D7E4781293C4D9D472544 ] \Device\Harddisk2\DR2\Partition1
16:40:47.0791 5360 \Device\Harddisk2\DR2\Partition1 - ok
16:40:47.0791 5360 ============================================================
16:40:47.0791 5360 Scan finished
16:40:47.0791 5360 ============================================================
16:40:47.0807 5780 Detected object count: 0
16:40:47.0807 5780 Actual detected object count: 0

There we are, It said that it didn't find anymore. What's the next step, oh-captain-my-captain?
 
Re-run MBAM one more time.

Then....

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.07.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Joey :: CERBERUS [administrator]

10/7/2012 7:01:21 PM
mbam-log-2012-10-07 (19-01-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226239
Time elapsed: 2 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joey [Admin rights]
Mode : Remove -- Date : 10/07/2012 20:11:00

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 24 ¤¤¤
[TASK][BLPATH] HPCustParticipation HP Deskjet 3050A J611 series : "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x0900 -> DELETED
[TASK][SUSP PATH] {05FB14FB-6864-4E58-8269-4DAF8F20E0B5} : C:\Users\Joey\Desktop\Intel_Chipset_V9111019_XPVistaWin7\AsusSetup.exe -> DELETED
[TASK][SUSP PATH] {0D546138-00BC-4B11-8930-7F11009727BB} : C:\Users\Joey\Desktop\Audio\Vista\AsusSetup.exe -> DELETED
[TASK][SUSP PATH] {39482F85-0305-4327-B96F-60C12D3A2954} : C:\Users\Joey\Desktop\Audio\AsusSetup.exe -> DELETED
[TASK][SUSP PATH] {446A83F5-C273-4497-91D1-94C1D4E5316E} : C:\Windows\system32\pcalua.exe -a C:\Users\Joey\Desktop\64bit\AsusSetup.exe -d C:\Users\Joey\Desktop\64bit -> DELETED
[TASK][SUSP PATH] {4BCE8C1D-DE77-4842-904A-FA4095ABE9C1} : C:\Users\Joey\Desktop\Attansic\AsusSetup.exe -> DELETED
[TASK][SUSP PATH] {50F1CB71-8B33-436F-A603-D5F28B09C930} : C:\Windows\system32\pcalua.exe -a C:\Users\Joey\Desktop\Audio\AsusSetup.exe -d C:\Users\Joey\Desktop\Audio -> DELETED
[TASK][SUSP PATH] {56BA5650-7F35-489C-9C43-A11E15C0E25F} : C:\Users\Joey\Desktop\MB WIN7 ATK\64\AsAcpiIns.exe -> DELETED
[TASK][SUSP PATH] {6837D2B5-66B6-408A-AD55-E5DE35F50FF3} : C:\Users\Joey\Desktop\ACPI_1043400\AsusSetup.exe -> DELETED
[TASK][SUSP PATH] {987BFE16-AE45-4F09-9537-3326F06DD31D} : C:\Users\Joey\Desktop\Audio\AsusSetup.exe -> DELETED
[TASK][SUSP PATH] {9F004254-4B97-4D76-9E1A-82FF6BBCE030} : C:\Users\Joey\Desktop\AISuite\AsusSetup.exe -> DELETED
[TASK][SUSP PATH] {A2C329ED-E6D5-4EA7-AD39-B476A8EE2793} : C:\Users\Joey\Desktop\AFU236U.exe -> DELETED
[TASK][SUSP PATH] {A6A342AA-80DD-4C35-848E-93C4ED4EEF2B} : C:\Users\Joey\Desktop\Audio\64bit\AsusSetup.exe -> DELETED
[TASK][SUSP PATH] {B1E29588-8838-4BEF-97A1-1DBB6BF48703} : C:\Users\Joey\Desktop\AFU236U.exe -> DELETED
[TASK][SUSP PATH] {D2549C46-E12C-4778-A57D-1008263C21FE} : C:\Users\Joey\Desktop\Audio\Vista\AsusSetup.exe -> DELETED
[TASK][SUSP PATH] {D5D739D2-3B32-4711-981F-888B33CE5E27} : C:\Users\Joey\Desktop\ACPI_1043400\AsusSetup.exe -> DELETED
[TASK][SUSP PATH] {EB71D0FE-B2D5-4EA8-A682-2E08291E62F7} : C:\Users\Joey\Desktop\MB WIN7 ATK\64\AsAcpiIns.exe -> DELETED
[TASK][SUSP PATH] {F8D899C5-1BD0-4CF2-9E9A-9395DD12C1E9} : C:\Users\Joey\Desktop\Attansic\AsusSetup.exe -> DELETED
[STARTUP][BLACKLIST DLL] Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk @Joey : C:\Windows\system32\RunDll32.exe|"C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2645CGY805PJ;CONNECTION=NW;MONITOR=1; -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD740ADFD-00NLR1 ATA Device +++++
--- User ---
[MBR] ccc5047d4b9777f7fad36dfb7998b083
[BSP] 53bfe6d72079b9e6496fd1d2fbe52a8e : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 70896 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD2500KS-00MJB0 ATA Device +++++
--- User ---
[MBR] 109aa2dfc8d7fdc6fe47f33b23920587
[BSP] 3bbe4e5204d65e3e7dd0cd73caca2931 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: SanDisk U3 Cruzer Micro USB Device +++++
--- User ---
[MBR] 7546226e90be2dac2dca47db4c2fd459
[BSP] 788470fe12ec57aabe933cfdd9c84885 : Standard MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 245 | Size: 1952 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-07 20:11:50
-----------------------------
20:11:50.099 OS Version: Windows x64 6.1.7601 Service Pack 1
20:11:50.099 Number of processors: 4 586 0xF0B
20:11:50.099 ComputerName: CERBERUS UserName: Joey
20:11:50.567 Initialize success
20:11:50.942 AVAST engine defs: 12100702
20:12:10.380 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:12:10.380 Disk 0 Vendor: WDC_WD740ADFD-00NLR1 20.07P20 Size: 70911MB BusType: 3
20:12:10.380 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
20:12:10.380 Disk 1 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238475MB BusType: 3
20:12:10.396 Disk 0 MBR read successfully
20:12:10.396 Disk 0 MBR scan
20:12:10.411 Disk 0 Windows 7 default MBR code
20:12:10.411 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 70896 MB offset 63
20:12:10.411 Disk 0 scanning C:\Windows\system32\drivers
20:12:17.120 Service scanning
20:12:27.484 Modules scanning
20:12:27.484 Disk 0 trace - called modules:
20:12:27.499 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:12:27.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006290060]
20:12:27.609 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8005188e40]
20:12:27.609 5 ACPI.sys[fffff88000f7b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005cc6060]
20:12:27.967 AVAST engine scan C:\Windows
20:12:29.137 AVAST engine scan C:\Windows\system32
20:13:49.660 AVAST engine scan C:\Windows\system32\drivers
20:13:54.445 AVAST engine scan C:\Users\Joey
20:18:22.235 AVAST engine scan C:\ProgramData
20:19:01.846 Scan finished successfully
20:47:16.130 Disk 0 MBR has been saved successfully to "C:\Users\Joey\Desktop\MBR.dat"
20:47:16.130 The log file has been saved successfully to "C:\Users\Joey\Desktop\aswMBR2.txt"

Okay, I've got all three reports copied in here.
 
Good :)

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If restarting doesn't help use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 12-10-04.02 - Joey 10/07/2012 21:20:07.8.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4339 [GMT -5:00]
Running from: c:\users\Joey\Desktop\ComboFix.exe.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-08 to 2012-10-08 )))))))))))))))))))))))))))))))
.
.
2012-10-08 02:24 . 2012-10-08 02:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-08 02:24 . 2012-10-08 02:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-07 20:19 . 2012-10-07 20:19 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C36D045C-3BAA-421F-99EC-DCD281A8A4D5}\offreg.dll
2012-10-07 18:50 . 2012-10-07 18:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-07 18:23 . 2012-10-07 18:23 -------- d-----w- c:\program files (x86)\Google
2012-10-07 18:23 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-07 18:23 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-07 18:23 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-07 18:23 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-07 18:23 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-07 18:23 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-07 18:23 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-07 18:23 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-07 18:23 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-07 18:23 . 2012-10-07 18:23 -------- d-----w- c:\programdata\AVAST Software
2012-10-07 18:23 . 2012-10-07 18:23 -------- d-----w- c:\program files\AVAST Software
2012-10-07 17:56 . 2012-10-07 17:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-07 17:56 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-07 13:52 . 2012-09-19 05:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C36D045C-3BAA-421F-99EC-DCD281A8A4D5}\mpengine.dll
2012-10-07 11:19 . 2012-10-07 11:19 -------- d-----w- c:\program files\LockHunter
2012-10-06 06:10 . 2012-10-06 06:10 -------- d-----w- c:\users\Joey\AppData\Roaming\Malwarebytes
2012-10-06 06:09 . 2012-10-06 06:09 -------- d-----w- c:\programdata\Malwarebytes
2012-10-06 03:36 . 2012-10-06 03:36 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2012-10-06 03:36 . 2012-10-06 03:36 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2012-09-19 05:07 . 2012-09-19 05:07 -------- d-----w- c:\users\Joey\AppData\Roaming\raidcall
2012-09-19 05:07 . 2012-09-19 05:12 -------- d-----w- c:\program files (x86)\RaidCall
2012-09-12 16:45 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 16:45 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 16:45 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 16:45 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 16:45 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 16:45 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 16:45 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 08:00 . 2012-02-17 15:07 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-05 18:06 . 2012-04-15 02:21 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-05 18:06 . 2012-02-17 03:25 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-18 00:28 . 2012-02-27 21:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-14 05:00 . 2012-03-05 01:54 955840 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-14 05:00 . 2012-03-01 05:22 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-18 18:15 . 2012-08-15 03:52 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-06 879984]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Spotify"="c:\users\Joey\AppData\Roaming\Spotify\Spotify.exe" [2012-08-18 5576408]
"Steam"="d:\steam\Steam.exe" [2002-01-01 1353080]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 2676584]
"Spotify Web Helper"="c:\users\Joey\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-18 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2012-06-08 421776]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RaidCall"="c:\program files (x86)\RaidCall\raidcall.exe" [2012-07-19 3076096]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-02-09 312376]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
c:\users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-6 27502520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-07 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-17 2348864]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-07 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-17 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-12-17 381248]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 12672]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [2008-07-22 60416]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 45049582
*NewlyCreated* - 46665297
*NewlyCreated* - 96807962
*NewlyCreated* - ASWSNX
*Deregistered* - 45049582
*Deregistered* - 46665297
*Deregistered* - 96807962
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-07 18:23]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-07 18:23]
.
2012-10-08 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"PC Optimizer Pro"="c:\program files\PC Optimizer Pro\StartApps.exe" [BU]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9851
mStart Page = hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9851
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.254.254
FF - ProfilePath - c:\users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\pcdmj186.default\
FF - prefs.js: browser.search.selectedEngine - MyTools
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - prefs.js: keyword.URL - hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9851&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:cc,4e,15,09,ae,a3,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-07 21:26:05
ComboFix-quarantined-files.txt 2012-10-08 02:26
ComboFix2.txt 2012-10-07 21:52
ComboFix3.txt 2012-10-07 17:35
ComboFix4.txt 2012-10-07 17:27
ComboFix5.txt 2012-10-08 02:19
.
Pre-Run: 23,602,114,560 bytes free
Post-Run: 23,413,219,328 bytes free
.
- - End Of File - - F6322FA25C9F506157D2DA70086CCBC5

Also, is it normal for Combofix to change my default browser settings? I opened Firefox and it said it wasn't my default web browser. Just making sure that I didn't screw something up.
 
Looks good :)

Any current issues?

==========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Actually, no. My internet hasn't had any hiccups since the last scan. I really appreciate all of your help. Thank you so much.
 
OTL logfile created on: 10/8/2012 12:44:33 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joey\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 32.54% Memory free
12.00 Gb Paging File | 7.95 Gb Available in Paging File | 66.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69.23 Gb Total Space | 21.72 Gb Free Space | 31.37% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 75.70 Gb Free Space | 32.51% Space Free | Partition Type: NTFS

Computer Name: CERBERUS | User Name: Joey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/08 00:43:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joey\Desktop\OTL.exe
PRC - [2012/10/07 22:08:50 | 000,037,440 | ---- | M] () -- C:\Users\Joey\AppData\Local\Temp\gw2cache-{479E2904-2601-1601-0729-9E4701260116}\awesomium_process.exe
PRC - [2012/10/07 22:01:38 | 022,084,672 | ---- | M] (ArenaNet) -- D:\GW2\Guild Wars 2\Gw2.exe
PRC - [2012/09/07 16:28:28 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/09/05 13:06:33 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012/08/21 04:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/18 21:04:16 | 003,076,096 | ---- | M] (RAIDCALL.COM) -- C:\Program Files (x86)\RaidCall\raidcall.exe
PRC - [2011/12/17 12:43:30 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2008/01/24 19:53:16 | 000,613,376 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/07 22:08:50 | 020,209,216 | ---- | M] () -- C:\Users\Joey\AppData\Local\Temp\gw2cache-{479E2904-2601-1601-0729-9E4701260116}\awesomium.dll
MOD - [2012/10/07 22:08:50 | 000,037,440 | ---- | M] () -- C:\Users\Joey\AppData\Local\Temp\gw2cache-{479E2904-2601-1601-0729-9E4701260116}\awesomium_process.exe
MOD - [2012/09/07 16:28:07 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/09/05 13:06:32 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012/07/12 21:49:24 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\RaidCall\skin.dll
MOD - [2012/06/17 20:23:56 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\RaidCall\crashreport.dll
MOD - [2011/12/17 12:43:16 | 000,349,504 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2008/01/24 19:53:16 | 000,613,376 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
MOD - [2008/01/18 01:46:20 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.59\cpuutil.dll
MOD - [2006/01/11 01:50:20 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005/06/23 02:39:56 | 000,204,851 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.59\PowerDll.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/07 16:28:27 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/17 16:05:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/12/17 12:43:30 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 04:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 04:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 04:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 04:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 04:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/21 04:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/09 01:06:36 | 000,125,376 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009/11/01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/07/22 08:42:58 | 000,060,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2007/08/02 10:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2007/07/23 08:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/03/20 10:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV:64bit: - [2006/12/05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV:64bit: - [2006/11/01 16:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9851
IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9851&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3682910699-1944416668-682825106-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9851
IE - HKU\S-1-5-21-3682910699-1944416668-682825106-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3682910699-1944416668-682825106-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C 87 E4 F8 1D ED CC 01 [binary data]
IE - HKU\S-1-5-21-3682910699-1944416668-682825106-1001\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKU\S-1-5-21-3682910699-1944416668-682825106-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3682910699-1944416668-682825106-1001\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9851&q={searchTerms}
IE - HKU\S-1-5-21-3682910699-1944416668-682825106-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3682910699-1944416668-682825106-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyTools"
FF - prefs.js..browser.search.order.1: "MyTools"
FF - prefs.js..browser.search.selectedEngine: "MyTools"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledAddons: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.5.9
FF - prefs.js..extensions.enabledAddons: wfmqnbkeol@wfmqnbkeol.org:2.5
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.3
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
FF - prefs.js..keyword.URL: "http://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9851&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Joey\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/07 13:23:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 16:28:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 16:28:04 | 000,000,000 | ---D | M]

[2012/02/16 21:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joey\AppData\Roaming\Mozilla\Extensions
[2012/10/03 01:21:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\pcdmj186.default\extensions
[2012/08/28 01:53:02 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\pcdmj186.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[1832/11/28 23:22:58 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\pcdmj186.default\extensions\wfmqnbkeol@wfmqnbkeol.org.xpi
[2012/10/03 01:21:06 | 000,257,937 | ---- | M] () (No name found) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\pcdmj186.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/02/22 23:40:01 | 000,000,544 | ---- | M] () -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\pcdmj186.default\searchplugins\MyTools.xml
[2012/09/07 16:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/07 13:23:28 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/07 16:28:28 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/06 19:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/08/17 19:28:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/06 19:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/08/31 09:58:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/31 09:58:30 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Joey\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Joey\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Joey\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Client Gateway 4.1.15 (Enabled) = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0\nprpspa.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Joey\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Joey\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Angry Birds = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.8_1\
CHR - Extension: Google Search = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Radialpoint SPD Extension = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0\
CHR - Extension: Gmail = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [PC Optimizer Pro] "C:\Program Files\PC Optimizer Pro\StartApps.exe" -s File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [RaidCall] C:\Program Files (x86)\RaidCall\raidcall.exe (RAIDCALL.COM)
O4 - HKU\S-1-5-21-3682910699-1944416668-682825106-1001..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-3682910699-1944416668-682825106-1001..\Run: [Spotify] C:\Users\Joey\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3682910699-1944416668-682825106-1001..\Run: [Spotify Web Helper] C:\Users\Joey\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-3682910699-1944416668-682825106-1001..\Run: [Steam] D:\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3682910699-1944416668-682825106-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3682910699-1944416668-682825106-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3682910699-1944416668-682825106-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3682910699-1944416668-682825106-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A06669DE-0934-4BC6-BB01-DF53374540F0}: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/24 15:37:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/08 00:43:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joey\Desktop\OTL.exe
[2012/10/07 21:54:38 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\Minecraft Stuff
[2012/10/07 21:54:08 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\aswMBR
[2012/10/07 21:53:03 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\Guild Wars Stuff
[2012/10/07 21:52:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/07 21:18:19 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\Joey\Desktop\ComboFix.exe.exe
[2012/10/07 15:42:39 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\Virus reports
[2012/10/07 13:50:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/07 13:49:39 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Joey\Desktop\TDSSKiller.exe
[2012/10/07 13:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/10/07 13:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/10/07 13:23:45 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/07 13:23:43 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/07 13:23:39 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/10/07 13:23:38 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/07 13:23:36 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/07 13:23:35 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/07 13:23:35 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/07 13:23:28 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/07 13:23:27 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/07 13:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/10/07 13:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/10/07 12:56:39 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/07 12:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/07 12:56:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/07 07:09:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/07 06:42:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/07 06:42:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/07 06:42:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/07 06:39:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/07 06:39:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/07 06:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
[2012/10/07 06:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\LockHunter
[2012/10/06 01:10:23 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Malwarebytes
[2012/10/06 01:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/06 00:12:40 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\Study Guides
[2012/10/06 00:12:24 | 000,000,000 | -H-D | C] -- C:\Users\Joey\Desktop\Tifa PC Game
[2012/09/19 00:07:36 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\raidcall
[2012/09/19 00:07:31 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
[2012/09/19 00:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
[2012/09/19 00:07:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RaidCall
[1 C:\Users\Joey\Desktop\*.tmp files -> C:\Users\Joey\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/08 00:43:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joey\Desktop\OTL.exe
[2012/10/08 00:38:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/08 00:01:00 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012/10/07 21:18:55 | 004,762,471 | R--- | M] (Swearware) -- C:\Users\Joey\Desktop\ComboFix.exe.exe
[2012/10/07 21:17:23 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 21:17:23 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 19:00:41 | 001,422,336 | ---- | M] () -- C:\Users\Joey\Desktop\RogueKiller.exe
[2012/10/07 15:43:58 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/07 15:19:49 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/07 14:28:27 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/07 14:28:27 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/07 14:28:27 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/07 14:23:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/07 14:23:39 | 536,174,591 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/07 13:23:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/10/07 12:56:40 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/07 12:21:04 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/19 00:07:31 | 000,001,007 | ---- | M] () -- C:\Users\Joey\Desktop\RaidCall.lnk
[2012/09/18 20:30:41 | 000,000,174 | ---- | M] () -- C:\Users\Joey\Desktop\Lunar Flight.url
[2012/09/18 14:10:55 | 000,000,200 | ---- | M] () -- C:\Users\Joey\Desktop\Plants vs. Zombies Game of the Year.url
[2012/09/17 19:25:14 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Joey\Desktop\TDSSKiller.exe
[2012/09/14 14:53:25 | 000,776,402 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\Users\Joey\Desktop\*.tmp files -> C:\Users\Joey\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/07 19:00:33 | 001,422,336 | ---- | C] () -- C:\Users\Joey\Desktop\RogueKiller.exe
[2012/10/07 13:23:51 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/07 13:23:50 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/07 13:23:46 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/07 13:23:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/10/07 12:56:40 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/07 06:42:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/07 06:42:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/07 06:42:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/07 06:42:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/07 06:42:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/19 00:07:31 | 000,001,007 | ---- | C] () -- C:\Users\Joey\Desktop\RaidCall.lnk
[2012/09/18 20:30:41 | 000,000,174 | ---- | C] () -- C:\Users\Joey\Desktop\Lunar Flight.url
[2012/09/18 14:10:55 | 000,000,200 | ---- | C] () -- C:\Users\Joey\Desktop\Plants vs. Zombies Game of the Year.url
[2012/08/02 16:06:22 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/03/30 11:44:06 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2012/03/07 00:36:56 | 000,776,402 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/26 13:35:27 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012/02/26 13:35:27 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/02/26 13:34:37 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/12/17 12:43:40 | 000,406,336 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/04 14:58:09 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\.minecraft
[2012/08/14 21:37:28 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\.techniclauncher
[2012/06/16 23:49:32 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Audacity
[2012/02/17 00:50:08 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\AVG2012
[2012/10/07 15:20:15 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Dropbox
[2012/03/14 10:23:58 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\HTC
[2012/03/14 09:52:23 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012/07/10 20:43:30 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\LockHunter
[2012/03/30 15:01:59 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\LolClient
[2012/04/30 13:10:47 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\OpenOffice.org
[2012/06/08 05:22:03 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Radialpoint
[2012/09/19 00:07:36 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\raidcall
[2012/10/07 15:24:58 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Spotify
[2012/08/01 01:22:48 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\System
[2012/05/13 12:21:38 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Unity
[2012/10/07 21:12:58 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\uTorrent
[2002/01/01 00:37:02 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Windstream
[2012/08/01 01:23:51 | 000,000,000 | -HSD | M] -- C:\Users\Joey\AppData\Roaming\wyUpdate AU

========== Purity Check ==========



< End of report >
 
OTL Extras logfile created on: 10/8/2012 12:44:33 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joey\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 32.54% Memory free
12.00 Gb Paging File | 7.95 Gb Available in Paging File | 66.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69.23 Gb Total Space | 21.72 Gb Free Space | 31.37% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 75.70 Gb Free Space | 32.51% Space Free | Partition Type: NTFS

Computer Name: CERBERUS | User Name: Joey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3682910699-1944416668-682825106-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C16B348-0850-431D-B19E-DFA001ACF0CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{118E442F-7FC9-4B8C-AC81-9E73F7EE0DE2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{14A777F3-D37E-4F83-89C5-1693B06C3662}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27D0CD1F-E77A-4772-BB36-53F4E8C5C6B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{2AA304CA-7CE1-481B-AA8F-8FEA07B0063D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2DD84582-7C2E-47C5-86F9-0832602B64BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36150B85-288F-48DD-9BEF-88DF556654D5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3AEEF256-A1BB-4784-BD09-D384FE997C05}" = rport=138 | protocol=17 | dir=out | app=system |
"{3EABC4BF-B5C4-4630-8F5A-36FA4877477B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4065EDB8-A180-4FC5-ACE5-1E2B0DCD627C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4D71B530-68F4-4218-9F6E-668AA2B37CD2}" = lport=138 | protocol=17 | dir=in | app=system |
"{514F7A67-DC48-4F60-9C1E-E8065CB79967}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60D394E0-1A4C-4FDC-8B32-08F3043AF58E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{73209315-5578-47C0-B125-D54912072F2C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78CBBD18-71EB-4A06-B612-DD495CE51C7E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A860793-6954-4045-AE2E-E85085F442BB}" = rport=445 | protocol=6 | dir=out | app=system |
"{907751F0-3AB3-4445-96E2-13E18D82BED0}" = rport=139 | protocol=6 | dir=out | app=system |
"{A25BE597-34E3-4897-A56E-B76C75EE9FB2}" = lport=445 | protocol=6 | dir=in | app=system |
"{AE4ED53C-7674-44C4-A601-965D09F2D161}" = lport=137 | protocol=17 | dir=in | app=system |
"{BE01BBE3-2433-4BE4-AE6C-C15DBDE6121B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D5403E9E-2485-4B29-9424-CA0624752E70}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{D8B2C64A-BF5C-4078-870B-8BEF5CA85077}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D994F65D-A464-46D4-9CAD-7783F1D97963}" = lport=139 | protocol=6 | dir=in | app=system |
"{FB2EE4AF-CE7E-4342-8006-8B62A90DC985}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B58B28-7FFC-4D8F-BA0C-36F2482369DB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{08A5D5C8-E74D-4903-8B6B-7CFBD0B2CDC8}" = protocol=6 | dir=in | app=c:\users\joey\desktop\minecraft.exe |
"{090C222F-C732-4495-A567-9FBE36C87C56}" = protocol=6 | dir=out | app=system |
"{09246D93-D6C9-4943-A88E-1B741896A54F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{1DB50AC9-0F05-499C-85C7-85A5FA5B42EE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{1FB7F54F-73A7-4B3F-AE37-E16CC0F4CCE4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{20B841A3-4DB9-4C25-861A-EA52E862CF99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2FEDCB01-11C4-4745-84A6-79E68681A8CB}" = protocol=17 | dir=in | app=d:\hamachi\hamachi-2-ui.exe |
"{36E22A97-9807-479D-B652-5B6B0945ABA5}" = protocol=17 | dir=in | app=c:\users\joey\appdata\roaming\spotify\spotify.exe |
"{3CC5F8E7-4EEF-4B8E-8B95-8A7D650E194B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{439A2F2A-4E39-46E1-AB62-223A7DAB346C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{43F4FF84-6463-42DA-8DAF-B33851C43CE5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{449BD0E3-BB92-45DA-9766-A68D61D0FC8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{44DBAA3C-5BE4-4FD0-BC34-B54B382F5F55}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4703747F-C3F6-483E-98A6-73436A89577F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\universe sandbox\universe sandbox.exe |
"{51EEF4C1-BE02-4946-9C10-554923A9A062}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{57B3E126-2427-43FF-BC2B-B2A2D7EBCE5D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5811A3C6-4A23-4EE6-AF7C-C608DEAA1CCA}" = protocol=17 | dir=in | app=c:\users\joey\appdata\roaming\spotify\spotify.exe |
"{58ED4465-6C13-487E-8B34-AEC9A51EE631}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{58FF8E41-57E9-4C0B-A65A-8A2E876DBFEE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5ED77DEB-B0CD-4F47-BA61-B5DE5BA3EFDA}" = protocol=6 | dir=in | app=c:\users\joey\appdata\roaming\dropbox\bin\dropbox.exe |
"{5F2C986D-77A2-4A8D-B63E-7823660CA2A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F3AE131-D55E-4F3B-A7A0-9ACA0EB02A39}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{68A6FD13-A1F8-4860-96C7-487BE395C76B}" = protocol=6 | dir=in | app=c:\users\joey\desktop\minecraft_server.exe |
"{68FDE18F-191C-4E5D-8609-89550A177748}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{69A54CC0-1EE6-47D6-A618-6F1ED9445144}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{6B2B44E2-489D-4DA5-B270-4DB9576E916F}" = dir=in | app=d:\itunes\itunes.exe |
"{6BE834CC-10BF-4436-B682-3F0E0F6CF80A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{761EFB8A-BC4C-4403-B50F-A2FCBF65454F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{76414E5F-1308-4C03-BD92-A9B9060966EC}" = protocol=6 | dir=in | app=c:\users\joey\appdata\roaming\spotify\spotify.exe |
"{7769C8C2-5F03-47CC-A8A3-FEBB6F8E5267}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{7B7A601F-4335-4F38-90E3-2C6B770859EF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{7C75275D-9A8E-41E5-9DA7-188092EAF214}" = protocol=6 | dir=in | app=d:\hamachi\hamachi-2-ui.exe |
"{7CA27101-E344-42A5-BAAC-4592081752E5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{81636C7A-CDB9-4588-A61C-E969104B2979}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe |
"{81C57912-42E1-40B2-8D11-9E83488071A4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{827960E4-824E-4212-B907-D7F9D6215D59}" = protocol=17 | dir=in | app=c:\users\joey\desktop\minecraft_server.exe |
"{869117D9-DAF8-4EA4-9101-5F4BED8728A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8D7D7F99-880E-4B6E-AB57-B1DBB70DF010}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{932DEA4C-B4C6-44AB-9F38-EE55E8B47B9F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{962A662A-6BD8-4793-B756-9785F1FB8BEB}" = protocol=17 | dir=in | app=c:\users\joey\appdata\roaming\dropbox\bin\dropbox.exe |
"{97747DEF-D7C7-4B74-876C-C1A4B4A7143D}" = protocol=17 | dir=in | app=c:\users\joey\desktop\minecraft.exe |
"{98B44002-7D5D-4B38-AB51-75FF38ACA5E5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9961F9AB-0762-4999-BC30-37DDD7195310}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A0203149-F15A-4567-85B6-F825C56ACB77}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A1D24FB8-B7DE-46A8-879F-FD25A3C1547D}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{A7FB30E7-AFB5-4A72-B44B-CD6A89E3746C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{ADB08378-CB8B-4EAE-98A7-0494299F2557}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe |
"{B1576571-EA30-4084-A404-32AD970B4EF1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B2B56140-E653-4BDB-95AF-70BE8B708FC4}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{B3F57C9E-0BBE-4DED-8BAD-26C63678BF14}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BCE9B92C-0BB9-4883-80C3-BEAD9426F2A5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BF339182-F693-49FA-BBFC-75A4BA8084C1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C1A3317F-F97A-473D-B28C-004E8D96D926}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\universe sandbox\universe sandbox.exe |
"{C8FD125A-378A-440C-A4FE-74752CE2D1DF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{C9B32681-EECA-4859-B1BE-0C746F936E3E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D6BF563E-56B1-4E80-97DC-5CF22E30D227}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DC11489B-1878-457B-BAED-D528487D3EAB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{DF9B6B6E-3F8A-4D9D-B328-3BA9714BB2C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7094D16-0F12-4E75-AF0F-833175AAAD94}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{E8F5170A-A878-4BA8-85D3-B06A3F85B412}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{EB0ED535-238F-42A7-8D5A-68D937CC4164}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F257DB4D-4ABB-42DB-8AB3-B61D98139F25}" = protocol=6 | dir=in | app=c:\users\joey\appdata\roaming\spotify\spotify.exe |
"{F457CC0F-BD12-4DD3-BE47-7B05532145E9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F79C61C9-5572-4C50-B824-5162A481D5FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF09C69E-1356-4F10-A691-2AD9624A1807}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{0D1F2AA8-3832-402A-9897-73F7AB037FD5}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{11D263F1-37A1-4393-B88D-2E3128EA5F32}C:\users\joey\desktop\gw2.exe" = protocol=6 | dir=in | app=c:\users\joey\desktop\gw2.exe |
"TCP Query User{1AC08A42-0950-4162-8690-85A78C984169}D:\steam\steamapps\promethius235\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\promethius235\team fortress 2\hl2.exe |
"TCP Query User{2E5C8C70-A70A-4F91-9FCD-813DF4DB1C24}D:\game files\tera\tera-launcher.exe" = protocol=6 | dir=in | app=d:\game files\tera\tera-launcher.exe |
"TCP Query User{35A002F8-5963-445B-9D17-5786FD4148D9}C:\users\joey\downloads\gw2.exe" = protocol=6 | dir=in | app=c:\users\joey\downloads\gw2.exe |
"TCP Query User{42786A38-7F08-4E2E-8B6A-B382B0354F79}D:\gw2\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\gw2\guild wars 2\gw2.exe |
"TCP Query User{451F0DA9-9223-4046-8FBE-0D0FF4B3D110}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{6420AD8B-3F0E-4A4A-8050-24395BBC4400}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{6AB3B1C3-F460-4A84-AC2E-EB10259845F2}C:\users\joey\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\joey\appdata\local\temp\gw2.exe |
"TCP Query User{82D5061D-AE3A-4575-A665-E8BB007C7DC3}D:\steam\steamapps\common\champions online\champions online\live\gameclient.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\champions online\champions online\live\gameclient.exe |
"TCP Query User{87165C59-F0D9-4F19-BF8B-8221F7C7ED78}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{C5BAD78B-1026-4BA3-AA1C-6B4B0A28E29A}D:\gw2\gw2.exe" = protocol=6 | dir=in | app=d:\gw2\gw2.exe |
"TCP Query User{D29D7FF1-D069-4A4D-83A5-598261434321}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"TCP Query User{E7936447-2A0E-4568-9A69-450E6C64631C}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{155307FF-1113-41C5-A7EB-D655AF032D28}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{172099B4-BFD8-4E3B-9CC7-BD6257922F9E}D:\game files\tera\tera-launcher.exe" = protocol=17 | dir=in | app=d:\game files\tera\tera-launcher.exe |
"UDP Query User{242A5758-224B-463B-815D-5DBF44D1E6D9}D:\steam\steamapps\common\champions online\champions online\live\gameclient.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\champions online\champions online\live\gameclient.exe |
"UDP Query User{32DE79EA-7A34-4F17-B45C-4420034E345F}C:\users\joey\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\joey\appdata\local\temp\gw2.exe |
"UDP Query User{4C5559EB-4DEE-4902-8E4D-B2750FFBA9A5}D:\gw2\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\gw2\guild wars 2\gw2.exe |
"UDP Query User{70A00C33-CF6F-4665-BB0D-682CC31C154C}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{73FEA549-D68D-47D6-A316-16795BC425DF}C:\users\joey\desktop\gw2.exe" = protocol=17 | dir=in | app=c:\users\joey\desktop\gw2.exe |
"UDP Query User{77CB0136-D9F2-408B-A860-C99896D0B610}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{AB966391-9B15-4380-8106-8F5926A40C48}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"UDP Query User{C33454A7-EEA7-47DB-88D0-2E4871CA274E}D:\gw2\gw2.exe" = protocol=17 | dir=in | app=d:\gw2\gw2.exe |
"UDP Query User{E517D544-D746-4E45-99C2-A2B1D4927267}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{E944B586-7C47-4D89-9B7A-EA859700EFF3}D:\steam\steamapps\promethius235\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\promethius235\team fortress 2\hl2.exe |
"UDP Query User{F0FBC825-14BD-47A0-BA3E-A603DC3C71BB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{F3C3A2FE-623A-448A-9900-C9B96217BADF}C:\users\joey\downloads\gw2.exe" = protocol=17 | dir=in | app=c:\users\joey\downloads\gw2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{710D4D91-1924-4A6B-8659-9CDE02DC7207}" = HP Deskjet 3050A J611 series Product Improvement Study
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 290.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 290.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 290.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 290.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.6.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FB555BCF-9202-4886-9203-88C9A210D727}" = HP Deskjet 3050A J611 series Basic Device Software
"LockHunter_is1" = LockHunter 2.0 beta 2, 64 bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3FFA58-876F-489C-B6CF-0503916224DF}" = HTC Sync
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"AC3Filter" = AC3Filter (remove only)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 2.0
"avast" = avast! Free Antivirus
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Fraps" = Fraps (remove only)
"Guild Wars 2" = Guild Wars 2
"HP Photo Creations" = HP Photo Creations
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PowerISO" = PowerISO
"RaidCall" = RaidCall
"Steam App 208600" = Lunar Flight
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 72200" = Universe Sandbox
"Steam App 8930" = Sid Meier's Civilization V
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3682910699-1944416668-682825106-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"JoinMe" = join.me
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/7/2012 7:50:22 AM | Computer Name = Cerberus | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 0.0.0.0, time stamp:
0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process id:
0x1198 Faulting application start time: 0x01cda481bc39dd3d Faulting application path:
\\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 2c7287af-1075-11e2-8ffb-0014d11cd04e

Error - 10/7/2012 7:50:22 AM | Computer Name = Cerberus | Source = Application Error | ID = 1000
Description = Faulting application name: htcUPCTLoader.exe, version: 1.0.2.34, time
stamp: 0x4ecdfba9 Faulting module name: HtcDetect.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4eeffe8e Exception code: 0xc0000005 Fault offset: 0x0552efad Faulting
process id: 0xe80 Faulting application start time: 0x01cda481b580e8a6 Faulting application
path: C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe Faulting module
path: HtcDetect.dll Report Id: 2c74e910-1075-11e2-8ffb-0014d11cd04e

Error - 10/7/2012 7:53:13 AM | Computer Name = Cerberus | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x15f0 Faulting application start time: 0x01cda481f5b820bc Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 9283e8cf-1075-11e2-8ffb-0014d11cd04e

Error - 10/7/2012 1:48:04 PM | Computer Name = Cerberus | Source = WinMgmt | ID = 10
Description =

Error - 10/7/2012 1:52:33 PM | Computer Name = Cerberus | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x1250 Faulting application start time: 0x01cda4b3d20b75cf Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: c4ece032-10a7-11e2-a070-0014d11cd04e

Error - 10/7/2012 1:59:09 PM | Computer Name = Cerberus | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x1454 Faulting application start time: 0x01cda4b48ec02ab8 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: b0d649cc-10a8-11e2-a070-0014d11cd04e

Error - 10/7/2012 2:40:22 PM | Computer Name = Cerberus | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x1028 Faulting application start time: 0x01cda4b579aed0e4 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 733ea046-10ae-11e2-a070-0014d11cd04e

Error - 10/7/2012 2:46:05 PM | Computer Name = Cerberus | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x16ac Faulting application start time: 0x01cda4bb3d3420a0 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 3f580f38-10af-11e2-a070-0014d11cd04e

Error - 10/7/2012 3:25:30 PM | Computer Name = Cerberus | Source = WinMgmt | ID = 10
Description =

Error - 10/7/2012 10:13:09 PM | Computer Name = Cerberus | Source = Application Error | ID = 1000
Description = Faulting application name: nvtray.exe, version: 7.17.12.9053, time
stamp: 0x4eeceb2e Faulting module name: nvtray.exe, version: 7.17.12.9053, time
stamp: 0x4eeceb2e Exception code: 0x40000015 Fault offset: 0x0000000000153481 Faulting
process id: 0xfdc Faulting application start time: 0x01cda4c91fa82de6 Faulting application
path: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe Faulting module path:
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe Report Id: b3f23d8b-10ed-11e2-af50-0014d11cd04e

[ System Events ]
Error - 10/7/2012 10:13:08 PM | Computer Name = Cerberus | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 10/7/2012 10:19:31 PM | Computer Name = Cerberus | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/7/2012 10:19:31 PM | Computer Name = Cerberus | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/7/2012 10:22:07 PM | Computer Name = Cerberus | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/7/2012 10:24:17 PM | Computer Name = Cerberus | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/7/2012 10:24:40 PM | Computer Name = Cerberus | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/7/2012 10:24:40 PM | Computer Name = Cerberus | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/7/2012 10:24:45 PM | Computer Name = Cerberus | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/7/2012 10:24:45 PM | Computer Name = Cerberus | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/7/2012 10:24:46 PM | Computer Name = Cerberus | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >
 
OTL Extras logfile created on: 10/8/2012 12:44:33 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joey\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 32.54% Memory free
12.00 Gb Paging File | 7.95 Gb Available in Paging File | 66.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69.23 Gb Total Space | 21.72 Gb Free Space | 31.37% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 75.70 Gb Free Space | 32.51% Space Free | Partition Type: NTFS

Computer Name: CERBERUS | User Name: Joey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3682910699-1944416668-682825106-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C16B348-0850-431D-B19E-DFA001ACF0CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{118E442F-7FC9-4B8C-AC81-9E73F7EE0DE2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{14A777F3-D37E-4F83-89C5-1693B06C3662}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27D0CD1F-E77A-4772-BB36-53F4E8C5C6B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{2AA304CA-7CE1-481B-AA8F-8FEA07B0063D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2DD84582-7C2E-47C5-86F9-0832602B64BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36150B85-288F-48DD-9BEF-88DF556654D5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3AEEF256-A1BB-4784-BD09-D384FE997C05}" = rport=138 | protocol=17 | dir=out | app=system |
"{3EABC4BF-B5C4-4630-8F5A-36FA4877477B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4065EDB8-A180-4FC5-ACE5-1E2B0DCD627C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4D71B530-68F4-4218-9F6E-668AA2B37CD2}" = lport=138 | protocol=17 | dir=in | app=system |
"{514F7A67-DC48-4F60-9C1E-E8065CB79967}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60D394E0-1A4C-4FDC-8B32-08F3043AF58E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{73209315-5578-47C0-B125-D54912072F2C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78CBBD18-71EB-4A06-B612-DD495CE51C7E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A860793-6954-4045-AE2E-E85085F442BB}" = rport=445 | protocol=6 | dir=out | app=system |
"{907751F0-3AB3-4445-96E2-13E18D82BED0}" = rport=139 | protocol=6 | dir=out | app=system |
"{A25BE597-34E3-4897-A56E-B76C75EE9FB2}" = lport=445 | protocol=6 | dir=in | app=system |
"{AE4ED53C-7674-44C4-A601-965D09F2D161}" = lport=137 | protocol=17 | dir=in | app=system |
"{BE01BBE3-2433-4BE4-AE6C-C15DBDE6121B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D5403E9E-2485-4B29-9424-CA0624752E70}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{D8B2C64A-BF5C-4078-870B-8BEF5CA85077}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D994F65D-A464-46D4-9CAD-7783F1D97963}" = lport=139 | protocol=6 | dir=in | app=system |
"{FB2EE4AF-CE7E-4342-8006-8B62A90DC985}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B58B28-7FFC-4D8F-BA0C-36F2482369DB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{08A5D5C8-E74D-4903-8B6B-7CFBD0B2CDC8}" = protocol=6 | dir=in | app=c:\users\joey\desktop\minecraft.exe |
"{090C222F-C732-4495-A567-9FBE36C87C56}" = protocol=6 | dir=out | app=system |
"{09246D93-D6C9-4943-A88E-1B741896A54F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{1DB50AC9-0F05-499C-85C7-85A5FA5B42EE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{1FB7F54F-73A7-4B3F-AE37-E16CC0F4CCE4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{20B841A3-4DB9-4C25-861A-EA52E862CF99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2FEDCB01-11C4-4745-84A6-79E68681A8CB}" = protocol=17 | dir=in | app=d:\hamachi\hamachi-2-ui.exe |
"{36E22A97-9807-479D-B652-5B6B0945ABA5}" = protocol=17 | dir=in | app=c:\users\joey\appdata\roaming\spotify\spotify.exe |
"{3CC5F8E7-4EEF-4B8E-8B95-8A7D650E194B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{439A2F2A-4E39-46E1-AB62-223A7DAB346C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{43F4FF84-6463-42DA-8DAF-B33851C43CE5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{449BD0E3-BB92-45DA-9766-A68D61D0FC8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{44DBAA3C-5BE4-4FD0-BC34-B54B382F5F55}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4703747F-C3F6-483E-98A6-73436A89577F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\universe sandbox\universe sandbox.exe |
"{51EEF4C1-BE02-4946-9C10-554923A9A062}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{57B3E126-2427-43FF-BC2B-B2A2D7EBCE5D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5811A3C6-4A23-4EE6-AF7C-C608DEAA1CCA}" = protocol=17 | dir=in | app=c:\users\joey\appdata\roaming\spotify\spotify.exe |
"{58ED4465-6C13-487E-8B34-AEC9A51EE631}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{58FF8E41-57E9-4C0B-A65A-8A2E876DBFEE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5ED77DEB-B0CD-4F47-BA61-B5DE5BA3EFDA}" = protocol=6 | dir=in | app=c:\users\joey\appdata\roaming\dropbox\bin\dropbox.exe |
"{5F2C986D-77A2-4A8D-B63E-7823660CA2A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F3AE131-D55E-4F3B-A7A0-9ACA0EB02A39}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{68A6FD13-A1F8-4860-96C7-487BE395C76B}" = protocol=6 | dir=in | app=c:\users\joey\desktop\minecraft_server.exe |
"{68FDE18F-191C-4E5D-8609-89550A177748}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{69A54CC0-1EE6-47D6-A618-6F1ED9445144}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{6B2B44E2-489D-4DA5-B270-4DB9576E916F}" = dir=in | app=d:\itunes\itunes.exe |
"{6BE834CC-10BF-4436-B682-3F0E0F6CF80A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{761EFB8A-BC4C-4403-B50F-A2FCBF65454F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{76414E5F-1308-4C03-BD92-A9B9060966EC}" = protocol=6 | dir=in | app=c:\users\joey\appdata\roaming\spotify\spotify.exe |
"{7769C8C2-5F03-47CC-A8A3-FEBB6F8E5267}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{7B7A601F-4335-4F38-90E3-2C6B770859EF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{7C75275D-9A8E-41E5-9DA7-188092EAF214}" = protocol=6 | dir=in | app=d:\hamachi\hamachi-2-ui.exe |
"{7CA27101-E344-42A5-BAAC-4592081752E5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{81636C7A-CDB9-4588-A61C-E969104B2979}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe |
"{81C57912-42E1-40B2-8D11-9E83488071A4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{827960E4-824E-4212-B907-D7F9D6215D59}" = protocol=17 | dir=in | app=c:\users\joey\desktop\minecraft_server.exe |
"{869117D9-DAF8-4EA4-9101-5F4BED8728A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8D7D7F99-880E-4B6E-AB57-B1DBB70DF010}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{932DEA4C-B4C6-44AB-9F38-EE55E8B47B9F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{962A662A-6BD8-4793-B756-9785F1FB8BEB}" = protocol=17 | dir=in | app=c:\users\joey\appdata\roaming\dropbox\bin\dropbox.exe |
"{97747DEF-D7C7-4B74-876C-C1A4B4A7143D}" = protocol=17 | dir=in | app=c:\users\joey\desktop\minecraft.exe |
"{98B44002-7D5D-4B38-AB51-75FF38ACA5E5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9961F9AB-0762-4999-BC30-37DDD7195310}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A0203149-F15A-4567-85B6-F825C56ACB77}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A1D24FB8-B7DE-46A8-879F-FD25A3C1547D}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{A7FB30E7-AFB5-4A72-B44B-CD6A89E3746C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{ADB08378-CB8B-4EAE-98A7-0494299F2557}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe |
"{B1576571-EA30-4084-A404-32AD970B4EF1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B2B56140-E653-4BDB-95AF-70BE8B708FC4}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{B3F57C9E-0BBE-4DED-8BAD-26C63678BF14}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BCE9B92C-0BB9-4883-80C3-BEAD9426F2A5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BF339182-F693-49FA-BBFC-75A4BA8084C1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C1A3317F-F97A-473D-B28C-004E8D96D926}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\universe sandbox\universe sandbox.exe |
"{C8FD125A-378A-440C-A4FE-74752CE2D1DF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{C9B32681-EECA-4859-B1BE-0C746F936E3E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D6BF563E-56B1-4E80-97DC-5CF22E30D227}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DC11489B-1878-457B-BAED-D528487D3EAB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{DF9B6B6E-3F8A-4D9D-B328-3BA9714BB2C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7094D16-0F12-4E75-AF0F-833175AAAD94}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{E8F5170A-A878-4BA8-85D3-B06A3F85B412}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{EB0ED535-238F-42A7-8D5A-68D937CC4164}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F257DB4D-4ABB-42DB-8AB3-B61D98139F25}" = protocol=6 | dir=in | app=c:\users\joey\appdata\roaming\spotify\spotify.exe |
"{F457CC0F-BD12-4DD3-BE47-7B05532145E9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F79C61C9-5572-4C50-B824-5162A481D5FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF09C69E-1356-4F10-A691-2AD9624A1807}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{0D1F2AA8-3832-402A-9897-73F7AB037FD5}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{11D263F1-37A1-4393-B88D-2E3128EA5F32}C:\users\joey\desktop\gw2.exe" = protocol=6 | dir=in | app=c:\users\joey\desktop\gw2.exe |
"TCP Query User{1AC08A42-0950-4162-8690-85A78C984169}D:\steam\steamapps\promethius235\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\promethius235\team fortress 2\hl2.exe |
"TCP Query User{2E5C8C70-A70A-4F91-9FCD-813DF4DB1C24}D:\game files\tera\tera-launcher.exe" = protocol=6 | dir=in | app=d:\game files\tera\tera-launcher.exe |
"TCP Query User{35A002F8-5963-445B-9D17-5786FD4148D9}C:\users\joey\downloads\gw2.exe" = protocol=6 | dir=in | app=c:\users\joey\downloads\gw2.exe |
"TCP Query User{42786A38-7F08-4E2E-8B6A-B382B0354F79}D:\gw2\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\gw2\guild wars 2\gw2.exe |
"TCP Query User{451F0DA9-9223-4046-8FBE-0D0FF4B3D110}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{6420AD8B-3F0E-4A4A-8050-24395BBC4400}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{6AB3B1C3-F460-4A84-AC2E-EB10259845F2}C:\users\joey\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\joey\appdata\local\temp\gw2.exe |
"TCP Query User{82D5061D-AE3A-4575-A665-E8BB007C7DC3}D:\steam\steamapps\common\champions online\champions online\live\gameclient.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\champions online\champions online\live\gameclient.exe |
"TCP Query User{87165C59-F0D9-4F19-BF8B-8221F7C7ED78}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{C5BAD78B-1026-4BA3-AA1C-6B4B0A28E29A}D:\gw2\gw2.exe" = protocol=6 | dir=in | app=d:\gw2\gw2.exe |
"TCP Query User{D29D7FF1-D069-4A4D-83A5-598261434321}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"TCP Query User{E7936447-2A0E-4568-9A69-450E6C64631C}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{155307FF-1113-41C5-A7EB-D655AF032D28}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{172099B4-BFD8-4E3B-9CC7-BD6257922F9E}D:\game files\tera\tera-launcher.exe" = protocol=17 | dir=in | app=d:\game files\tera\tera-launcher.exe |
"UDP Query User{242A5758-224B-463B-815D-5DBF44D1E6D9}D:\steam\steamapps\common\champions online\champions online\live\gameclient.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\champions online\champions online\live\gameclient.exe |
"UDP Query User{32DE79EA-7A34-4F17-B45C-4420034E345F}C:\users\joey\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\joey\appdata\local\temp\gw2.exe |
"UDP Query User{4C5559EB-4DEE-4902-8E4D-B2750FFBA9A5}D:\gw2\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\gw2\guild wars 2\gw2.exe |
"UDP Query User{70A00C33-CF6F-4665-BB0D-682CC31C154C}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{73FEA549-D68D-47D6-A316-16795BC425DF}C:\users\joey\desktop\gw2.exe" = protocol=17 | dir=in | app=c:\users\joey\desktop\gw2.exe |
"UDP Query User{77CB0136-D9F2-408B-A860-C99896D0B610}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{AB966391-9B15-4380-8106-8F5926A40C48}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"UDP Query User{C33454A7-EEA7-47DB-88D0-2E4871CA274E}D:\gw2\gw2.exe" = protocol=17 | dir=in | app=d:\gw2\gw2.exe |
"UDP Query User{E517D544-D746-4E45-99C2-A2B1D4927267}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{E944B586-7C47-4D89-9B7A-EA859700EFF3}D:\steam\steamapps\promethius235\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\promethius235\team fortress 2\hl2.exe |
"UDP Query User{F0FBC825-14BD-47A0-BA3E-A603DC3C71BB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{F3C3A2FE-623A-448A-9900-C9B96217BADF}C:\users\joey\downloads\gw2.exe" = protocol=17 | dir=in | app=c:\users\joey\downloads\gw2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{710D4D91-1924-4A6B-8659-9CDE02DC7207}" = HP Deskjet 3050A J611 series Product Improvement Study
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 290.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 290.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 290.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 290.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.6.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FB555BCF-9202-4886-9203-88C9A210D727}" = HP Deskjet 3050A J611 series Basic Device Software
"LockHunter_is1" = LockHunter 2.0 beta 2, 64 bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3FFA58-876F-489C-B6CF-0503916224DF}" = HTC Sync
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"AC3Filter" = AC3Filter (remove only)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 2.0
"avast" = avast! Free Antivirus
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Fraps" = Fraps (remove only)
"Guild Wars 2" = Guild Wars 2
"HP Photo Creations" = HP Photo Creations
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PowerISO" = PowerISO
"RaidCall" = RaidCall
"Steam App 208600" = Lunar Flight
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 72200" = Universe Sandbox
"Steam App 8930" = Sid Meier's Civilization V
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3682910699-1944416668-682825106-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"JoinMe" = join.me
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/7/2012 7:50:22 AM | Computer Name = Cerberus | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 0.0.0.0, time stamp:
0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process id:
0x1198 Faulting application start time: 0x01cda481bc39dd3d Faulting application path:
\\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 2c7287af-1075-11e2-8ffb-0014d11cd04e

Error - 10/7/2012 7:50:22 AM | Computer Name = Cerberus | Source = Application Error | ID = 1000
Description = Faulting application name: htcUPCTLoader.exe, version: 1.0.2.34, time
stamp: 0x4ecdfba9 Faulting module name: HtcDetect.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4eeffe8e Exception code: 0xc0000005 Fault offset: 0x0552efad Faulting
process id: 0xe80 Faulting application start time: 0x01cda481b580e8a6 Faulting application
path: C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe Faulting module
path: HtcDetect.dll Report Id: 2c74e910-1075-11e2-8ffb-0014d11cd04e

Error - 10/7/2012 7:53:13 AM | Computer Name = Cerberus | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x15f0 Faulting application start time: 0x01cda481f5b820bc Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 9283e8cf-1075-11e2-8ffb-0014d11cd04e

Error - 10/7/2012 1:48:04 PM | Computer Name = Cerberus | Source = WinMgmt | ID = 10
Description =

Error - 10/7/2012 1:52:33 PM | Computer Name = Cerberus | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x1250 Faulting application start time: 0x01cda4b3d20b75cf Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: c4ece032-10a7-11e2-a070-0014d11cd04e

Error - 10/7/2012 1:59:09 PM | Computer Name = Cerberus | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x1454 Faulting application start time: 0x01cda4b48ec02ab8 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: b0d649cc-10a8-11e2-a070-0014d11cd04e

Error - 10/7/2012 2:40:22 PM | Computer Name = Cerberus | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x1028 Faulting application start time: 0x01cda4b579aed0e4 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 733ea046-10ae-11e2-a070-0014d11cd04e

Error - 10/7/2012 2:46:05 PM | Computer Name = Cerberus | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x16ac Faulting application start time: 0x01cda4bb3d3420a0 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 3f580f38-10af-11e2-a070-0014d11cd04e

Error - 10/7/2012 3:25:30 PM | Computer Name = Cerberus | Source = WinMgmt | ID = 10
Description =

Error - 10/7/2012 10:13:09 PM | Computer Name = Cerberus | Source = Application Error | ID = 1000
Description = Faulting application name: nvtray.exe, version: 7.17.12.9053, time
stamp: 0x4eeceb2e Faulting module name: nvtray.exe, version: 7.17.12.9053, time
stamp: 0x4eeceb2e Exception code: 0x40000015 Fault offset: 0x0000000000153481 Faulting
process id: 0xfdc Faulting application start time: 0x01cda4c91fa82de6 Faulting application
path: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe Faulting module path:
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe Report Id: b3f23d8b-10ed-11e2-af50-0014d11cd04e

[ System Events ]
Error - 10/7/2012 10:13:08 PM | Computer Name = Cerberus | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 10/7/2012 10:19:31 PM | Computer Name = Cerberus | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/7/2012 10:19:31 PM | Computer Name = Cerberus | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/7/2012 10:22:07 PM | Computer Name = Cerberus | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/7/2012 10:24:17 PM | Computer Name = Cerberus | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/7/2012 10:24:40 PM | Computer Name = Cerberus | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/7/2012 10:24:40 PM | Computer Name = Cerberus | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/7/2012 10:24:45 PM | Computer Name = Cerberus | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/7/2012 10:24:45 PM | Computer Name = Cerberus | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/7/2012 10:24:46 PM | Computer Name = Cerberus | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O4:64bit: - HKLM..\Run: [PC Optimizer Pro] "C:\Program Files\PC Optimizer Pro\StartApps.exe" -s File not found
O4 - HKLM..\Run: [] File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

===============================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
785
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back