Solved Trojan?

VvWolverinevV

VvWolverinevV

Posts: 119   +0
My symptoms are that over the last couple of years, several of my accounts seem to have been compromised, one of them employing two-factor authentication. Please find my logs below. Please advise.

Thanks!



Malwarebytes Anti-Malware (Trial) 1.65.1.1000 said:
www.malwarebytes.org

Database version: v2012.12.13.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tag :: TAG-PC [administrator]

Protection: Enabled

12/13/2012 7:19:49 AM
mbam-log-2012-12-13 (07-19-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 317755
Time elapsed: 11 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Tag\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
Click to expand...

DDS (Ver_2012-11-20.01) - NTFS_AMD64 said:
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Tag at 7:39:04 on 2012-12-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.5009 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\IDrive\IDrivePlugin.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\Users\Tag\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Users\Tag\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Users\Tag\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\KatMouse\KatMouse.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://news.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [Google Update] "C:\Users\Tag\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [IDriveE Startup] "C:\IDrive\IDrvieEStartup.exe" Hide
uRun: [Spotify Web Helper] "C:\Users\Tag\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [WeatherMate] "C:\Program Files (x86)\WeatherMate\WeatherMate.exe"
mRun: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Tag\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\KatMouse.lnk - C:\Program Files (x86)\KatMouse\KatMouse.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:95
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %windir%\system32\vsocklib.dll
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{47A7885D-3642-4EE9-A4CC-C3D722C39785} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47A7885D-3642-4EE9-A4CC-C3D722C39785} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D9559A8C-9B2C-486D-B085-2343BD3ECA44} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll
AppInit_DLLs= C:\PROGRA~2\Google\GOOGLE~2\GoogleDesktopNetwork3.dll C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [TortoiseHgOverlayIconServer] C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tag\AppData\Roaming\Mozilla\Firefox\Profiles\12dfyxlk.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Tag\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Tag\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Tag\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Tag\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymDS64.sys [2011-10-30 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymEFA64.sys [2011-10-30 931448]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2012-9-10 70256]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20121130.011\BHDrvx64.sys [2012-10-25 1384608]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\Ironx64.sys [2011-10-30 171128]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\symnets.sys [2011-10-30 386168]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-4-30 190488]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-13 399432]
R2 OpenVPNAccessClient;OpenVPN Access Client;C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-8-12 24064]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe [2011-1-9 69632]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [2011-10-30 137224]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-8-1 917656]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-8-15 15680000]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-11 138912]
R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2007-5-11 1361952]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-4-30 30232]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-11 50208]
R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2007-5-11 3612704]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-1-8 25928]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
R3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2010-8-3 30720]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 IDriveE Service;IDriveE Service;C:\IDrive\IDriveE Service.exe [2012-4-10 157128]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-13 676936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-6 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-6 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2010-6-16 25832]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-21 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-9-9 30192]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2010-11-9 15360]
S3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2010-7-12 17920]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-13 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-13 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-13 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2012-12-15 12:24:37--------d-----w-C:\Program Files\iPod
2012-12-15 12:24:36--------d-----w-C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-15 12:24:36--------d-----w-C:\Program Files\iTunes
2012-12-15 12:24:36--------d-----w-C:\Program Files (x86)\iTunes
2012-12-13 12:25:17--------d-----w-C:\Users\Tag\AppData\Local\Spotify
2012-12-13 11:45:28--------d-----w-C:\Windows\Migration
2012-12-13 11:45:14--------d-----w-C:\Windows\SysWow64\Wat
2012-12-13 11:45:14--------d-----w-C:\Windows\System32\Wat
2012-12-13 11:40:1374240----a-w-C:\Windows\System32\wbem\NCProv.dll
2012-12-13 11:40:1358368----a-w-C:\Windows\System32\ncobjapi.dll
2012-12-13 11:40:1346080----a-w-C:\Windows\SysWow64\ncobjapi.dll
2012-12-13 11:34:589728----a-w-C:\Windows\System32\Wdfres.dll
2012-12-13 11:34:58785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
2012-12-13 11:34:5854376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
2012-12-13 11:34:582560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-12-13 11:28:0716363960----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-12-13 11:17:1787040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
2012-12-13 11:17:17198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
2012-12-13 11:17:0984992----a-w-C:\Windows\System32\WUDFSvc.dll
2012-12-13 11:17:09194048----a-w-C:\Windows\System32\WUDFPlatform.dll
2012-12-13 11:17:07744448----a-w-C:\Windows\System32\WUDFx.dll
2012-12-13 11:17:0745056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
2012-12-13 11:17:07229888----a-w-C:\Windows\System32\WUDFHost.exe
2012-12-13 11:15:16340992----a-w-C:\Windows\System32\schannel.dll
2012-12-13 11:15:16247808----a-w-C:\Windows\SysWow64\schannel.dll
2012-12-13 11:15:1596768----a-w-C:\Windows\SysWow64\sspicli.dll
2012-12-13 11:15:15458712----a-w-C:\Windows\System32\drivers\cng.sys
2012-12-13 11:15:15307200----a-w-C:\Windows\System32\ncrypt.dll
2012-12-13 11:15:15220160----a-w-C:\Windows\SysWow64\ncrypt.dll
2012-12-13 11:15:1522016----a-w-C:\Windows\SysWow64\secur32.dll
2012-12-13 11:15:15154480----a-w-C:\Windows\System32\drivers\ksecpkg.sys
2012-12-13 11:15:151448448----a-w-C:\Windows\System32\lsasrv.dll
2012-12-13 10:59:3755296----a-w-C:\Windows\System32\dhcpcsvc6.dll
2012-12-13 10:59:3744032----a-w-C:\Windows\SysWow64\dhcpcsvc6.dll
2012-12-13 10:59:37226816----a-w-C:\Windows\System32\dhcpcore6.dll
2012-12-13 10:59:37193536----a-w-C:\Windows\SysWow64\dhcpcore6.dll
2012-12-13 10:59:202048----a-w-C:\Windows\SysWow64\tzres.dll
2012-12-13 10:59:202048----a-w-C:\Windows\System32\tzres.dll
2012-12-13 10:57:592048----a-w-C:\Windows\SysWow64\user.exe
2012-12-13 10:57:33478208----a-w-C:\Windows\System32\dpnet.dll
2012-12-13 10:57:33376832----a-w-C:\Windows\SysWow64\dpnet.dll
2012-12-13 10:57:0695744----a-w-C:\Windows\System32\synceng.dll
2012-12-13 10:57:0678336----a-w-C:\Windows\SysWow64\synceng.dll
.
==================== Find3M ====================
.
2012-12-13 12:28:2473656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 12:28:24697272----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-22 03:26:403149824----a-w-C:\Windows\System32\win32k.sys
2012-11-14 06:11:442312704----a-w-C:\Windows\System32\jscript9.dll
2012-11-14 06:04:111392128----a-w-C:\Windows\System32\wininet.dll
2012-11-14 06:02:491494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46599040----a-w-C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:402382848----a-w-C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:221800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:151427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:371129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27420864----a-w-C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:422382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-11-05 21:35:1646080----a-w-C:\Windows\System32\atmlib.dll
2012-11-05 20:41:32367616----a-w-C:\Windows\System32\atmfd.dll
2012-11-05 20:32:16295424----a-w-C:\Windows\SysWow64\atmfd.dll
2012-11-05 20:32:0934304----a-w-C:\Windows\SysWow64\atmlib.dll
2012-10-25 08:12:2694208----a-w-C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12:2669632----a-w-C:\Windows\SysWow64\QuickTime.qts
2012-10-16 19:58:4895208----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-16 19:58:47821736----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2012-10-16 19:58:47746984----a-w-C:\Windows\SysWow64\deployJava1.dll
2012-10-16 08:38:37135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52561664----a-w-C:\Windows\apppatch\AcLayers.dll
2012-10-11 01:22:542428776----a-w-C:\Windows\SysWow64\nvapi.dll
2012-10-11 01:22:5226331496----a-w-C:\Windows\System32\nvoglv64.dll
2012-10-11 01:22:521760104----a-w-C:\Windows\System32\nvdispco64.dll
2012-10-11 01:22:3215309160----a-w-C:\Windows\SysWow64\nvd3dum.dll
2012-10-11 01:22:262747240----a-w-C:\Windows\System32\nvcuvid.dll
2012-10-11 01:22:2419906920----a-w-C:\Windows\SysWow64\nvoglv32.dll
2012-10-11 01:22:1813443944----a-w-C:\Windows\System32\drivers\nvlddmkm.sys
2012-10-11 01:22:1417559912----a-w-C:\Windows\SysWow64\nvcompiler.dll
2012-10-04 17:46:16362496----a-w-C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15243200----a-w-C:\Windows\System32\wow64.dll
2012-10-04 17:46:1513312----a-w-C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55215040----a-w-C:\Windows\System32\winsrv.dll
2012-10-04 17:43:2816384----a-w-C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16424960----a-w-C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:415120----a-w-C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41274944----a-w-C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55338432----a-w-C:\Windows\System32\conhost.exe
2012-10-04 14:46:467680----a-w-C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:4625600----a-w-C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:4414336----a-w-C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:41:506144---ha-w-C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:504608---ha-w-C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:503584---ha-w-C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:503072---ha-w-C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:541914248----a-w-C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:2170656----a-w-C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21303104----a-w-C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17246272----a-w-C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:1718944----a-w-C:\Windows\System32\netevent.dll
2012-10-03 17:44:16216576----a-w-C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16569344----a-w-C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:2418944----a-w-C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24175104----a-w-C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23156672----a-w-C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:2645568----a-w-C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 19:51:153536817----a-w-C:\Windows\System32\nvcoproc.bin
2012-10-02 19:51:113293544----a-w-C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:046200680----a-w-C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57891240----a-w-C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:5763336----a-w-C:\Windows\System32\nvshext.dll
2012-10-02 19:50:572557800----a-w-C:\Windows\System32\nvsvcr.dll
2012-10-02 19:50:57118120----a-w-C:\Windows\System32\nvmctray.dll
2012-10-02 17:15:52430952----a-w-C:\Windows\SysWow64\nvStreaming.exe
2012-09-30 00:54:2625928----a-w-C:\Windows\System32\drivers\mbam.sys
2011-01-11 05:03:58446464----a-w-C:\Program Files\TFC.exe
.
============= FINISH: 7:39:45.94 ===============
Click to expand...
DDS (Ver_2012-11-20.01) said:
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/23/2010 2:55:20 AM
System Uptime: 12/15/2012 7:08:52 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5E
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | LGA775 | 2394/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 128.125 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 98.061 GiB free.
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: 802.11g PCI Wireless Network Adapter
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&1542FBD&0&08F0
Manufacturer: Ralink Technology, Inc.
Name: 802.11g PCI Wireless Network Adapter
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&1542FBD&0&08F0
Service: RT2500
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&23F9C1E3&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&23F9C1E3&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP397: 10/24/2012 9:59:35 PM - Scheduled Checkpoint
RP398: 11/11/2012 11:31:30 PM - Scheduled Checkpoint
RP399: 12/13/2012 6:15:27 AM - Windows Update
RP400: 12/13/2012 6:58:37 AM - Removed Facebook Video Calling 1.2.0.287
RP401: 12/13/2012 7:01:50 AM - Removed MySQL Workbench 5.2 CE
RP402: 12/13/2012 7:07:41 AM - Removed Python 3.1.2 (64-bit)
RP403: 12/13/2012 7:11:16 AM - Removed Windows Media Player Firefox Plugin
RP404: 12/13/2012 7:14:51 AM - Removed TomTom HOME Visual Studio Merge Modules
.
==== Installed Programs ======================
.
µTorrent
7-Zip 4.65 (x64 edition)
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
AIM for Windows
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Batman Arkham City 1.0
Bing Desktop
Bonjour
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC 8
Canon Utilities MyCamera
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cisco Systems VPN Client 5.0.07.0440
Creative ALchemy
Creative Audio Control Panel
Creative Console Launcher
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative WaveStudio 7
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DisplayFusion 3.3.0
Dragon Age: Origins
EVEREST Ultimate Edition v5.00
Git version 1.7.8-preview20111206
GNU Aspell 0.50-3
GNU CLISP 2.49
GnuWin32: File-5.03
Google Chrome
Google Desktop
Google Drive
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
HashCheck Shell Extension (x86-32)
HashCheck Shell Extension (x86-64)
iCloud
IDrive version 3.4.1 January 03, 2012
iTunes
Java 7 Update 9
Java Auto Updater
Java(TM) SE Development Kit 7
Junk Mail filter update
K-Lite Codec Pack 4.0.0 (Full)
KatMouse (remove only)
Logitech Gaming Software 5.10
Logitech Webcam Software
Logitech Webcam Software Driver Package
Machinarium
Mafia II
Malwarebytes Anti-Malware version 1.65.1.1000
Media Player Classic - Home Cinema v1.5.1.2903 x64
Mendeley Desktop 1.6
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Personal Folders Backup
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
MiKTeX 2.8
mIRC
MobileMe Control Panel
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird (3.1.16)
MSVCRT
MSVCRT_amd64
Music Manager
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 301.42
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Drivers
NVIDIA Graphics Driver 306.97
NVIDIA HD Audio Driver 1.3.16.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA System Monitor
NVIDIA Update 1.10.8
NVIDIA Update Components
OpenAL
OpenVPN Client
Plex Media Server
PowerISO
PuTTY version 0.60
QuickTime
Ralink Wireless LAN
Rockstar Games Social Club
Safari
Samorost 2
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 5.10
Spotify
StarCraft II
Steam
Symantec Endpoint Protection
The Weather Channel App
TomTom HOME 2.8.2.2264
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
TortoiseHg 2.0.2 (x64)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
VLC media player 2.0.3
VMware vSphere Client 5.0
VMware Workstation
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinMerge 2.12.4
WinSCP 4.2.9
Xming 6.9.0.31
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
12/15/2012 7:14:53 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/15/2012 7:14:53 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
12/15/2012 7:11:51 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/15/2012 7:11:08 AM, Error: Service Control Manager [7034] - The IDriveE Service service terminated unexpectedly. It has done this 1 time(s).
12/13/2012 6:52:27 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
12/13/2012 5:54:23 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
12/13/2012 5:53:23 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/13/2012 5:52:44 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================
Click to expand...
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
RogueKiller V8.4.0 {Dec 15 2012} by Tigzy said:
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tag [Admin rights]
Mode : Scan -- Date : 12/15/2012 13:22:57

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] GoogleCrashHandler.exe -- C:\Users\Tag\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe -> KILLED [TermProc]
[SUSP PATH] GoogleCrashHandler64.exe -- C:\Users\Tag\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Users\Tag\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-419851143-2205390515-4003747433-1001[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-419851143-2205390515-4003747433-1001[...]\Run : MusicManager ("C:\Users\Tag\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> FOUND
[TASK][SUSP PATH] {A6EDFE42-3BA0-44FA-AB1B-4CFE74597BF3} : C:\Users\Tag\Desktop\zb651vistaupd-en.exe -> FOUND
[TASK][SUSP PATH] {B60BCE38-B296-429A-B67A-DBD4ED0F3623} : C:\Users\Tag\Desktop\qc1110_x64.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320620A ATA Device +++++
--- User ---
[MBR] 060c6e01b83bb354098a86e8ba3858a7
[BSP] dad08327d2fb06a279acc2e21d074ac4 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3500320AS ATA Device +++++
--- User ---
[MBR] 33b162198574c2472f2c825ec6045e6d
[BSP] 586337390ade6386e064bcd37aea510c : Linux MBR Code
Partition table:
0 - [XXXXXX] LINUX (0x83) [VISIBLE] Offset (sectors): 2048 | Size: 460556 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 943222782 | Size: 16381 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST3500320AS ATA Device +++++
--- User ---
[MBR] 9382ae338243c7e117481440824b19f6
[BSP] 40e04cc6e68acd44b3d5e17a32f22d72 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12152012_02d1322.txt >>
RKreport[1]_S_12152012_02d1322.txt
Click to expand...


RogueKiller V8.4.0 {Dec 15 2012} by Tigzy said:
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tag [Admin rights]
Mode : Remove -- Date : 12/15/2012 13:24:29

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] GoogleCrashHandler.exe -- C:\Users\Tag\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe -> KILLED [TermProc]
[SUSP PATH] GoogleCrashHandler64.exe -- C:\Users\Tag\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Users\Tag\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> DELETED
[TASK][SUSP PATH] {A6EDFE42-3BA0-44FA-AB1B-4CFE74597BF3} : C:\Users\Tag\Desktop\zb651vistaupd-en.exe -> DELETED
[TASK][SUSP PATH] {B60BCE38-B296-429A-B67A-DBD4ED0F3623} : C:\Users\Tag\Desktop\qc1110_x64.exe -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320620A ATA Device +++++
--- User ---
[MBR] 060c6e01b83bb354098a86e8ba3858a7
[BSP] dad08327d2fb06a279acc2e21d074ac4 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3500320AS ATA Device +++++
--- User ---
[MBR] 33b162198574c2472f2c825ec6045e6d
[BSP] 586337390ade6386e064bcd37aea510c : Linux MBR Code
Partition table:
0 - [XXXXXX] LINUX (0x83) [VISIBLE] Offset (sectors): 2048 | Size: 460556 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 943222782 | Size: 16381 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST3500320AS ATA Device +++++
--- User ---
[MBR] 9382ae338243c7e117481440824b19f6
[BSP] 40e04cc6e68acd44b3d5e17a32f22d72 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12152012_02d1324.txt >>
RKreport[1]_S_12152012_02d1322.txt ; RKreport[2]_D_12152012_02d1324.txt
Click to expand...


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software said:
Run date: 2012-12-15 13:25:20
-----------------------------
13:25:20.767 OS Version: Windows x64 6.1.7601 Service Pack 1
13:25:20.768 Number of processors: 4 586 0xF0B
13:25:20.769 ComputerName: TAG-PC UserName: Tag
13:25:23.306 Initialize success
13:26:05.554 AVAST engine defs: 12121501
13:26:19.464 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:26:19.467 Disk 0 Vendor: ST3320620A 3.AAC Size: 305245MB BusType: 3
13:26:19.470 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
13:26:19.473 Disk 1 Vendor: ST3500320AS SD1A Size: 476940MB BusType: 3
13:26:19.477 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-5
13:26:19.480 Disk 2 Vendor: ST3500320AS SD15 Size: 476940MB BusType: 3
13:26:19.495 Disk 0 MBR read successfully
13:26:19.497 Disk 0 MBR scan
13:26:19.502 Disk 0 Windows 7 default MBR code
13:26:19.507 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:26:19.519 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
13:26:19.543 Disk 0 scanning C:\Windows\system32\drivers
13:26:36.422 Service scanning
13:27:09.403 Modules scanning
13:27:09.415 Disk 0 trace - called modules:
13:27:09.427 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:27:09.433 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008114060]
13:27:09.438 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa8006fa8e40]
13:27:09.442 5 ACPI.sys[fffff88000ee97a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007e37060]
13:27:10.856 AVAST engine scan C:\Windows
13:27:13.235 AVAST engine scan C:\Windows\system32
13:32:01.358 AVAST engine scan C:\Windows\system32\drivers
13:32:29.134 AVAST engine scan C:\Users\Tag
14:26:28.896 AVAST engine scan C:\ProgramData
14:35:26.798 Scan finished successfully
14:36:10.854 Disk 0 MBR has been saved successfully to "C:\Users\Tag\Desktop\MBR.dat"
14:36:10.861 The log file has been saved successfully to "C:\Users\Tag\Desktop\aswMBR.txt"
Click to expand...
 
Good :)

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

===============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Notes:
  • It was necessary to perform a system restore in order to restore network connectivity.
  • Before restoring, I received a Symantec Endpoint Protection Failure error: "Failure in loading SyLink.dll or one of its dependent dlls. Exiting Symantec Endpoint Protection".
  • Before restoring, I was unable to turn on the Windows Firewall.
  • After restoring, on startup, the windows for The Weather Channel app and an Adobe Flash update notification seemed to be re-positioning themselves left and right by a few pixels without my interaction.
  • I have redacted 368 filenames from the list of "Other Deletions" in the log below, all from c:\users\Tag\AppData\Local\Microsoft\Windows\Temporary Internet Files\.
  • After restoring, the first time I tried to run AIM, it requested permission to make changes on my computer. I denied it. The second time, it did not ask.
ComboFix 12-12-14.01 - Tag 12/15/2012 15:06:27.3.4 - x64 said:
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.4812 [GMT -5:00]
Running from: c:\users\Tag\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tag\AppData\Local\assembly\tmp
c:\users\Tag\AppData\Local\Microsoft\Windows\Temporary Internet Files\...
...
[redacted]
...
c:\users\Tag\AppData\Local\Microsoft\Windows\Temporary Internet Files\...
c:\users\Tag\AppData\Local\Temp\_MEI42162\_ctypes.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\_elementtree.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\_hashlib.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\_socket.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\_ssl.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\pyexpat.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\pysqlite2._sqlite.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\python26.dll
c:\users\Tag\AppData\Local\Temp\_MEI42162\pythoncom26.dll
c:\users\Tag\AppData\Local\Temp\_MEI42162\PyWinTypes26.dll
c:\users\Tag\AppData\Local\Temp\_MEI42162\select.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\unicodedata.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\win32api.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\win32com.shell.shell.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\win32crypt.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\win32event.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\win32file.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\win32inet.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\win32pdh.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\win32process.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\win32profile.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\win32security.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\win32ts.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\windows._cacheinvalidation.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\wx._controls_.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\wx._core_.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\wx._gdi_.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\wx._html2.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\wx._misc_.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\wx._windows_.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\wx._wizard.pyd
c:\users\Tag\AppData\Local\Temp\_MEI42162\wxbase293u_net_vc.dll
c:\users\Tag\AppData\Local\Temp\_MEI42162\wxbase293u_vc.dll
c:\users\Tag\AppData\Local\Temp\_MEI42162\wxmsw293u_adv_vc.dll
c:\users\Tag\AppData\Local\Temp\_MEI42162\wxmsw293u_core_vc.dll
c:\users\Tag\AppData\Local\Temp\_MEI42162\wxmsw293u_html_vc.dll
c:\users\Tag\AppData\Local\Temp\_MEI42162\wxmsw293u_webview_vc.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-11-15 to 2012-12-15 )))))))))))))))))))))))))))))))
.
.
2012-12-15 20:18 . 2012-12-15 20:18--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
2012-12-15 20:18 . 2012-12-15 20:18--------d-----w-c:\users\UpdatusUser.Tag-PC\AppData\Local\temp
2012-12-15 20:18 . 2012-12-15 20:18--------d-----w-c:\users\Public\AppData\Local\temp
2012-12-15 20:18 . 2012-12-15 20:18--------d-----w-c:\users\Default\AppData\Local\temp
2012-12-15 20:18 . 2012-12-15 20:18--------d-----w-c:\users\Guest\AppData\Local\temp
2012-12-15 12:24 . 2012-12-15 12:24--------d-----w-c:\program files\iPod
2012-12-15 12:24 . 2012-12-15 12:25--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-15 12:24 . 2012-12-15 12:25--------d-----w-c:\program files\iTunes
2012-12-15 12:24 . 2012-12-15 12:25--------d-----w-c:\program files (x86)\iTunes
2012-12-13 12:25 . 2012-12-15 13:02--------d-----w-c:\users\Tag\AppData\Local\Spotify
2012-12-13 11:45 . 2012-12-13 11:45--------d-----w-c:\windows\Migration
2012-12-13 11:45 . 2012-12-13 11:45--------d-----w-c:\windows\SysWow64\Wat
2012-12-13 11:45 . 2012-12-13 11:45--------d-----w-c:\windows\system32\Wat
2012-12-13 11:40 . 2012-08-21 14:2046080----a-w-c:\windows\SysWow64\ncobjapi.dll
2012-12-13 11:40 . 2012-08-21 13:4958368----a-w-c:\windows\system32\ncobjapi.dll
2012-12-13 11:40 . 2012-08-21 13:1274240----a-w-c:\windows\system32\wbem\NCProv.dll
2012-12-13 11:34 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 11:34 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 11:34 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-12-13 11:34 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
2012-12-13 11:28 . 2012-12-13 12:2816363960----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-12-13 11:17 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 11:17 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 11:17 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
2012-12-13 11:17 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
2012-12-13 11:17 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
2012-12-13 11:17 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
2012-12-13 11:17 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
2012-12-13 11:15 . 2012-08-24 18:05340992----a-w-c:\windows\system32\schannel.dll
2012-12-13 11:15 . 2012-08-24 16:57247808----a-w-c:\windows\SysWow64\schannel.dll
2012-12-13 11:15 . 2012-08-24 18:13154480----a-w-c:\windows\system32\drivers\ksecpkg.sys
2012-12-13 11:15 . 2012-08-24 18:09458712----a-w-c:\windows\system32\drivers\cng.sys
2012-12-13 11:15 . 2012-08-24 18:04307200----a-w-c:\windows\system32\ncrypt.dll
2012-12-13 11:15 . 2012-08-24 18:031448448----a-w-c:\windows\system32\lsasrv.dll
2012-12-13 11:15 . 2012-08-24 16:5722016----a-w-c:\windows\SysWow64\secur32.dll
2012-12-13 11:15 . 2012-08-24 16:57220160----a-w-c:\windows\SysWow64\ncrypt.dll
2012-12-13 11:15 . 2012-08-24 16:5396768----a-w-c:\windows\SysWow64\sspicli.dll
2012-12-13 10:59 . 2012-10-09 18:1755296----a-w-c:\windows\system32\dhcpcsvc6.dll
2012-12-13 10:59 . 2012-10-09 18:17226816----a-w-c:\windows\system32\dhcpcore6.dll
2012-12-13 10:59 . 2012-10-09 17:4044032----a-w-c:\windows\SysWow64\dhcpcsvc6.dll
2012-12-13 10:59 . 2012-10-09 17:40193536----a-w-c:\windows\SysWow64\dhcpcore6.dll
2012-12-13 10:59 . 2012-11-09 05:452048----a-w-c:\windows\system32\tzres.dll
2012-12-13 10:59 . 2012-11-09 04:422048----a-w-c:\windows\SysWow64\tzres.dll
2012-12-13 10:57 . 2012-10-04 14:462048----a-w-c:\windows\SysWow64\user.exe
2012-12-13 10:57 . 2012-11-02 05:59478208----a-w-c:\windows\system32\dpnet.dll
2012-12-13 10:57 . 2012-11-02 05:11376832----a-w-c:\windows\SysWow64\dpnet.dll
2012-12-13 10:57 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
2012-12-13 10:57 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 12:28 . 2012-04-01 21:26697272----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 12:28 . 2011-05-21 06:0073656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-28 20:58 . 2010-05-23 07:2667413224----a-w-c:\windows\system32\MRT.exe
2012-10-25 08:12 . 2012-10-25 08:1294208----a-w-c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:1269632----a-w-c:\windows\SysWow64\QuickTime.qts
2012-10-16 19:58 . 2012-10-16 19:5895208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-16 19:58 . 2012-10-16 19:59821736----a-w-c:\windows\SysWow64\npDeployJava1.dll
2012-10-16 19:58 . 2010-05-27 10:08746984----a-w-c:\windows\SysWow64\deployJava1.dll
2012-10-16 08:38 . 2012-12-13 10:56135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-13 10:56350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-13 10:56561664----a-w-c:\windows\apppatch\AcLayers.dll
2012-10-11 01:23 . 2012-10-11 01:23247144----a-w-c:\windows\system32\nvinitx.dll
2012-10-11 01:23 . 2012-10-11 01:231867112----a-w-c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 01:23 . 2012-10-11 01:2318252136----a-w-c:\windows\system32\nvd3dumx.dll
2012-10-11 01:23 . 2012-10-11 01:231482600----a-w-c:\windows\system32\nvdispgenco64.dll
2012-10-11 01:23 . 2012-10-11 01:236127464----a-w-c:\windows\SysWow64\nvopencl.dll
2012-10-11 01:23 . 2012-10-11 01:232574696----a-w-c:\windows\SysWow64\nvcuvid.dll
2012-10-11 01:23 . 2012-10-11 01:2325256296----a-w-c:\windows\system32\nvcompiler.dll
2012-10-11 01:23 . 2012-10-11 01:23831848----a-w-c:\windows\SysWow64\nvumdshim.dll
2012-10-11 01:23 . 2012-10-11 01:23202600----a-w-c:\windows\SysWow64\nvinit.dll
2012-10-11 01:23 . 2012-10-11 01:237414632----a-w-c:\windows\system32\nvopencl.dll
2012-10-11 01:23 . 2011-01-05 02:242731880----a-w-c:\windows\system32\nvapi64.dll
2012-10-11 01:23 . 2012-10-11 01:23973672----a-w-c:\windows\system32\nvumdshimx.dll
2012-10-11 01:23 . 2011-01-05 02:2414922600----a-w-c:\windows\system32\nvwgf2umx.dll
2012-10-11 01:23 . 2012-10-11 01:239146728----a-w-c:\windows\system32\nvcuda.dll
2012-10-11 01:23 . 2012-10-11 01:237697768----a-w-c:\windows\SysWow64\nvcuda.dll
2012-10-11 01:23 . 2012-10-11 01:232218344----a-w-c:\windows\system32\nvcuvenc.dll
2012-10-11 01:23 . 2012-10-11 01:2312501352----a-w-c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 01:22 . 2012-10-11 01:222428776----a-w-c:\windows\SysWow64\nvapi.dll
2012-10-11 01:22 . 2012-10-11 01:2226331496----a-w-c:\windows\system32\nvoglv64.dll
2012-10-11 01:22 . 2011-09-18 06:331760104----a-w-c:\windows\system32\nvdispco64.dll
2012-10-11 01:22 . 2011-09-18 06:3315309160----a-w-c:\windows\SysWow64\nvd3dum.dll
2012-10-11 01:22 . 2012-10-11 01:222747240----a-w-c:\windows\system32\nvcuvid.dll
2012-10-11 01:22 . 2012-10-11 01:2219906920----a-w-c:\windows\SysWow64\nvoglv32.dll
2012-10-11 01:22 . 2012-10-11 01:2213443944----a-w-c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 01:22 . 2012-10-11 01:2217559912----a-w-c:\windows\SysWow64\nvcompiler.dll
2012-10-04 16:40 . 2012-12-13 10:5844032----a-w-c:\windows\apppatch\acwow64.dll
2012-10-02 19:51 . 2012-03-10 14:133536817----a-w-c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2011-04-08 03:193293544----a-w-c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-04-08 03:196200680----a-w-c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-07-22 23:002557800----a-w-c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2011-04-08 03:19118120----a-w-c:\windows\system32\nvmctray.dll
2012-10-02 19:50 . 2011-04-08 03:19891240----a-w-c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2010-10-16 18:1363336----a-w-c:\windows\system32\nvshext.dll
2012-10-02 17:15 . 2012-10-02 17:15430952----a-w-c:\windows\SysWow64\nvStreaming.exe
2012-09-30 00:54 . 2011-01-09 03:5125928----a-w-c:\windows\system32\drivers\mbam.sys
2011-01-11 05:03 . 2011-01-11 05:04446464----a-w-c:\program files\TFC.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-12-13 13105848]
"IDriveE Startup"="c:\idrive\IDrvieEStartup.exe" [2011-06-24 185800]
"Spotify Web Helper"="c:\users\Tag\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-12-13 1199576]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]
"Facebook Update"="c:\users\Tag\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-15 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-10 30192]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-08-15 104088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\Tag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
KatMouse.lnk - c:\program files (x86)\KatMouse\KatMouse.exe [2007-5-30 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~2\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IDriveE Service;IDriveE Service;c:\idrive\IDriveE Service.exe [2011-11-21 157128]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-06 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-06 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 94808]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-10 30192]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-02 15360]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS [2011-10-30 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS [2011-10-30 931448]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 85104]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 70256]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20121130.011\BHDrvx64.sys [2012-10-26 1384608]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS [2011-10-30 171128]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS [2011-10-30 386168]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 190488]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-08-12 24064]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [2011-10-30 137224]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-08-01 917656]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-08-15 15680000]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 94808]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-19 138912]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2007-05-11 1361952]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-04-30 30232]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-05-11 50208]
S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2007-05-11 3612704]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2010-08-03 30720]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 12:28]
.
2012-12-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-419851143-2205390515-4003747433-1001Core.job
- c:\users\Tag\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-15 13:31]
.
2012-12-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-419851143-2205390515-4003747433-1001UA.job
- c:\users\Tag\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-15 13:31]
.
2012-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-17 05:10]
.
2012-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-17 05:10]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419851143-2205390515-4003747433-1001Core.job
- c:\users\Tag\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 06:58]
.
2012-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419851143-2205390515-4003747433-1001UA.job
- c:\users\Tag\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 06:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 22:5076040----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 22:5076040----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 22:5076040----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 22:5076040----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 22:5076040----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 22:5076040----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 22:5076040----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 22:5076040----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 22:5076040----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 21:58755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 21:58755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 21:58755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 21:58755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TortoiseHgOverlayIconServer"="c:\program files\TortoiseHg\TortoiseHgOverlayServer.exe" [2011-03-10 52688]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://news.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{47A7885D-3642-4EE9-A4CC-C3D722C39785}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Tag\AppData\Roaming\Mozilla\Firefox\Profiles\12dfyxlk.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-WeatherMate - c:\program files (x86)\WeatherMate\WeatherMate.exe
Notify-SEP - c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll
BHO-{3706EE7C-3CAD-445D-8A43-03EBC3B75908} - c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
AddRemove-{3BA50C09-CC50-469E-A183-01F5EA1AA532} - c:\programdata\{D20EC2FE-F8FA-400A-9FC4-C912462D1666}\WeatherBugSetup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-419851143-2205390515-4003747433-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*2*6*4*_*N*L*U*P*P*QZf\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-419851143-2205390515-4003747433-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A8F62770-6BE0-1832-F360-9D8FEDD0641E}*]
"iajbgmdebogmopiafp"=hex:6a,61,65,6a,64,65,66,62,65,64,64,6d,62,70,65,66,6a,68,
61,68,00,e8
"hahoidcaidmdmnnh"=hex:69,61,6f,69,6e,64,6d,70,68,6a,69,62,6d,68,63,6c,61,62,
00,00
.
[HKEY_USERS\S-1-5-21-419851143-2205390515-4003747433-1001\Software\SecuROM\License information*]
"datasecu"=hex:cb,a2,d0,69,e5,4a,5a,ab,30,97,e4,5f,02,0b,39,1c,41,4f,40,48,a5,
b0,0d,d2,ff,26,e5,d9,a0,67,c6,ac,e4,56,4f,9d,71,a3,1c,28,29,68,3e,58,75,37,\
"rkeysecu"=hex:ed,72,96,fe,7b,52,95,67,4f,ea,d0,ed,5a,39,db,24
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\RALINK\Common\RalinkRegistryWriter.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
.
**************************************************************************
.
Completion time: 2012-12-15 15:29:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-15 20:29
.
Pre-Run: 146,572,443,648 bytes free
Post-Run: 148,060,192,768 bytes free
.
- - End Of File - - 356CF80A7E256CCF1A8EAA630886B497
Click to expand...
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
RegNull::
[HKEY_USERS\S-1-5-21-419851143-2205390515-4003747433-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A8F62770-6BE0-1832-F360-9D8FEDD0641E}*]

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
After one reboot, all applications gave me the following error: "Illegal operation attempted on a registry key that has been marked for deletion.", and I was unable to re-enable Symantec Endpoint Protection. After a second reboot, these issues were resolved.

I assume that my machine is infected since you are having me do so many iterations of scans? I just realized you said "Good" in your second post. Why do you say that?


ComboFix 12-12-14.01 - Tag 12/15/2012 17:01:54.3.4 - x64 said:
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.5648 [GMT -5:00]
Running from: c:\users\Tag\Desktop\ComboFix.exe
Command switches used :: c:\users\Tag\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tag\AppData\Local\Microsoft\Windows\Temporary Internet Files\58852.user.js
c:\users\Tag\AppData\Local\Microsoft\Windows\Temporary Internet Files\ComboFix.exe
c:\users\Tag\AppData\Local\Microsoft\Windows\Temporary Internet Files\tortoisehg-2.0.2-hg-1.8.1-x64.msi
c:\users\Tag\AppData\Local\Temp\_MEI41082\_ctypes.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\_elementtree.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\_hashlib.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\_socket.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\_ssl.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\pyexpat.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\pysqlite2._sqlite.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\python26.dll
c:\users\Tag\AppData\Local\Temp\_MEI41082\pythoncom26.dll
c:\users\Tag\AppData\Local\Temp\_MEI41082\PyWinTypes26.dll
c:\users\Tag\AppData\Local\Temp\_MEI41082\select.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\unicodedata.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\win32api.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\win32com.shell.shell.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\win32crypt.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\win32event.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\win32file.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\win32inet.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\win32pdh.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\win32process.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\win32profile.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\win32security.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\win32ts.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\windows._cacheinvalidation.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\wx._controls_.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\wx._core_.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\wx._gdi_.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\wx._html2.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\wx._misc_.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\wx._windows_.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\wx._wizard.pyd
c:\users\Tag\AppData\Local\Temp\_MEI41082\wxbase293u_net_vc.dll
c:\users\Tag\AppData\Local\Temp\_MEI41082\wxbase293u_vc.dll
c:\users\Tag\AppData\Local\Temp\_MEI41082\wxmsw293u_adv_vc.dll
c:\users\Tag\AppData\Local\Temp\_MEI41082\wxmsw293u_core_vc.dll
c:\users\Tag\AppData\Local\Temp\_MEI41082\wxmsw293u_html_vc.dll
c:\users\Tag\AppData\Local\Temp\_MEI41082\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-15 to 2012-12-15 )))))))))))))))))))))))))))))))
.
.
2012-12-15 22:11 . 2012-12-15 22:11--------d-----w-c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-12-15 22:11 . 2012-12-15 22:11--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
2012-12-15 22:11 . 2012-12-15 22:11--------d-----w-c:\users\UpdatusUser.Tag-PC\AppData\Local\temp
2012-12-15 22:11 . 2012-12-15 22:11--------d-----w-c:\users\Public\AppData\Local\temp
2012-12-15 22:11 . 2012-12-15 22:11--------d-----w-c:\users\Guest\AppData\Local\temp
2012-12-15 22:11 . 2012-12-15 22:11--------d-----w-c:\users\Default\AppData\Local\temp
2012-12-15 12:24 . 2012-12-15 12:24--------d-----w-c:\program files\iPod
2012-12-15 12:24 . 2012-12-15 12:25--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-15 12:24 . 2012-12-15 12:25--------d-----w-c:\program files\iTunes
2012-12-15 12:24 . 2012-12-15 12:25--------d-----w-c:\program files (x86)\iTunes
2012-12-13 12:25 . 2012-12-15 21:36--------d-----w-c:\users\Tag\AppData\Local\Spotify
2012-12-13 11:45 . 2012-12-13 11:45--------d-----w-c:\windows\Migration
2012-12-13 11:45 . 2012-12-13 11:45--------d-----w-c:\windows\SysWow64\Wat
2012-12-13 11:45 . 2012-12-13 11:45--------d-----w-c:\windows\system32\Wat
2012-12-13 11:40 . 2012-08-21 14:2046080----a-w-c:\windows\SysWow64\ncobjapi.dll
2012-12-13 11:40 . 2012-08-21 13:4958368----a-w-c:\windows\system32\ncobjapi.dll
2012-12-13 11:40 . 2012-08-21 13:1274240----a-w-c:\windows\system32\wbem\NCProv.dll
2012-12-13 11:34 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 11:34 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 11:34 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-12-13 11:34 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
2012-12-13 11:28 . 2012-12-13 12:2816363960----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-12-13 11:17 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 11:17 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 11:17 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
2012-12-13 11:17 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
2012-12-13 11:17 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
2012-12-13 11:17 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
2012-12-13 11:17 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
2012-12-13 11:15 . 2012-08-24 18:05340992----a-w-c:\windows\system32\schannel.dll
2012-12-13 11:15 . 2012-08-24 16:57247808----a-w-c:\windows\SysWow64\schannel.dll
2012-12-13 11:15 . 2012-08-24 18:13154480----a-w-c:\windows\system32\drivers\ksecpkg.sys
2012-12-13 11:15 . 2012-08-24 18:09458712----a-w-c:\windows\system32\drivers\cng.sys
2012-12-13 11:15 . 2012-08-24 18:04307200----a-w-c:\windows\system32\ncrypt.dll
2012-12-13 11:15 . 2012-08-24 18:031448448----a-w-c:\windows\system32\lsasrv.dll
2012-12-13 11:15 . 2012-08-24 16:5722016----a-w-c:\windows\SysWow64\secur32.dll
2012-12-13 11:15 . 2012-08-24 16:57220160----a-w-c:\windows\SysWow64\ncrypt.dll
2012-12-13 11:15 . 2012-08-24 16:5396768----a-w-c:\windows\SysWow64\sspicli.dll
2012-12-13 10:59 . 2012-10-09 18:1755296----a-w-c:\windows\system32\dhcpcsvc6.dll
2012-12-13 10:59 . 2012-10-09 18:17226816----a-w-c:\windows\system32\dhcpcore6.dll
2012-12-13 10:59 . 2012-10-09 17:4044032----a-w-c:\windows\SysWow64\dhcpcsvc6.dll
2012-12-13 10:59 . 2012-10-09 17:40193536----a-w-c:\windows\SysWow64\dhcpcore6.dll
2012-12-13 10:59 . 2012-11-09 05:452048----a-w-c:\windows\system32\tzres.dll
2012-12-13 10:59 . 2012-11-09 04:422048----a-w-c:\windows\SysWow64\tzres.dll
2012-12-13 10:57 . 2012-10-04 14:462048----a-w-c:\windows\SysWow64\user.exe
2012-12-13 10:57 . 2012-11-02 05:59478208----a-w-c:\windows\system32\dpnet.dll
2012-12-13 10:57 . 2012-11-02 05:11376832----a-w-c:\windows\SysWow64\dpnet.dll
2012-12-13 10:57 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
2012-12-13 10:57 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-15 21:14 . 2012-04-01 21:26697272----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-15 21:14 . 2011-05-21 06:0073656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-28 20:58 . 2010-05-23 07:2667413224----a-w-c:\windows\system32\MRT.exe
2012-10-25 08:12 . 2012-10-25 08:1294208----a-w-c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:1269632----a-w-c:\windows\SysWow64\QuickTime.qts
2012-10-16 19:58 . 2012-10-16 19:5895208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-16 19:58 . 2012-10-16 19:59821736----a-w-c:\windows\SysWow64\npDeployJava1.dll
2012-10-16 19:58 . 2010-05-27 10:08746984----a-w-c:\windows\SysWow64\deployJava1.dll
2012-10-16 08:38 . 2012-12-13 10:56135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-13 10:56350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-13 10:56561664----a-w-c:\windows\apppatch\AcLayers.dll
2012-10-11 01:23 . 2012-10-11 01:23247144----a-w-c:\windows\system32\nvinitx.dll
2012-10-11 01:23 . 2012-10-11 01:231867112----a-w-c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 01:23 . 2012-10-11 01:2318252136----a-w-c:\windows\system32\nvd3dumx.dll
2012-10-11 01:23 . 2012-10-11 01:231482600----a-w-c:\windows\system32\nvdispgenco64.dll
2012-10-11 01:23 . 2012-10-11 01:236127464----a-w-c:\windows\SysWow64\nvopencl.dll
2012-10-11 01:23 . 2012-10-11 01:232574696----a-w-c:\windows\SysWow64\nvcuvid.dll
2012-10-11 01:23 . 2012-10-11 01:2325256296----a-w-c:\windows\system32\nvcompiler.dll
2012-10-11 01:23 . 2012-10-11 01:23831848----a-w-c:\windows\SysWow64\nvumdshim.dll
2012-10-11 01:23 . 2012-10-11 01:23202600----a-w-c:\windows\SysWow64\nvinit.dll
2012-10-11 01:23 . 2012-10-11 01:237414632----a-w-c:\windows\system32\nvopencl.dll
2012-10-11 01:23 . 2011-01-05 02:242731880----a-w-c:\windows\system32\nvapi64.dll
2012-10-11 01:23 . 2012-10-11 01:23973672----a-w-c:\windows\system32\nvumdshimx.dll
2012-10-11 01:23 . 2011-01-05 02:2414922600----a-w-c:\windows\system32\nvwgf2umx.dll
2012-10-11 01:23 . 2012-10-11 01:239146728----a-w-c:\windows\system32\nvcuda.dll
2012-10-11 01:23 . 2012-10-11 01:237697768----a-w-c:\windows\SysWow64\nvcuda.dll
2012-10-11 01:23 . 2012-10-11 01:232218344----a-w-c:\windows\system32\nvcuvenc.dll
2012-10-11 01:23 . 2012-10-11 01:2312501352----a-w-c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 01:22 . 2012-10-11 01:222428776----a-w-c:\windows\SysWow64\nvapi.dll
2012-10-11 01:22 . 2012-10-11 01:2226331496----a-w-c:\windows\system32\nvoglv64.dll
2012-10-11 01:22 . 2011-09-18 06:331760104----a-w-c:\windows\system32\nvdispco64.dll
2012-10-11 01:22 . 2011-09-18 06:3315309160----a-w-c:\windows\SysWow64\nvd3dum.dll
2012-10-11 01:22 . 2012-10-11 01:222747240----a-w-c:\windows\system32\nvcuvid.dll
2012-10-11 01:22 . 2012-10-11 01:2219906920----a-w-c:\windows\SysWow64\nvoglv32.dll
2012-10-11 01:22 . 2012-10-11 01:2213443944----a-w-c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 01:22 . 2012-10-11 01:2217559912----a-w-c:\windows\SysWow64\nvcompiler.dll
2012-10-04 16:40 . 2012-12-13 10:5844032----a-w-c:\windows\apppatch\acwow64.dll
2012-10-02 19:51 . 2012-03-10 14:133536817----a-w-c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2011-04-08 03:193293544----a-w-c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-04-08 03:196200680----a-w-c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-07-22 23:002557800----a-w-c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2011-04-08 03:19118120----a-w-c:\windows\system32\nvmctray.dll
2012-10-02 19:50 . 2011-04-08 03:19891240----a-w-c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2010-10-16 18:1363336----a-w-c:\windows\system32\nvshext.dll
2012-10-02 17:15 . 2012-10-02 17:15430952----a-w-c:\windows\SysWow64\nvStreaming.exe
2012-09-30 00:54 . 2011-01-09 03:5125928----a-w-c:\windows\system32\drivers\mbam.sys
2011-01-11 05:03 . 2011-01-11 05:04446464----a-w-c:\program files\TFC.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-12-13 13105848]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [BU]
"IDriveE Startup"="c:\idrive\IDrvieEStartup.exe" [2011-06-24 185800]
"Spotify Web Helper"="c:\users\Tag\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-12-13 1199576]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]
"Facebook Update"="c:\users\Tag\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-15 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-10 30192]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
"WeatherMate"="c:\program files (x86)\WeatherMate\WeatherMate.exe" [BU]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-08-15 104088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\Tag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
KatMouse.lnk - c:\program files (x86)\KatMouse\KatMouse.exe [2007-5-30 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~2\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IDriveE Service;IDriveE Service;c:\idrive\IDriveE Service.exe [2011-11-21 157128]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 190488]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-06 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-06 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 94808]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-10 30192]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-02 15360]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS [2011-10-30 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS [2011-10-30 931448]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 85104]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 70256]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20121130.011\BHDrvx64.sys [2012-10-26 1384608]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS [2011-10-30 171128]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS [2011-10-30 386168]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-08-12 24064]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [2011-10-30 137224]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-08-01 917656]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-08-15 15680000]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 94808]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-19 138912]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2007-05-11 1361952]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-04-30 30232]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-05-11 50208]
S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2007-05-11 3612704]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2010-08-03 30720]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 21:14]
.
2012-12-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-419851143-2205390515-4003747433-1001Core.job
- c:\users\Tag\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-15 13:31]
.
2012-12-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-419851143-2205390515-4003747433-1001UA.job
- c:\users\Tag\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-15 13:31]
.
2012-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-17 05:10]
.
2012-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-17 05:10]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419851143-2205390515-4003747433-1001Core.job
- c:\users\Tag\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 06:58]
.
2012-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419851143-2205390515-4003747433-1001UA.job
- c:\users\Tag\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 06:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 22:5076040----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 22:5076040----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 22:5076040----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 22:5076040----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 22:5076040----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 22:5076040----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 22:5076040----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 22:5076040----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 22:5076040----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 21:58755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 21:58755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 21:58755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 21:58755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TortoiseHgOverlayIconServer"="c:\program files\TortoiseHg\TortoiseHgOverlayServer.exe" [2011-03-10 52688]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://news.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{47A7885D-3642-4EE9-A4CC-C3D722C39785}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Tag\AppData\Roaming\Mozilla\Firefox\Profiles\12dfyxlk.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SEP - c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll
AddRemove-{3BA50C09-CC50-469E-A183-01F5EA1AA532} - c:\programdata\{D20EC2FE-F8FA-400A-9FC4-C912462D1666}\WeatherBugSetup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-419851143-2205390515-4003747433-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*2*6*4*_*N*L*U*P*P*QZf\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-419851143-2205390515-4003747433-1001\Software\SecuROM\License information*]
"datasecu"=hex:cb,a2,d0,69,e5,4a,5a,ab,30,97,e4,5f,02,0b,39,1c,41,4f,40,48,a5,
b0,0d,d2,ff,26,e5,d9,a0,67,c6,ac,e4,56,4f,9d,71,a3,1c,28,29,68,3e,58,75,37,\
"rkeysecu"=hex:ed,72,96,fe,7b,52,95,67,4f,ea,d0,ed,5a,39,db,24
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\RALINK\Common\RalinkRegistryWriter.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Completion time: 2012-12-15 17:21:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-15 22:21
ComboFix2.txt 2012-12-15 20:29
.
Pre-Run: 146,150,203,392 bytes free
Post-Run: 147,627,986,944 bytes free
.
- - End Of File - - 0A92F6F5881F6E860282A2A3D4136290
Click to expand...
 
Looks good.

How is computer doing?

=====================

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Broni said:
Looks good.
Click to expand...
Great!

Broni said:
How is computer doing?
Click to expand...
The computer seems fine. However, it seemed fine before the first scan. That's why I was asking whether you can tell definitively that my machine was infected. Was it?


AdwCleaner v2.100 said:
# Logfile created 12/15/2012 at 17:57:57
# Updated 09/12/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Tag - TAG-PC
# Boot Mode : Normal
# Running from : C:\Users\Tag\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\Tag\AppData\Roaming\Mozilla\Firefox\Profiles\12dfyxlk.default\prefs.js

C:\Users\Tag\AppData\Roaming\Mozilla\Firefox\Profiles\12dfyxlk.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1178 octets] - [15/12/2012 17:57:57]

########## EOF - C:\AdwCleaner[S1].txt - [1238 octets] ##########
Click to expand...


OTL said:
logfile created on: 12/15/2012 6:07:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tag\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.97 Gb Available Physical Memory | 74.69% Memory free
16.00 Gb Paging File | 13.95 Gb Available in Paging File | 87.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 137.39 Gb Free Space | 46.10% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 115.69 Gb Free Space | 24.84% Space Free | Partition Type: NTFS

Computer Name: TAG-PC | User Name: Tag | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/15 17:53:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tag\Desktop\OTL.exe
PRC - [2012/10/02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/28 13:34:27 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/08/21 09:58:22 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2012/08/15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012/08/15 14:18:06 | 000,104,088 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2012/08/15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012/08/15 13:36:34 | 015,680,000 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
PRC - [2012/08/15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/30 13:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2011/10/30 18:23:56 | 000,137,224 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
PRC - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/03/04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/08/12 16:45:00 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
PRC - [2009/04/30 15:01:12 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/04/23 11:59:44 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe
PRC - [2007/05/30 07:14:22 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\KatMouse\KatMouse.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/12/30 11:23:28 | 000,214,528 | ---- | M] () -- C:\Program Files (x86)\KatMouse\KatMouseH.dll
MOD - [2007/06/22 09:48:58 | 000,044,032 | ---- | M] () -- C:\Program Files (x86)\KatMouse\KatMouseS.dll
MOD - [2007/05/30 07:14:22 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\KatMouse\KatMouse.exe


========== Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld -- (MySQL)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/04/30 15:01:00 | 000,190,488 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2012/12/15 16:14:44 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/15 11:55:11 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/17 22:03:05 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 20:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/08/15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012/08/15 13:36:34 | 015,680,000 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012/08/15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/08/01 16:10:32 | 000,917,656 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/30 13:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2011/11/21 16:40:46 | 000,157,128 | ---- | M] (Pro Softnet Corporation) [Auto | Stopped] -- C:\IDrive\IDriveE Service.exe -- (IDriveE Service)
SRV - [2011/10/30 18:24:00 | 002,594,816 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe -- (SmcService)
SRV - [2011/10/30 18:24:00 | 000,324,016 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe -- (SNAC)
SRV - [2011/10/30 18:23:56 | 000,137,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/03/04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/11/06 10:16:02 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/11/06 10:07:35 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/08/12 16:45:00 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/26 05:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/04/23 11:59:44 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 18:29:36 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/15 14:18:16 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012/08/15 14:18:08 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012/08/15 14:16:52 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012/08/15 14:16:50 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012/08/01 16:10:36 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/07/06 11:29:52 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012/07/06 11:29:52 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012/04/18 12:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/04 18:01:54 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/10/30 18:24:02 | 000,931,448 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/10/30 18:24:02 | 000,678,008 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/10/30 18:24:02 | 000,451,192 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\SymDS64.sys -- (SymDS)
DRV:64bit: - [2011/10/30 18:24:02 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\symnets.sys -- (SYMNETS)
DRV:64bit: - [2011/10/30 18:24:02 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/10/30 18:24:02 | 000,039,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/08/14 07:41:34 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 11:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/11/20 08:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/02 17:49:44 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2010/08/03 15:25:30 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2010/05/05 20:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/05/05 20:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/05/05 20:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/05/05 20:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/05/05 20:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/05/05 20:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/05/05 20:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/05/05 20:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/05/05 20:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/05/05 20:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/05/05 20:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/05/05 20:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/05/05 20:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/04/27 15:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 15:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 13:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 13:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/02/08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/11/23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/09/28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/15 13:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/30 14:59:48 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/04/30 14:59:48 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/03/15 05:32:56 | 000,085,424 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2008/11/16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007/05/11 16:31:02 | 003,612,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2007/05/11 16:30:50 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/05/11 16:29:08 | 001,361,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2007/03/07 13:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pnetmdm64.sys -- (pnetmdm)
DRV:64bit: - [2006/06/02 14:39:08 | 000,215,552 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RT2500.sys -- (RT2500)
DRV:64bit: - [2005/03/29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012/10/25 20:24:31 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20121130.011\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/10/19 17:03:00 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20121215.006\ex64.sys -- (NAVEX15)
DRV - [2012/10/19 17:03:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/10/19 17:03:00 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20121215.006\eng64.sys -- (NAVENG)
DRV - [2012/08/23 18:38:42 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-419851143-2205390515-4003747433-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-419851143-2205390515-4003747433-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
IE - HKU\S-1-5-21-419851143-2205390515-4003747433-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-419851143-2205390515-4003747433-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA AD 7C 37 45 FA CA 01 [binary data]
IE - HKU\S-1-5-21-419851143-2205390515-4003747433-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-419851143-2205390515-4003747433-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-419851143-2205390515-4003747433-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-419851143-2205390515-4003747433-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-419851143-2205390515-4003747433-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-419851143-2205390515-4003747433-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-419851143-2205390515-4003747433-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=2.5.0.00000: C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Tag\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Tag\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tag\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tag\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Tag\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/13 05:50:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/13 05:51:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/12/13 05:50:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2012/07/25 03:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tag\AppData\Roaming\Mozilla\Extensions
[2011/01/19 21:29:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tag\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/28 16:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tag\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/07/25 03:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tag\AppData\Roaming\Mozilla\Extensions\net.openvpn.client
[2012/05/03 06:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tag\AppData\Roaming\Mozilla\Firefox\Profiles\12dfyxlk.default\extensions
[2012/05/13 00:51:19 | 000,001,018 | ---- | M] () -- C:\Users\Tag\AppData\Roaming\Mozilla\Firefox\Profiles\12dfyxlk.default\searchplugins\facebook.xml
[2012/09/07 08:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/17 22:03:05 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/17 22:03:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/17 22:03:04 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
Click to expand...
 
OTL (continued) said:
========== Chrome ==========

CHR - homepage: http://news.yahoo.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://news.yahoo.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Tag\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tag\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tag\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\plugin/screen_capture.dll
CHR - plugin: Chrome Toolbox Plugin (Enabled) = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.31_0\plugin/convenience.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Tag\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Tag\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Disabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Tag\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: HelloFax - Free Online Faxing & Signing = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm\1.1_0\
CHR - Extension: Google Search = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Screen Capture (by Google) = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.5_0\
CHR - Extension: Email this page (by Google) = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai\1.2.5_0\
CHR - Extension: Gmelius - Ad Remover and Better UI for Gmail\u2122 = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheionainndbbpoacpnopgmnihkcmnkl\5.6.3_0\
CHR - Extension: Google Tasks (by Google) = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.0_0\
CHR - Extension: Google Calendar = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Pandora = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
CHR - Extension: Chrome Toolbox (by Google) = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.32_0\
CHR - Extension: Tabs to the front! = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla\0.2.4\
CHR - Extension: bitly | \u2665 your bitmarks = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\2.0.54_0\
CHR - Extension: Google Play Music = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\4.0_0\
CHR - Extension: OpenOffice Document Reader = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpcfmmdlhndnfpagbmhbbfehenapoich\3_0\
CHR - Extension: Google Voice (by Google) = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.8_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Google Calendar Checker (by Google) = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek\1.2.2_0\
CHR - Extension: Gmail = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Tweet this page = C:\Users\Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppilhaolhbpfembaoedfdbkegfedfgip\2.11_0\

O1 HOSTS File: ([2012/12/15 17:14:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [TortoiseHgOverlayIconServer] C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [vmware-tray.exe] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [WeatherMate] "C:\Program Files (x86)\WeatherMate\WeatherMate.exe" File not found
O4 - HKU\S-1-5-21-419851143-2205390515-4003747433-1001..\Run: [DW7] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
O4 - HKU\S-1-5-21-419851143-2205390515-4003747433-1001..\Run: [Facebook Update] C:\Users\Tag\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-419851143-2205390515-4003747433-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-419851143-2205390515-4003747433-1001..\Run: [IDriveE Startup] C:\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
O4 - HKU\S-1-5-21-419851143-2205390515-4003747433-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-419851143-2205390515-4003747433-1001..\Run: [Spotify Web Helper] C:\Users\Tag\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Tag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KatMouse.lnk = C:\Program Files (x86)\KatMouse\KatMouse.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-419851143-2205390515-4003747433-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-419851143-2205390515-4003747433-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-419851143-2205390515-4003747433-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47A7885D-3642-4EE9-A4CC-C3D722C39785}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47A7885D-3642-4EE9-A4CC-C3D722C39785}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9559A8C-9B2C-486D-B085-2343BD3ECA44}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/15 17:53:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tag\Desktop\OTL.exe
[2012/12/15 17:14:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/12/15 17:00:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/15 17:00:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/15 17:00:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/15 15:02:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/15 14:53:16 | 005,010,912 | R--- | C] (Swearware) -- C:\Users\Tag\Desktop\ComboFix.exe
[2012/12/15 14:52:13 | 000,000,000 | ---D | C] -- C:\Users\Tag\Desktop\Cleaning
[2012/12/15 12:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF
[2012/12/15 08:32:48 | 000,000,000 | ---D | C] -- C:\Users\Tag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/12/15 07:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/15 07:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/15 07:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/15 07:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/15 07:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/13 07:25:17 | 000,000,000 | ---D | C] -- C:\Users\Tag\AppData\Local\Spotify
[2012/12/13 07:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/13 06:45:28 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2012/12/13 06:45:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/12/13 06:45:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/12/13 05:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/01/11 00:04:00 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Program Files\TFC.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/15 18:07:40 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/15 18:07:40 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/15 18:05:15 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/15 18:00:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/15 18:00:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/12/15 17:59:53 | 2146,787,327 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/15 17:58:51 | 000,061,520 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000002-00001102-00000005-00211102}.rfx
[2012/12/15 17:58:51 | 000,061,520 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000002-00001102-00000005-00211102}.rfx
[2012/12/15 17:58:51 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000002-00001102-00000005-00211102}.rfx
[2012/12/15 17:53:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tag\Desktop\OTL.exe
[2012/12/15 17:39:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/15 17:37:06 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-419851143-2205390515-4003747433-1001UA.job
[2012/12/15 17:28:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/15 17:20:09 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-419851143-2205390515-4003747433-1001UA.job
[2012/12/15 17:14:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/15 14:53:17 | 005,010,912 | R--- | M] (Swearware) -- C:\Users\Tag\Desktop\ComboFix.exe
[2012/12/15 12:04:31 | 000,000,326 | ---- | M] () -- C:\Windows\primopdf.ini
[2012/12/15 08:37:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-419851143-2205390515-4003747433-1001Core.job
[2012/12/15 07:19:33 | 000,787,606 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/15 07:19:33 | 000,667,534 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/15 07:19:33 | 000,123,918 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/15 07:10:56 | 000,000,424 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/12/15 07:10:00 | 000,440,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/13 06:42:52 | 000,007,605 | ---- | M] () -- C:\Users\Tag\AppData\Local\Resmon.ResmonCfg
[2012/12/13 06:00:54 | 000,002,348 | ---- | M] () -- C:\Users\Tag\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/15 17:00:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/15 17:00:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/15 17:00:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/15 17:00:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/15 17:00:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/15 08:32:13 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-419851143-2205390515-4003747433-1001UA.job
[2012/12/15 08:32:12 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-419851143-2205390515-4003747433-1001Core.job
[2012/12/13 07:25:12 | 000,001,743 | ---- | C] () -- C:\Users\Tag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/12/13 06:39:56 | 000,204,105 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2012/12/13 06:39:55 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2012/12/13 06:39:50 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2012/12/13 06:39:48 | 000,004,148 | ---- | C] () -- C:\Windows\SysNative\psmodulediscoveryprovider.mof
[2012/12/13 06:39:44 | 000,204,105 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2012/12/13 06:35:01 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/13 06:17:06 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/07/21 23:08:29 | 000,007,605 | ---- | C] () -- C:\Users\Tag\AppData\Local\Resmon.ResmonCfg
[2012/04/10 17:30:49 | 000,026,032 | ---- | C] () -- C:\Windows\SysWow64\IDriveEXceedCryReg.exe
[2011/12/13 02:58:08 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2011/12/13 02:57:49 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/12/13 02:57:44 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/13 02:57:44 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/12/13 02:57:43 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011/12/13 02:57:42 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/07 23:21:20 | 000,000,049 | ---- | C] () -- C:\Users\Tag\.gitconfig
[2011/08/13 22:34:57 | 000,002,187 | ---- | C] () -- C:\Users\Tag\.kdiff3rc
[2011/08/10 21:37:41 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2011/05/19 01:35:31 | 000,000,000 | ---- | C] () -- C:\Windows\YAHELITE_cookie.INI
[2011/05/19 01:34:54 | 000,002,149 | ---- | C] () -- C:\Windows\YAHELITE.INI
[2011/04/21 05:27:43 | 000,000,043 | ---- | C] () -- C:\Users\Tag\mercurial.ini
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/20 08:16:23 | 000,000,600 | ---- | C] () -- C:\Users\Tag\AppData\Local\PUTTY.RND
[2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/12/18 08:36:47 | 000,000,600 | ---- | C] () -- C:\Users\Tag\AppData\Roaming\winscp.rnd
[2010/07/20 05:02:57 | 000,000,424 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/06/01 06:24:46 | 000,000,428 | RHS- | C] () -- C:\Users\Tag\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 08:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 08:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 08:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/11/21 19:30:01 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\.minecraft
[2012/08/07 11:09:46 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\.purple
[2011/06/11 13:38:30 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\Amazon
[2011/05/29 21:02:57 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\avidemux
[2010/06/11 06:19:24 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\com.cldesktop.A457892AC9E286AFF16B1328DABF224A4C50065F.1
[2012/01/14 18:20:24 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\DisplayFusion
[2011/10/25 17:46:04 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\Entrust
[2011/10/03 06:00:50 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\FrostWire
[2010/07/04 20:13:51 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\GetRightToGo
[2010/10/09 12:23:25 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\gtk-2.0
[2010/06/26 21:08:47 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\HandBrake
[2011/05/12 07:16:37 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\Hive Cluster
[2010/11/10 22:18:42 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\midori
[2012/04/15 19:49:51 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\MySQL
[2012/12/15 16:08:18 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\Notepad++
[2011/12/03 15:31:25 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\Nuiti
[2012/04/16 01:36:08 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\ooVoo Details
[2012/07/25 03:02:42 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\OpenVPN Technologies
[2012/09/10 13:03:46 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\Opera
[2010/10/09 12:21:47 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\Participatory Culture Foundation
[2010/10/19 21:59:07 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\PCF-VLC
[2012/12/15 12:07:59 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\PrimoPDF
[2012/12/15 16:56:31 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\Spotify
[2011/05/30 09:18:11 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\ThinkVD
[2011/01/19 21:29:22 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\Thunderbird
[2010/11/28 16:22:48 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\TomTom
[2011/05/14 06:23:11 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\Trusteer
[2012/07/30 16:55:35 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >
Click to expand...
 
OTL Extras said:
logfile created on: 12/15/2012 6:07:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tag\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.97 Gb Available Physical Memory | 74.69% Memory free
16.00 Gb Paging File | 13.95 Gb Available in Paging File | 87.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 137.39 Gb Free Space | 46.10% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 115.69 Gb Free Space | 24.84% Space Free | Partition Type: NTFS

Computer Name: TAG-PC | User Name: Tag | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C20592E-BA79-4B51-89C8-1CF0561A958B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0FFEF151-9551-49DD-B5BD-DE7E524A737D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1CB31C16-E0A4-4EC6-A84A-30CBC2E6C393}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2586DF43-55D0-4273-962A-2DA66D7A3A72}" = lport=10243 | protocol=6 | dir=in | app=system |
"{25C55F67-FD06-48C9-A31C-5105F050017D}" = lport=445 | protocol=6 | dir=in | app=system |
"{3254F717-FBEE-4F3D-9245-148872C57DFE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34E03B6E-845A-4B11-8092-FF2744FB8412}" = rport=139 | protocol=6 | dir=out | app=system |
"{38B39E95-3518-40B0-BBE4-C8155682B767}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{39DB3E74-6873-45DE-8107-C19D9D443DD5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50AD04A6-FF3A-4A26-B6C9-B7C24A34B7C9}" = rport=138 | protocol=17 | dir=out | app=system |
"{56B6F821-8BE5-485D-842C-CFBCB4E02E62}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6CF739CD-C15B-4750-AE8F-BA00EC8F969A}" = lport=139 | protocol=6 | dir=in | app=system |
"{7704F3E0-CCE4-4D74-B6E2-3A5CA73ABCDB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C3DE980-E2ED-4EDA-AB92-694C97B37412}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{95287C13-77DA-4CF5-A5EE-E2F7940681E3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9B23A5E1-1BF9-4335-9C46-7E681628536D}" = lport=137 | protocol=17 | dir=in | app=system |
"{A30EA875-F83E-4AFA-860B-0BD177D8969D}" = rport=137 | protocol=17 | dir=out | app=system |
"{AC1D1C7D-CB60-4870-8787-BA09E5DA101C}" = rport=445 | protocol=6 | dir=out | app=system |
"{B358AB80-E94D-4A0A-AC0A-166F47740E96}" = lport=138 | protocol=17 | dir=in | app=system |
"{B5A6944D-56F9-4ABE-98A9-B9729808CB0F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C1681850-6848-40FD-A72D-5D5559AF30CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C1E9F8F5-CD70-45DE-B200-3355FF5CC935}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C2DA9CA7-ACD5-4BEC-89AF-5F431F156742}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D4F74A44-D722-4D47-A4A3-9DF8BFC06DB5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC53BFA7-90DB-479B-9332-39027B7D4049}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FE4DBEA4-4773-4621-9D48-EA7FADA485B9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BA5729-6ED9-4FFE-BC17-51C1CB9A70CC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{02F608C6-A192-4ECD-AB39-CBEBC36BC1CB}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{04C4F1B4-3208-45F2-9627-17FA6B9BA5F7}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{052EF364-2CE9-4D7C-B9B4-B1A72475914B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{066F1B7D-720C-4DE1-B2F1-11A65D5ABD30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{0859958E-74A9-457A-8F90-CE6C98B9DD36}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexscripthost.exe |
"{08E44C8B-3AF8-4332-8811-ED66B9744A06}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1413DB29-865A-4D2A-896C-408A545A9849}" = protocol=6 | dir=in | app=c:\idrive\idriveeclassic.exe |
"{17101824-70F0-42B8-A76A-6338022796BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B406EC9-33C7-472F-BE5E-D3FDA2B18EC6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\samorost 2\samorost2.exe |
"{1C68085A-6371-420A-91E5-4677B884BFCC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{213CE9D7-D8F5-4C53-A11B-30BDED8C135B}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{245A8CF6-F165-450D-992F-F4944C056EF5}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{258CE13E-D51E-40BB-9C07-304C177EB496}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{25E74634-5C88-436A-A73A-CA49CB7D67C4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2BE68846-A4E7-41C9-BF74-5011BF75E3DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\machinarium\machinarium.exe |
"{2C539E12-00EE-49D3-9B0C-00F273B01802}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{2D7532BD-D4CD-4420-8A69-7AB039B1FB1F}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{30EF7CBD-6322-4768-BE87-5AD2A94A89AF}" = protocol=17 | dir=in | app=c:\users\tag\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{31370BF1-DC80-43E4-BDE3-9CBDF6D369B6}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{3A6625F4-7B06-48F6-A518-F66D40DD4AAB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3BB84395-0CCA-4F99-AD87-D4809A4A5A44}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3CFBE934-91E3-4CAE-AC2A-A567603EDE87}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"{3F3B746A-A4A1-4750-8052-B19DD0662EDA}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{41FEC37C-814B-405B-8D58-B1C20D4824FE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{4AD87E9B-E57C-4A65-9977-3C2A05845F48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{4CCD6374-C530-4652-AB77-D1C37FE20FCE}" = protocol=17 | dir=in | app=c:\program files\tortoisehg\thgw.exe |
"{4D26E884-2C30-4AA0-8D22-F5E260A63537}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{5063E29F-2249-4BE3-A510-633DBB66768A}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"{51CF08BB-FF26-48F1-9CC3-624D0D9AEA14}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.1000.157.105\bin64\smc.exe |
"{52EE1550-393F-48ED-9061-655FAC7F3E52}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{53C0FE23-DE3B-4A65-9EF4-F16E548995E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54EEDAA8-5610-4A22-B7EF-110DCF6ACADF}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{597A9DEB-0EC3-495D-B17B-1A5CF9A01E7B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{59A30AEF-1343-4DA1-89C6-7C22818A984B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5ABEA216-CEB9-499F-B289-28CBB017B3DA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{625CE8BA-28CE-4B2E-9992-AF24BDAAF935}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{62D7154C-49D8-4E0A-AD41-B2CC48A4C3C4}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{65306B80-C6B5-4E43-AF94-61528688F8A2}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{6A392DE5-9117-4BEB-8FB5-F5E409A34B55}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{6F97AEFD-FE41-42C6-BE96-C3190469F5B0}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{709FFA11-D841-4FFA-B0B6-7C7E9D92AE5B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{72293F1D-EA5A-42EA-BA0A-3B97721FC834}" = protocol=6 | dir=out | app=system |
"{736003C9-9154-4826-AC5C-8789BCA43486}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{75BD5900-14D2-4828-A9AF-BC0B6DFC48DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{7A613661-FCAF-4C73-BF07-348E7608EB23}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7C900D25-1146-4319-8CF5-1F77268C2972}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{7D7AF8E9-B13A-45B0-93D4-7B53F1B4444E}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{80D444C3-074A-4A43-A525-65927A009546}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{81133C80-9F03-49DF-8898-F8401AD63914}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8164B7C1-0967-478C-A773-C4D3F8CF0515}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{828AC3B3-4BDF-4FC6-9BA5-4F2B8997C957}" = protocol=6 | dir=in | app=c:\idrive\idriveetray.exe |
"{833D51F8-CD07-48F4-A634-45115FE6FCEE}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{84176A98-D1E8-401D-8D2A-B44045A75B27}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{86697605-1B61-435A-B081-EFA5205F5DA1}" = protocol=6 | dir=in | app=c:\users\tag\desktop\starcraft_2_na_en-us.exe |
"{86FAB4F4-4A86-42AE-9631-F65A0A92F016}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{89179E94-EBFD-40E2-B19D-F6C147053E21}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8AA3EA4E-E185-430F-A674-A89D7C684C25}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{8AEA7C0F-8EAC-45C9-BC40-94BE0CFE54A5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8C1D6C7B-8891-436F-BBA5-853FD0C0E632}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{8EE45007-457F-4EA4-A269-DDBE5A9CC054}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{938F1A05-0C78-4938-87F6-D05A2162A953}" = protocol=6 | dir=in | app=c:\users\tag\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{93F4EB04-42F3-4F3C-9E2C-505CD786D7C4}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |
"{94A28D97-89B7-4A0A-9957-980760E99084}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{95805ADA-6F18-4CAA-B809-2BF98BCF91AF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9AFC44B4-E5D4-4818-8185-863312482155}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\machinarium\machinarium.exe |
"{9D23B5C8-FD2B-4405-967F-6F9087B1EB59}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{A03629A4-FEA5-42CF-AB85-F74407832B99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1492B62-B052-48FB-8CFA-D7F4E02E7434}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"{A19FB3EB-6359-45C3-B7ED-5E0E28E53C8F}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |
"{A7D63D8A-BA84-4A61-B26D-4AE05B678668}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{B03EFAE7-C2E3-47D0-A5BE-9817391B7F3E}" = protocol=6 | dir=in | app=c:\program files\tortoisehg\thgw.exe |
"{B175B383-0D6B-49AE-A45E-3897578822B2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B492ABED-07F9-4290-86CF-7F4E707B1544}" = protocol=17 | dir=in | app=c:\idrive\idriveetray.exe |
"{B8CE6F70-77CC-4E52-9CAB-EEE41408CF1C}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{BCE6F37D-51E1-4C66-86D8-98A845128329}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.1000.157.105\bin64\snac64.exe |
"{BCEBBA0B-A7BE-4D66-9E84-38F7FF684A59}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{BEED9351-3E13-4A4C-BF36-32BD840AF8DA}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{C34A6CF5-8B3E-4B7D-9D7D-ECE2D5694718}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.1000.157.105\bin64\smc.exe |
"{C433228A-9489-41F0-A0FE-4645A788C331}" = protocol=17 | dir=in | app=c:\idrive\idriveeclassic.exe |
"{C5FA6FE0-C40F-4FCE-BFF8-1889A781479C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{C669F95B-E4B2-4C07-9230-15F465767478}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C8BBD53B-3C13-4C00-85CD-D72A96831A89}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA285C8A-A1BE-491A-96D3-A58A78CF7832}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CE9DF1AB-9AE6-4DF9-BCF4-A5CE943A0221}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{CF49BD5B-C4C4-429A-9DBD-0AAC46024EC5}" = protocol=17 | dir=in | app=c:\users\tag\desktop\starcraft_2_na_en-us.exe |
"{D1629768-812B-4AC8-8533-440102392805}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D3A9E37A-F3A6-4385-B9FB-A2228D274F7C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D41D8349-3879-41A0-85C0-2E829173F462}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{D70DABAC-CE8A-4FBB-883C-578F8F07BD54}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{DAFC07AB-6C2B-473B-BB51-3FB75C31B4F7}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{DB07A694-8D1D-419C-9549-8CC9BBFA420F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DB714903-638C-40B3-956B-FB30B097F30A}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.1000.157.105\bin64\snac64.exe |
"{DE77DF94-BE06-43CA-A830-79B75BFEE6F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\samorost 2\samorost2.exe |
"{DF007974-D733-42F8-959B-26F1A08BFDB6}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{E106961C-7DAE-4680-8B38-A0CAC28E221D}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{E62A0330-1777-49F1-9659-B7EFD0FEA223}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E7EB6BED-2A70-4EA4-9789-D39EB54E0719}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E98926C8-60AD-40C7-8679-E0ECE9D199C2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F02F7F16-7DDC-43D7-B776-52149A092A78}" = dir=in | app=c:\program files (x86)\plex\plex media server\plex media server.exe |
"{FCAB7D29-0A2D-4022-9E33-14583FA66C4B}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"{FF87EE8F-3360-421E-83D4-C9CF0F34EDC1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{0302A8AC-F4BD-4BFA-B3D1-2065D64F0B21}C:\program files (x86)\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{079BB69D-FF65-4B7E-9336-E6B03EFC821F}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{0C0DAA13-BB98-42FC-9963-D8D99CFAC2A0}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{0C45C16B-330B-4344-BBB4-4119F1F37584}C:\users\tag\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\tag\appdata\roaming\spotify\spotify.exe |
"TCP Query User{118C8649-1503-47AC-9B67-D0DFA3805C56}C:\program files\tortoisehg\thgw.exe" = protocol=6 | dir=in | app=c:\program files\tortoisehg\thgw.exe |
"TCP Query User{13ECAD93-C4C0-4386-A7BC-3BE80A6C3902}C:\program files (x86)\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"TCP Query User{20F59732-B7A6-4475-8652-D933E3A7C761}C:\users\tag\appdata\roaming\macromedia\flash player\" = protocol=6 | dir=in | app=c:\users\tag\appdata\roaming\macromedia\flash player\ |
"TCP Query User{26F550C3-041E-4EC0-8C5F-6733ABD4828B}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{28434E66-985B-411C-B2AF-76888F7C1C4A}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{39629A59-226B-4C95-8A00-722985212BE7}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{45704BA8-9809-47DD-B44E-F056AE394ED0}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"TCP Query User{4F04EBC0-46A0-4EB2-8459-2E4EED8E1EE6}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{539617A8-E974-4F61-8B3D-15DBC539D92B}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe |
"TCP Query User{646FE5B9-81EC-492F-906D-F49549240FFA}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{69E1FCE9-B936-44C0-96E3-6486031A7548}C:\program files (x86)\boxee\boxee.exe" = protocol=6 | dir=in | app=c:\program files (x86)\boxee\boxee.exe |
"TCP Query User{6D94E8D4-AE3D-4984-B70D-C1838848CFE0}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"TCP Query User{6E4F5C4C-BCC5-4162-B418-1584FADE20AD}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{7427AA5D-46E8-4BE7-9CDD-F3C6E018B29E}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{771799F8-2F07-4E1B-B512-713718308403}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"TCP Query User{785D38CA-7205-4AF9-9E12-26DA8EE6FFD4}C:\program files (x86)\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe |
"TCP Query User{7C294153-28DF-4EB7-9D3C-1FF7F5D661BE}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{83178517-1E10-4704-9528-54184B5B867A}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{838ECE91-1F2F-4D7D-B5D8-ECEBA37F69BE}C:\program files (x86)\yahoo messenger\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo messenger\messenger\yahoomessenger.exe |
"TCP Query User{85B44698-8BD6-4F2D-8891-04977236E311}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"TCP Query User{882A52B0-986C-4DF4-83B7-7A7FCC228171}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{943E370D-F5A9-48E8-AEF1-2AAAFD28BED2}C:\program files (x86)\xming\xming.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xming\xming.exe |
"TCP Query User{963D5569-CEAF-428E-8E87-E3CCBED7DEC8}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{97220135-3C4E-4989-9C00-4D550ED74CEF}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{B1007FFD-E1E3-4EE3-8657-7D33FB476C92}C:\program files (x86)\xming\xming.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xming\xming.exe |
"TCP Query User{B1DDF115-CECD-4EF2-844D-8F9A9C436A1C}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{BCFD308B-A3FB-4AA4-92C4-F9D5A892C296}C:\program files (x86)\yahoo messenger\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo messenger\messenger\yahoomessenger.exe |
"TCP Query User{C8EA82E7-AF89-4579-BACC-68992C71BAB5}C:\ruby192\bin\ruby.exe" = protocol=6 | dir=in | app=c:\ruby192\bin\ruby.exe |
"TCP Query User{C915E115-D83D-4CCE-B7B7-A59475DE6653}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{D3E66A94-E36E-42B1-B478-C07D06CFD41F}C:\program files (x86)\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"TCP Query User{D90D4FD9-F594-4D38-B2B9-44F31A93A571}C:\users\tag\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\tag\appdata\roaming\spotify\spotify.exe |
"TCP Query User{D9593FEC-18FD-4EA0-8CA2-D4405016C7D5}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{E69E4231-D2E5-4F65-BD91-13CFC1F9D9CA}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{E74718B0-0D1D-4A64-8322-7AC95BCB7514}C:\program files (x86)\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\quicktime\quicktimeplayer.exe |
"TCP Query User{EB0EB42F-38FF-4E4C-9401-94115DFCBC5B}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{EE053E24-3D4B-4FFF-94B5-F60639CABF9E}C:\program files (x86)\r.g. catalyst\batman arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=c:\program files (x86)\r.g. catalyst\batman arkham city\binaries\win32\batmanac.exe |
"TCP Query User{F2CD4233-8C39-4475-AF22-B62029A4F56D}C:\users\tag\desktop\starcraft_2_na_en-us.exe" = protocol=6 | dir=in | app=c:\users\tag\desktop\starcraft_2_na_en-us.exe |
"UDP Query User{00CF1CD7-1BBC-4B7F-BEDC-83C8EB1797C4}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"UDP Query User{01360496-513A-4112-90E9-762ECE607C82}C:\program files (x86)\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\quicktime\quicktimeplayer.exe |
"UDP Query User{01D8FBEE-065E-4EB2-8B6E-09AAF6EC31A7}C:\users\tag\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\tag\appdata\roaming\spotify\spotify.exe |
"UDP Query User{02C03F8D-DF06-43F6-A29E-2DA23FC0C216}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{0B6992FF-7159-4223-BCC0-D557E0D83280}C:\program files (x86)\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"UDP Query User{1C341EB0-AFC4-40C6-84F9-CBD7B544B39B}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{236F1160-40CA-45CA-A530-FBADB1D31918}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{26576F77-05FF-4AA7-8BF2-E9033B76C1CE}C:\program files (x86)\yahoo messenger\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo messenger\messenger\yahoomessenger.exe |
"UDP Query User{2B3A8386-AD7C-4691-9669-50BDCF0ADC75}C:\program files\tortoisehg\thgw.exe" = protocol=17 | dir=in | app=c:\program files\tortoisehg\thgw.exe |
"UDP Query User{2F364C42-1B70-4638-B415-C9DFA91099E6}C:\program files (x86)\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"UDP Query User{36F9BAD4-8BFC-4E2F-B16E-E307E7C5B775}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"UDP Query User{43858CAE-EE09-4F8B-8FE1-87603B66FBD2}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{47FC1D4A-2204-4843-A565-A5E0BA53CF93}C:\program files (x86)\r.g. catalyst\batman arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=c:\program files (x86)\r.g. catalyst\batman arkham city\binaries\win32\batmanac.exe |
"UDP Query User{588D28D4-E370-4725-AD7D-27F50062AE60}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{5DE36BF3-568D-469E-A6BA-669E72AB205C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{5E0A614F-3A81-4419-9D51-AF1125E0E3EA}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{691FF651-69AC-4790-852D-EDA8C502BFBB}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{6D598B03-42F4-4007-ACB4-6E9D9E20B202}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"UDP Query User{6EF1BBF6-755D-41EA-9570-BB0CA41DB610}C:\users\tag\appdata\roaming\macromedia\flash player\" = protocol=17 | dir=in | app=c:\users\tag\appdata\roaming\macromedia\flash player\ |
"UDP Query User{773A0872-84BB-4EBA-B51C-5C043D45A699}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"UDP Query User{781D9878-E291-413C-87F0-94DB66346BD7}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{7C5DA8BC-9737-48B8-977B-3370E747ACE3}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{7D6E6B58-5927-44D5-ACF5-8B12A6DF07B8}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{7F1471FA-FCD3-4E69-8F2E-A00DE54A9D77}C:\program files (x86)\boxee\boxee.exe" = protocol=17 | dir=in | app=c:\program files (x86)\boxee\boxee.exe |
"UDP Query User{8009372E-4258-4B8A-A64B-7FB131E93F43}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{80B854EC-9D1B-47D0-A02D-E582F9984DA1}C:\program files (x86)\yahoo messenger\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo messenger\messenger\yahoomessenger.exe |
"UDP Query User{82BBCCFD-A7BD-48D4-96B1-60BC19911AE9}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"UDP Query User{84A0D2ED-B31E-4041-B1AB-8A62A6DF6E0D}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"UDP Query User{91467A3D-86F0-4F81-B864-D95CB515A572}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{9C50996B-16C6-4338-966B-98A834B14E9D}C:\program files (x86)\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe |
"UDP Query User{A0019A77-E28C-47DF-BB44-6EC46A267B2F}C:\program files (x86)\xming\xming.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xming\xming.exe |
"UDP Query User{A0AA7D13-CA0F-4E89-9AD9-916BF9606B71}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"UDP Query User{A2072F7F-C48E-4E89-B6C6-E909842DB0A1}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{B0AC6269-FB00-4A6A-8B17-DF3531E7DFAD}C:\users\tag\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\tag\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C13AD232-05BB-456E-8FCF-9BAEE9E272F0}C:\ruby192\bin\ruby.exe" = protocol=17 | dir=in | app=c:\ruby192\bin\ruby.exe |
"UDP Query User{C5E05FDA-57A8-4392-BE95-5FBCC3647FEC}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{E575D699-B380-4A2B-99AD-67B9D224DADF}C:\program files (x86)\xming\xming.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xming\xming.exe |
"UDP Query User{EC1FAE76-521E-4F2A-9247-EDD80021EAF3}C:\program files (x86)\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{F1AD8E1D-1420-4901-A59C-71951060D770}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe |
"UDP Query User{F5D10CAD-F00F-46BA-AEA8-6A2C9E25308B}C:\users\tag\desktop\starcraft_2_na_en-us.exe" = protocol=17 | dir=in | app=c:\users\tag\desktop\starcraft_2_na_en-us.exe |
"UDP Query User{FEA64ED2-262C-4933-A674-1348E887D069}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
Click to expand...
 
OTL Extras (continued) said:
========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{19B62EDC-C108-4393-B3F1-8A813096CC8E}" = Symantec Endpoint Protection
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.1.2903 x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89BDAE1A-7B8E-4A0E-A169-02F7F366451D}" = iCloud
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2544E7-123D-45B0-AB68-5C16698F015B}" = TortoiseHg 2.0.2 (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D4DF3FD3-4467-47EF-8D4A-AF1E691E34F5}" = Logitech Webcam Software
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-64)
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual J# 2.0 Redistributable Package - SE (x64)" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{04805AB6-F757-496A-8D56-37A0FC5FF6F3}" = VMware vSphere Client 5.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{072A5217-8165-4AB7-8366-36CB3245DB60}" = OpenVPN Client
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE}" = Google Drive
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40F0DEB7-21A6-4166-B021-CE9675665985}" = Plex Media Server
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink Wireless LAN
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"AudioCS" = Creative Audio Control Panel
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.3.0
"Batman Arkham City_is1" = Batman Arkham City 1.0
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Digital Editions" = Adobe Digital Editions
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00
"File-5.03_is1" = GnuWin32: File-5.03
"Git_is1" = Git version 1.7.8-preview20111206
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Desktop" = Google Desktop
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"IDrive_is1" = IDrive version 3.4.1 January 03, 2012
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"KatMouse" = KatMouse (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mendeley Desktop" = Mendeley Desktop 1.6
"mIRC" = mIRC
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.16)" = Mozilla Thunderbird (3.1.16)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PuTTY_is1" = PuTTY version 0.60
"StarCraft II" = StarCraft II
"Steam App 40700" = Machinarium
"Steam App 40720" = Samorost 2
"Steam App 50130" = Mafia II
"The Weather Channel App" = The Weather Channel App
"TomTom HOME" = TomTom HOME 2.8.2.2264
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.3
"VMware_Workstation" = VMware Workstation
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"winscp3_is1" = WinSCP 4.2.9
"Xming_is1" = Xming 6.9.0.31
"Yahoo! Messenger" = Yahoo! Messenger
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-419851143-2205390515-4003747433-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"AIM" = AIM for Windows
"GNU CLISP 2.49" = GNU CLISP 2.49
"Google Chrome" = Google Chrome
"MiKTeX 2.8" = MiKTeX 2.8
"MusicManager" = Music Manager
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2012 12:31:31 AM | Computer Name = Tag-PC | Source = VSS | ID = 8193
Description =

Error - 12/13/2012 6:34:33 AM | Computer Name = Tag-PC | Source = Google Update | ID = 20
Description =

Error - 12/13/2012 7:15:27 AM | Computer Name = Tag-PC | Source = VSS | ID = 8193
Description =

Error - 12/13/2012 7:58:37 AM | Computer Name = Tag-PC | Source = VSS | ID = 8193
Description =

Error - 12/13/2012 8:01:50 AM | Computer Name = Tag-PC | Source = VSS | ID = 8193
Description =

Error - 12/13/2012 8:07:41 AM | Computer Name = Tag-PC | Source = VSS | ID = 8193
Description =

Error - 12/13/2012 8:11:16 AM | Computer Name = Tag-PC | Source = VSS | ID = 8193
Description =

Error - 12/13/2012 8:14:51 AM | Computer Name = Tag-PC | Source = VSS | ID = 8193
Description =

Error - 12/15/2012 12:24:33 PM | Computer Name = Tag-PC | Source = Windows Activation Technologies | ID = 14
Description = Genuine validation failure: hr = 0xD0000452

Error - 12/15/2012 3:55:23 PM | Computer Name = Tag-PC | Source = VSS | ID = 8193
Description =

[ System Events ]
Error - 12/15/2012 6:16:19 PM | Computer Name = Tag-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 12/15/2012 6:18:40 PM | Computer Name = Tag-PC | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/15/2012 6:27:22 PM | Computer Name = Tag-PC | Source = Service Control Manager | ID = 7034
Description = The IDriveE Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/15/2012 6:28:08 PM | Computer Name = Tag-PC | Source = DCOM | ID = 10016
Description =

Error - 12/15/2012 6:29:51 PM | Computer Name = Tag-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 12/15/2012 6:29:51 PM | Computer Name = Tag-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 12/15/2012 7:00:34 PM | Computer Name = Tag-PC | Source = Service Control Manager | ID = 7034
Description = The IDriveE Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/15/2012 7:01:52 PM | Computer Name = Tag-PC | Source = DCOM | ID = 10016
Description =

Error - 12/15/2012 7:02:38 PM | Computer Name = Tag-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 12/15/2012 7:02:38 PM | Computer Name = Tag-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069


< End of report >
Click to expand...
 
Your computer was definitely infected.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld -- (MySQL)
O2:64bit: - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [WeatherMate] "C:\Program Files (x86)\WeatherMate\WeatherMate.exe" File not found
O4 - HKU\S-1-5-21-419851143-2205390515-4003747433-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=============================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Broni said:
Your computer was definitely infected.
Click to expand...
Are you able to tell which virus(es) it was infected with?

The ESET scan was clean.


OTL said:
All processes killed
========== OTL ==========
Service MySQL stopped successfully!
Service MySQL deleted successfully!
File C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WeatherMate deleted successfully.
Registry value HKEY_USERS\S-1-5-21-419851143-2205390515-4003747433-1001\Software\Microsoft\Windows\CurrentVersion\Run\\MobileDocuments deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7833412 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 92945121 bytes
->Flash cache emptied: 7753 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tag
->Temp folder emptied: 2160108 bytes
->Temporary Internet Files folder emptied: 25515165 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 218005890 bytes
->Google Chrome cache emptied: 464330675 bytes
->Apple Safari cache emptied: 15372288 bytes
->Flash cache emptied: 396539 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser.Tag-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 266177 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 439704 bytes

Total Files Cleaned = 789.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: Public

User: Tag
->Java cache emptied: 0 bytes

User: UpdatusUser

User: UpdatusUser.Tag-PC

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: Tag
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Flash cache emptied: 0 bytes

User: UpdatusUser.Tag-PC
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12152012_190455

Files\Folders moved on Reboot...
C:\Users\Tag\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-2680.log moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Click to expand...


screen317's Security Check version 0.99.56 said:
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 9
Java(TM) SE Development Kit 7
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox 16.0.1 Firefox out of Date!
Mozilla Thunderbird (3.1.16) Thunderbird out of Date!
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
Click to expand...


Farbar Service Scanner Version: 10-12-2012 said:
Ran by Tag (administrator) on 15-12-2012 at 19:21:33
Running from "C:\Users\Tag\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll
[2012-12-13 06:39] - [2012-08-21 08:09] - 0219136 ____A (Microsoft Corporation) 136760C1E9697BAF4ECDEAE5590A0806

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
Click to expand...
 
You had number of trojans there.

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

===============================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
 
Broni said:
Your computer is clean
Click to expand...
Fantastic! Thanks for your help! I think that I will still avoid using this OS for any important logins, in case of any lurking nasties. BTW, is it possible to know which Trojans they were to assess the scope of what was compromised?

Some strange observations:
  • Before updating Adobe Reader, there was one session in Chrome where I was not able to load web pages, although other applications (like AIM) requiring network connectivity were still working. Restarting Chrome solved the problem.
  • Secunia PSI hanged several times, requiring several restarts of the application.
OTL said:
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tag
->Temp folder emptied: 86408 bytes
->Temporary Internet Files folder emptied: 470197 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 61671214 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser.Tag-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255872 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2019 bytes

Total Files Cleaned = 60.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: Tag
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Flash cache emptied: 0 bytes

User: UpdatusUser.Tag-PC
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: Public

User: Tag
->Java cache emptied: 0 bytes

User: UpdatusUser

User: UpdatusUser.Tag-PC

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 12152012_235503

Files\Folders moved on Reboot...
C:\Users\Tag\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-3260.log moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Click to expand...
 
Thanks again :) A few more questions:
  1. How certain can I be that there are no lingering rootkits?
  2. How certain can I be that there are no rootkits that will survive a disk reformatting?
  3. How certain can I be that these viruses have not affected a Linux installation on another HDD in the same system?
 
1. 100%
2. No rootkit will survive formatting.
3. Linux won't be affected. Internal drives or external ones?
 
2. I'd have to see one for real.
3. rootkits designed for Windows won't affect Linux and vice versa.
Internal drives were scanned with our tools.
 
  • Like
Reactions: VvWolverinevV
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
2K
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
3K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
3K
adidaman27
A

Latest posts

Back