PDA

View Full Version : IDP.Trojan Crpt.AQLW Issues



boatnerd06
2012-05-07, 06:15
Hello,
I am having many of the same problems that others are having with this bugger. I got into a file earlier and started getting the Vault messages from AVG Free. Any help to remove this issue would be appreciated.

Thanks

dds log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Nathan at 23:08:14 on 2012-05-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3326.1521 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Steam\Steam.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Users\Nathan\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Nathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Nathan\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://startsear.ch/?aff=1&cf=3b7fc524-29a8-11e1-8e12-001fd08149e9
uInternet Settings,ProxyServer = 46.23.70.176:3128
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - c:\program files\vshare.tv plugin\BarLcher.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: RebateRobot BHO: {fa3fedf6-1a34-4076-9f25-a26a2de6a401} - c:\program files\rebaterobot\RebateRobot.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - c:\program files\vshare.tv plugin\BarLcher.dll
TB: {B771FEA3-2A05-4C21-B1E2-55551A97D520} - No File
TB: {719D74AB-1AF9-43A1-8C62-D8750628D93E} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 52\axcmd.exe" /automount
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [ISUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [Akamai NetSession Interface] "c:\users\nathan\appdata\local\akamai\netsession_win.exe"
uRun: [Google Update] "c:\users\nathan\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [CA737A4C8A218980B307F7230906C3F73A69889A._service_run] "c:\users\nathan\appdata\local\google\chrome\application\chrome.exe" --type=service
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [PowerSuite] "c:\program files\uniblue\powersuite\launcher.exe" delay 20000 -m
uRun: [DriverScanner] "c:\program files\uniblue\driverscanner\launcher.exe" delay 20000
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\nathan\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\nathan\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gammat~1.lnk - c:\program files\magictune premium\GammaTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: 360-value.com
Trusted Zone: billerweb.com
Trusted Zone: bristolwest.com
Trusted Zone: bwproducers.com
Trusted Zone: cisgroup.com
Trusted Zone: co-optimum.com
Trusted Zone: farmers.com
Trusted Zone: farmers.csod.com
Trusted Zone: farmersces.com
Trusted Zone: farmersflood.com
Trusted Zone: farmersinsurance.com
Trusted Zone: farmersleadcenter.com
Trusted Zone: farmerslife.com
Trusted Zone: farmersmarketpoint.com
Trusted Zone: foremostfarmers.com
Trusted Zone: foremoststar.com
Trusted Zone: ipipeline.com
Trusted Zone: msbexpress.net
Trusted Zone: seccas.com
Trusted Zone: zurich.com
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://eagent.farmersinsurance.com/PLA/eAgent/icms/commonActiveX/smsx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{FEAEC8ED-0698-44E1-8342-E4CD3DA1D97E} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nathan\appdata\roaming\mozilla\firefox\profiles\jkd87gk8.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1&cf=3b7fc524-29a8-11e1-8e12-001fd08149e9
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bbc3f9e54-7112-455e-8307-e15978e50026%7D&mid=695c58de235e47d6b412d1569665a01a-630f14d88c88f78d12f6037265eb8b1d7839be65&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-17%2012%3A38%3A28&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\nathan\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\users\nathan\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\nathan\appdata\roaming\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 vmlitedrv;vmlitedrv;c:\windows\system32\drivers\vmlitedrv.sys [2012-1-26 15464]
R1 VMLiteUSBMon;VMLiteUSBMon;c:\windows\system32\drivers\vmliteusbmon.sys [2012-1-26 127080]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-27 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-9-12 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-5-3 47640]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2012-2-9 531328]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2012-3-15 370504]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 VMLiteService;VMLiteService;c:\program files\vmlite\vmlite workstation\VMLiteService.exe [2010-8-21 455784]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
R3 vmlitestor;vmlitestor;c:\windows\system32\drivers\vmlitestor.sys [2010-8-18 140392]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-26 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 257696]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-27 984392]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-26 135664]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-7-1 9216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-10-10 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-1 1343400]
S3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\drivers\ZTEusbgps.sys [2011-7-1 105856]
S3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\drivers\ZTEusbnmeaext.sys [2011-7-1 105856]
.
=============== Created Last 30 ================
.
2012-05-07 03:00:04 295248 ----a-w- c:\windows\system32\dllcache
2012-05-07 03:00:04 -------- d-----w- C:\_OTL
2012-05-07 02:11:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-07 01:16:06 -------- d-s---w- C:\ComboFix
2012-05-06 22:12:22 98816 ----a-w- c:\windows\sed.exe
2012-05-06 22:12:22 518144 ----a-w- c:\windows\SWREG.exe
2012-05-06 22:12:22 256000 ----a-w- c:\windows\PEV.exe
2012-05-06 22:12:22 208896 ----a-w- c:\windows\MBR.exe
2012-05-06 19:58:31 -------- d-----w- C:\DashConfig
2012-05-06 19:25:23 -------- dc-h--w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-05-06 19:24:58 -------- d-----w- c:\users\nathan\appdata\local\PackageAware
2012-05-06 18:58:22 -------- dc-h--w- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2012-05-06 18:41:32 -------- dc-h--w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}
2012-05-06 17:42:21 -------- d-----w- c:\program files\NirSoft
2012-05-06 17:37:45 -------- d-----w- c:\programdata\Uniblue
2012-05-06 17:37:22 -------- d-----w- c:\program files\Uniblue
2012-04-28 00:23:59 -------- d-----w- c:\program files\Paradox Interactive
2012-04-11 02:48:07 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 02:48:07 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 02:48:07 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 02:48:07 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 02:46:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 02:46:49 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 02:44:43 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-04-11 02:44:43 739840 ----a-w- c:\windows\system32\d2d1.dll
.
==================== Find3M ====================
.
2012-05-07 02:13:24 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-05-06 20:04:15 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 20:04:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-06 13:43:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-28 05:38:52 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 03:52:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-24 19:43:36 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 15:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 23:09:38.21 ===============

Scolabar
2012-05-15, 19:56
Hi boatnerd06,

Firstly, welcome to the Safer-Networking Malware Removal Forum. :)
My name is Scolabar, and I'll be helping you with your malware problems.
Logs can take a while to research, so please be patient.
If you no longer require help I would be grateful if you would let me know.

Please note the following important guidelines before proceeding:
The instructions that will be provided are for YOUR computer and system only!
Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
Absence of symptoms does not necessarily mean that everything is clear.
DO NOT run any other fix or removal tools unless instructed to do so!
DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Please Note: If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) where the conditions for receiving help here are explained.

Windows 7 Advice:
Please Note: The programs I ask you to use will need to be run in Administrator Mode.
In order to do this Right-click on the program file and select the Run as Administrator option.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
If prompted, please click on the Allow button.
Reference: User Account Control (UAC) and Running as Administrator (http://support.microsoft.com/kb/922708)


Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.


Backup Your Data - Windows 7 (http://support.microsoft.com/kb/971759)
If you follow these guidelines, things should proceed smoothly. :)
I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.

Scolabar

boatnerd06
2012-05-16, 04:18
Thank you Scolabar, I'm looking forward to getting this issue resolved.

Scolabar
2012-05-16, 08:18
Hi boatnerd06,

Thank you again for your patience. :)

Please read these instructions carefully before executing and perform the steps exactly in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before proceeding please make sure any open programs are closed.

Step 1:
Company-Owned Computer?

Entries in the log provided lead me to believe this may be a company-owned computer.
Please confirm whether or not this computer is a company owned computer, a computer used for business or connected to a business network.
If this is not the case, please proceed with Step 2 and clarify for what purposes this computer is used in your next post.

Step 2:
Tools Already Used

Have you already been receiving help at another malware removal forum?

Please Note: Using powerful tools without the guidance of a Malware Removal Expert runs the risk of turning a computer into a brick.

I will need to see the log files for the fixes run:


TDSSKiller - Log

I notice that TDSSKiller has been used recently on this computer. Please follow the instructions below to retrieve the log file:

Please download TDSSQlook.exe (http://www.malwareinfo.nl/tools/TDSSQlook.exe) by Kaspersky and save it to your Desktop. <-- Important!!!
Right-click on TDSSQlook.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
A log file will be created on the Desktop called TDSSQ.txt.
Copy and Paste the entire contents of the TDSSQ.txt file into your next reply.

ComboFix - Log

I also notice that ComboFix has been recently installed on this computer. You need to be aware of the following:


Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer (http://img.photobucket.com/albums/v666/sUBs/New_Disclaimer_090525.gif).
Please post the entire contents of the combofix.txt log file (- it is normally to be found in the C:\qoobox\ directory) into your next reply.

OTL - Log

If you ran an OTL fix I will need to see that log file as well. Otherwise, go to Step 3.

The OTL log can be found in the following location:


C:\_OTL\MovedFiles\DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Please Copy and Paste that log report into your next reply.

Step 3:
Include in Next Post

Did you have any problems carrying out the instructions?
Is this computer a company-owned computer, a computer used for business or connected to a business network?
If not, please clarify for what purposes the computer is used.
TDSSQ.txt.
combofix.txt.
C:\_OTL\MovedFiles\DD/DD/DD TT/TT.txt.
Do you have the original Windows installation media for your PC?

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Scolabar
2012-05-18, 10:13
Hi boatnerd06,

It has been over 48 hours since my last post.

Do you still need help?
Do you need more time?
Are you having problems following my instructions?
In line with Safer-Networking's Forum Guidelines, topics will be closed after 3 days without a response.
If you do not reply within the next 24 hours, this topic will be closed.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

boatnerd06
2012-05-22, 03:00
Sorry about the lack of response I was gone for the weekend.

2. It is my own personal computer that I also use for business. In order for our website to work on my computer it requires that we download a packet to make everything work well.

3. I have not been using another form however I was attempting to fix it myself as I was completely unusable. I got it to a point that its functional but not to the point that It was before.

6. I do not have the original Installation media for this computer. It was a Vista Media Center to Windows 7 Upgrade via a downloadable file from Microsoft.

boatnerd06
2012-05-22, 03:01
TTDSQ Log


TDSSKiller Quarantine Information log
Version 1.0.0.4
***** START SCAN Mon 05/21/2012 20:00:00.02 *****

---------- TDSSKiller logs ----------

TDSSKiller.2.7.34.0_06.05.2012_22.08.18_log.txt

---------- TDSSStarter logs ----------


---------- DIR LIST ----------

C:\TDSSKiller_Quarantine\06.05.2012_22.08.18
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\zaea0000
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\svc0000
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\object.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\svc0000\tsk0001.dta
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\svc0000\tsk0001.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0011.dta
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0010.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0011.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0009.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0009.dta
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0008.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0007.dta
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0007.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0006.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0006.dta
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0005.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0005.dta
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0004.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0004.dta
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0003.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0003.dta
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0002.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0001.dta
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0000.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0000.dta
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0001.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\zaea0000\svc0000
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\zaea0000\object.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\zaea0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\zaea0000\svc0000\object.ini

---------- INI FILES ----------

=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\object.ini

[InfectedObject]
Verdict: Virus.Win32.ZAccess.aml


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\svc0000\object.ini

[InfectedObject]
Type: Service
Name: Avgtdix
Type: Kernel driver (0x1)
Start: System (0x1)
ImagePath: system32\DRIVERS\avgtdix.sys
Suspicious states: Forged file;


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\DRIVERS\avgtdix.sys
md5: 9c38f5a390e2c50773603458d8f0814d


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\svc0000\tsk0001.ini

[InfectedFile]
Type: Api image
Src: C:\Windows\system32\DRIVERS\avgtdix.sys
md5: a6d562b612216d8d02a35ebeb92366bd


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0000.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\@
Size: 2048


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0001.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\cfg.ini
Size: 297


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0002.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\Desktop.ini
Size: 4608


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0003.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\L\xadqgnnk
Size: 295248


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0004.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\oemid
Size: 57


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0005.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\U\00000001.@
Size: 2048


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0006.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\U\00000002.@
Size: 224768


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0007.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\U\00000004.@
Size: 1024


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0008.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\U\80000000.@
Size: 66560


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0009.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\U\80000004.@
Size: 1024


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0010.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\U\80000032.@
Size: 115712


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0011.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\version
Size: 1268


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\zaea0000\object.ini

[InfectedObject]
Verdict: Backdoor.Multi.ZAccess.gen


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\zaea0000\svc0000\object.ini

[InfectedObject]
Type: Service
Name: pcradminserver
Type: n/a (0x20)
Start: Auto (0x2)
ImagePath: %SystemRoot%\system32\svchost.exe -k netsvcs
Suspicious states: Locked file;


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\zaea0000\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\ultra.dll
md5: 11028c6a84a967070cb1286550f2058f

boatnerd06
2012-05-22, 03:03
Latest Combo Fix Log


ComboFix 12-05-11.04 - Nathan 05/11/2012 22:52:54.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3326.2406 [GMT -4:00]
Running from: c:\users\Nathan\Desktop\jgh.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Microsoft
c:\users\Nathan\AppData\Roaming\Roaming
c:\users\Nathan\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
.
---- Previous Run -------
.
c:\users\Nathan\AppData\Roaming\Roaming
c:\users\Nathan\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\windows\system32\explorer.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BridgeMP
-------\Service_Dot4Print
-------\Service_p2psvc
-------\Service_SiSRaid2
.
.
((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-12 03:10 . 2012-05-12 03:10 -------- d-----w- c:\users\Mcx1-NATHAN-PC\AppData\Local\temp
2012-05-12 03:10 . 2012-05-12 03:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-12 02:11 . 2012-05-12 02:11 -------- d--h--w- c:\windows\AxInstSV
2012-05-12 01:44 . 2012-05-12 01:53 -------- d-----w- c:\windows\system32\catroot2
2012-05-11 03:35 . 2012-05-11 03:35 -------- d-----w- c:\users\Nathan\AppData\Roaming\Malwarebytes
2012-05-11 03:35 . 2012-05-11 03:35 -------- d-----w- c:\programdata\Malwarebytes
2012-05-11 03:35 . 2012-05-11 03:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-11 03:35 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-10 15:35 . 2012-05-11 22:35 -------- d-----w- c:\windows\system32\drivers\AVG
2012-05-10 15:35 . 2012-05-10 15:49 -------- d-----w- c:\programdata\AVG2012
2012-05-08 22:57 . 2012-05-09 04:08 -------- d-----w- C:\AVG2012
2012-05-08 22:52 . 2012-05-12 01:58 -------- d-----w- C:\temp
2012-05-08 16:10 . 2012-05-12 03:14 -------- d-----w- c:\users\Nathan\AppData\Local\temp
2012-05-08 15:48 . 2012-05-09 04:08 -------- d-----w- C:\jgh2002j
2012-05-07 22:07 . 2012-05-07 22:07 -------- d-----w- C:\JGH
2012-05-07 03:00 . 2012-05-09 04:06 -------- d-----w- C:\_OTL
2012-05-07 03:00 . 2011-07-11 05:14 295248 ----a-w- c:\windows\system32\dllcache
2012-05-07 02:11 . 2012-05-09 04:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-06 19:58 . 2012-05-09 00:55 -------- d-----w- C:\DashConfig
2012-05-06 19:25 . 2012-05-06 19:25 -------- dc-h--w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-05-06 19:24 . 2012-05-06 19:24 -------- d-----w- c:\users\Nathan\AppData\Local\PackageAware
2012-05-06 18:58 . 2012-05-09 04:06 -------- dc-h--w- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2012-05-06 18:41 . 2012-05-06 19:16 -------- dc-h--w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}
2012-05-06 17:42 . 2012-05-09 04:06 -------- d-----w- c:\program files\NirSoft
2012-05-06 17:37 . 2012-05-06 17:37 -------- d-----w- c:\programdata\Uniblue
2012-05-06 17:37 . 2012-05-09 04:06 -------- d-----w- c:\program files\Uniblue
2012-04-28 00:23 . 2012-04-28 00:23 -------- d-----w- c:\program files\Paradox Interactive
2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 02:13 . 2011-07-11 05:14 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-05-06 20:04 . 2012-04-04 14:11 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 20:04 . 2011-05-27 15:37 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-19 09:17 . 2012-03-19 09:17 301248 ----a-w- c:\windows\system32\drivers\SET7F13.tmp
2012-03-06 13:43 . 2010-05-16 15:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-06 05:59 . 2012-04-11 02:46 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-06 05:59 . 2012-04-11 02:46 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-01 05:46 . 2012-04-11 02:48 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-11 02:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-11 02:48 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 02:48 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-24 19:43 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-02-22 09:25 . 2012-02-22 09:25 235216 ----a-w- c:\windows\system32\drivers\SET5D10.tmp
2012-02-17 05:34 . 2012-03-15 04:55 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-15 04:55 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-15 04:55 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01 . 2012-02-15 16:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-10-11 01:41 . 2011-03-22 22:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-07_21.56.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-14 06:24 . 2012-05-12 02:48 69388 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-05-12 03:15 47126 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-14 05:04 . 2012-05-12 03:15 22760 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-541655578-1006378361-3361530724-1000_UserData.bin
+ 2010-03-19 21:17 . 2012-05-08 23:49 67584 c:\windows\System32\LogFiles\Srt\bootstat.dat
- 2010-03-19 21:17 . 2010-03-19 23:36 67584 c:\windows\System32\LogFiles\Srt\bootstat.dat
+ 2009-07-14 04:50 . 2012-05-12 03:16 86016 c:\windows\System32\DriverStore\infpub.dat
- 2009-07-14 04:50 . 2012-05-07 12:52 86016 c:\windows\System32\DriverStore\infpub.dat
+ 2012-01-31 08:46 . 2012-01-31 08:46 31952 c:\windows\System32\drivers\avgrkx86.sys
+ 2011-12-23 17:32 . 2011-12-23 17:32 41040 c:\windows\System32\drivers\avgmfx86.sys
+ 2011-12-23 17:32 . 2011-12-23 17:32 17232 c:\windows\System32\drivers\avgidsshimx.sys
+ 2011-12-23 17:32 . 2011-12-23 17:32 24144 c:\windows\System32\drivers\avgidsfilterx.sys
+ 2009-11-14 05:04 . 2012-05-12 03:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-14 05:04 . 2012-05-07 22:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-14 05:04 . 2012-05-12 03:17 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-14 05:04 . 2012-05-07 22:04 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-14 05:04 . 2012-05-07 22:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-14 05:04 . 2012-05-12 03:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-14 03:07 . 2012-05-07 22:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-14 03:07 . 2012-05-12 03:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-14 03:07 . 2012-05-12 03:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-14 03:07 . 2012-05-07 22:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-16 16:18 . 2010-07-16 16:18 10134 c:\windows\Installer\{DA97BDF9-BC72-46FD-8E76-427F2BB951EE}\ARPPRODUCTICON.exe
+ 2012-05-12 01:37 . 2012-05-12 01:37 10134 c:\windows\Installer\{DA97BDF9-BC72-46FD-8E76-427F2BB951EE}\ARPPRODUCTICON.exe
- 2012-05-07 21:29 . 2012-05-07 21:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-12 02:45 . 2012-05-12 03:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-07 21:29 . 2012-05-07 21:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-12 02:45 . 2012-05-12 03:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-13 23:58 . 2010-11-20 12:18 854016 c:\windows\winsxs\x86_microsoft-windows-imageanalysis_31bf3856ad364e35_6.1.7601.17514_none_4a6381a588654ba6\dbghelp.dll
- 2011-10-11 01:57 . 2010-11-20 12:18 854016 c:\windows\winsxs\x86_microsoft-windows-imageanalysis_31bf3856ad364e35_6.1.7601.17514_none_4a6381a588654ba6\dbghelp.dll
- 2009-07-14 04:50 . 2012-05-07 12:52 143360 c:\windows\System32\DriverStore\infstrng.dat
+ 2009-07-14 04:50 . 2012-05-12 03:16 143360 c:\windows\System32\DriverStore\infstrng.dat
- 2009-07-14 04:50 . 2012-05-07 12:52 143360 c:\windows\System32\DriverStore\infstor.dat
+ 2009-07-14 04:50 . 2012-05-12 03:16 143360 c:\windows\System32\DriverStore\infstor.dat
+ 2011-12-23 17:32 . 2011-12-23 17:32 139856 c:\windows\System32\drivers\avgidsdriverx.sys
+ 2009-07-14 04:34 . 2012-05-12 02:47 116104 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:47 . 2012-05-07 21:27 470464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2012-05-12 02:19 470464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2007-03-23 19:51 . 2007-03-23 19:51 150368 c:\windows\Downloaded Program Files\igdtoolx.dll
+ 2010-04-03 22:27 . 2010-04-03 22:27 1515624 c:\windows\System32\nvsvcr.dll
+ 2010-04-27 06:17 . 2012-05-12 02:19 2431816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-541655578-1006378361-3361530724-1000-8192.dat
- 2010-04-27 06:17 . 2012-05-07 21:27 2431816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-541655578-1006378361-3361530724-1000-8192.dat
+ 2012-05-10 15:31 . 2012-05-10 15:31 5161984 c:\windows\Installer\61b840.msi
+ 2012-05-10 15:34 . 2012-05-10 15:34 2208768 c:\windows\Installer\61b83c.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA3FEDF6-1A34-4076-9F25-A26A2DE6A401}]
2011-12-04 05:05 88576 ----a-w- c:\program files\RebateRobot\RebateRobot.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-09 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GammaTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.lnk
backup=c:\windows\pss\GammaTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Nathan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 04:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM for Windows]
2012-02-11 04:57 1263448 ----a-w- c:\users\Nathan\AppData\Local\AOL\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2012-03-13 09:37 3331872 ----a-w- c:\users\Nathan\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:05 203416 ----a-w- c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 02:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2012-04-05 09:12 2587008 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CA737A4C8A218980B307F7230906C3F73A69889A._service_run]
2012-04-28 02:07 1224176 ----a-w- c:\users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup]
2011-03-04 00:52 948880 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2006-10-12 19:57 102400 ------w- c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 07:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 23:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 20:41 222128 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2007-09-12 14:20 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicTuneLauncher]
2010-12-21 14:39 51712 ----a-w- c:\program files\MagicTune Premium\MagicTuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
2007-06-02 20:59 1457152 ----a-w- c:\program files\PeerGuardian2\pg2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-05-09 21:36 9478320 ----a-w- c:\users\Nathan\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-05-09 21:36 932528 ----a-w- c:\users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-09 13:58 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-03-06 22:24 741240 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-04-15 9216]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-01 1343400]
R3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\DRIVERS\ZTEusbgps.sys [2008-04-15 105856]
R3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext.sys [2008-04-15 105856]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 135664]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-02-06 374152]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R4 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-09 531328]
R4 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
R4 VMLiteService;VMLiteService;c:\program files\VMLite\VMLite Workstation\VMLiteService.exe [2010-08-21 455784]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-14 721904]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-05-07 295248]
S1 VBoxDrv;VBoxDrv;c:\windows\system32\drivers\VBoxDrv.sys [2010-08-11 143848]
S1 vmlitedrv;vmlitedrv;c:\windows\system32\drivers\vmlitedrv.sys [2010-06-29 15464]
S1 VMLiteUSBMon;VMLiteUSBMon;c:\windows\system32\drivers\vmliteusbmon.sys [2010-08-18 127080]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
S3 VBoxNetAdp;VMLite Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-08-11 100264]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-08-11 111208]
S3 vmlitestor;vmlitestor;c:\windows\system32\DRIVERS\vmlitestor.sys [2010-08-18 140392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Cam5603C
AR5523
SE2Bbus
dvd_2K
LUsbKbd
mgabg
httpfilter
armoucfltr
pcradminserver
awecho
splitter
mssqlserveradhelper
dpfusmgr
GTPTSER
xnacc
pdreli
ntservice1
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:04]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 17:16]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 17:16]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-541655578-1006378361-3361530724-1000Core.job
- c:\users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-14 02:38]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-541655578-1006378361-3361530724-1000UA.job
- c:\users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-14 02:38]
.
.
------- Supplementary Scan -------
.
uStart Page = https://eagent.farmersinsurance.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 46.23.70.176:3128
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
Trusted Zone: 360-value.com
Trusted Zone: billerweb.com
Trusted Zone: bristolwest.com
Trusted Zone: bwproducers.com
Trusted Zone: cisgroup.com
Trusted Zone: co-optimum.com
Trusted Zone: farmers.com
Trusted Zone: farmers.csod.com
Trusted Zone: farmersces.com
Trusted Zone: farmersflood.com
Trusted Zone: farmersinsurance.com
Trusted Zone: farmersleadcenter.com
Trusted Zone: farmerslife.com
Trusted Zone: farmersmarketpoint.com
Trusted Zone: foremostfarmers.com
Trusted Zone: foremoststar.com
Trusted Zone: ipipeline.com
Trusted Zone: msbexpress.net
Trusted Zone: seccas.com
Trusted Zone: zurich.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\jkd87gk8.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1&cf=3b7fc524-29a8-11e1-8e12-001fd08149e9
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bbc3f9e54-7112-455e-8307-e15978e50026%7D&mid=695c58de235e47d6b412d1569665a01a-630f14d88c88f78d12f6037265eb8b1d7839be65&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-17%2012%3A38%3A28&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2204)
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\PrintIsolationHost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Completion time: 2012-05-11 23:23:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-12 03:23
ComboFix2.txt 2012-05-07 22:07
.
Pre-Run: 21,887,176,704 bytes free
Post-Run: 21,658,742,784 bytes free
.
- - End Of File - - E09FA5E9093EBB11028084417CFBF20C

boatnerd06
2012-05-22, 03:04
TT Log:


========== REGISTRY ==========
========== SERVICES/DRIVERS ==========
Error: No service named .avgtdix was found to stop!
Service\Driver key .avgtdix not found.
========== FILES ==========
< copy "C:\Program Files\AVG\AVG2012\Drivers\avgtdix.sys" "C:\WINDOWS\system32\dllcache" /c >
1 file(s) copied.
C:\Users\Nathan\Downloads\cmd.bat deleted successfully.
C:\Users\Nathan\Downloads\cmd.txt deleted successfully.
C:\WINDOWS\System32\dds_trash_log.cmd moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.42.3 log created on 05062012_230004

Scolabar
2012-05-23, 11:04
Hi boatnerd06,


Sorry about the lack of response I was gone for the weekend.You are fortunate. I had requested this topic to be closed, but the request somehow got overlooked. Please make sure you reply in good time otherwise you will run the risk of the topic being closed. ;)

I'm afraid have some bad news for you. :sad:

Rootkit Warning

Your logs show signs of the Zero Access Rootkit infection.
A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:
Disconnect the computer from the Internet and from any networked computers until it is cleaned.
Your company's IT department should also be informed.
Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft
and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
From a clean computer, change all your passwords.
(ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, any online activity you perform, requiring a username and password).
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
Back up all your important data except programs. The programs can be re-installed back from the original disc or from the Net.
Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again.
Many experts in the security community believe that once infected with this type of malware, the best course of action would be to do a reformat and re-installation of the operating system (OS).

This decision will have to be made by you.

To help you understand more, please take some time to read the following articles:

When should I re-format and reinstall my OS (http://www.dslreports.com/faq/10063)
What are Remote Access Trojans and why are they dangerous (http://www.microsoft.com/technet/security/alerts/info/virusrat.mspx)
How do I respond to a possible identity theft and how do I prevent it (http://www.dslreports.com/faq/10451)
How and Where to backup your files (http://www.microsoft.com/athome/security/update/wherebackup.mspx)
Restoring your backups (http://support.microsoft.com/kb/309340)

An attempt can be made to clean this machine, however, you will need to be aware that having already attempted to deal with the malware infections present on your computer your system may have been damaged beyond repair. In addition, there will be no guarantee, if the cleanup is successful, that the computer won't still be compromised, afterwards.


I do not have the original Installation media for this computer. It was a Vista Media Center to Windows 7 Upgrade via a downloadable file from Microsoft.This does not help your situation. I hope you have your original Vista Media Center installation media. :sad:

Please confirm how you would like to proceed.


Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

boatnerd06
2012-05-23, 22:53
I think I would like to attempt to clean the machine. I do plan to in the near future to rebuild this computer anyway so if it fails it fails. I am beginning the process of using windows backup and restore to backup my computer unless you have a suggestion of something better.

Thanks,
boatnerd06

Scolabar
2012-05-24, 09:15
Hi boatnerd06,


I think I would like to attempt to clean the machine. I do plan to in the near future to rebuild this computer anyway so if it fails it fails.OK, thanks for the confirmation. Let's see how we get on.


I am beginning the process of using windows backup and restore to backup my computer unless you have a suggestion of something better.A link to instructions on how to back up your data was provided in my initial post: ;)


In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.


Backup Your Data - Windows 7 (http://support.microsoft.com/kb/971759)

OK, let's get started - assuming you have completed the backup of your data:

Please read these instructions carefully before executing and perform the steps exactly in the order given.
If, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Computer Problem(s) - Details

Please can you provide a description of the computer issues you are experiencing.
The description does not need to be technically detailed, but if your computer has given you any Error Codes or flashed up any messages, then the exact wording of them can be very useful.
Please describe the computer problem(s) you are encountering in your next post.

Step 2:
Advisory - P2P Software Present!

IMPORTANT There are signs of a P2P (Peer-to-Peer) File Sharing Program installed on your computer.


µTorrent
P2P File Sharing Programs are used as a major conduit for spreading malware infection to computer systems these days.

P2P programs open up access to the computer on which the program is installed. The computer's settings are more often than not changed in a manner that renders the computer insecure and access to the computer remains open even when the program is not in use. Consequently, the system's security is completely compromised.

So be aware that it is not just what is downloaded that causes problems, just having a P2P program installed is like leaving all the doors to your house unlocked.

I advise you take the time to read the following articles that explain the risk of installing these programs:

Perils of P2P File Sharing (http://www.techsupportforum.com/forums/f50/perils-of-p2p-file-sharing-305923.html)
Use of P2P File Sharing Programs (http://spywarewarrior.com/viewtopic.php?t=26216)
Clean/Infected P2P Programs (http://malwareremoval.com/p2pindex.php)
Risks of Peer-to-Peer Systems (http://www.fbi.gov/scams-safety/peertopeer/oeertopeer)
File sharing infects 500,000 computers (http://www.itpro.co.uk/195672/file-sharing-infects-500-000-computers)
File-sharing dangers involve more than legal troubles (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
How to Prevent the Online Invasion of Spyware and Adware (http://www.internetworldstats.com/articles/art053.htm)

I strongly recommend that you uninstall the P2P software as follows:

Remove P2P Program
Click on Start > Control Panel and double-click on Programs and Features.
Locate the following program:


µTorrent

Click on the Change/Remove button to uninstall it.
Please repeat the above instructions to remove any other P2P File Sharing Programs you may have installed on your system.
When the program(s) has/have been uninstalled Close the Programs and Features and Control Panel windows.
Step 3:
OTL - Scan

Before proceeding please make sure you delete any existing version of OTL you already have on your computer.
Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) by Old Timer. Save it to your Desktop.
Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Under Output, ensure that the Standard Output option is selected.
Under the Extra Registry section, select the Use SafeList option.
Click the Scan All Users checkbox.
Tick the LOP Check and Purity Check checkboxes.
Note: Please leave the remaining selections on the default settings.
Click on the Run Scan button in the top left-hand corner of the program window.
When done, two Notepad files will automatically open:

OTL.txt <-- Will be opened, maximized.
Extras.txt <-- Will be minimized on task bar.
Please Copy and Paste the entire contents of both OTL.txt and Extras.txt files into your next reply.
Step 4:
Farbar Service Scanner

Please download Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe) and save it to your Desktop.
Right-click on FSS.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Click on the Scan button.
When the scan has finished, a text file named FSS.txt will be created on your Desktop. (- the same location where the tool is run from).
Please Copy and Paste the entire contents of the FSS.txt log into your next reply.
Step 5:
MBRCheck - Scan

Please download MBRCheck.exe (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe) © a_d_13 to your Desktop.
Alternate links: Link 2 (http://ad13.geekstogo.com/MBRCheck.exe) or Link 3 (http://www.kernelmode.info/MBRCheck.exe)
Right-click on MBRCheck.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
A small black window will open with some information. Please do not fix anything (- if it gives you an option).
If an unknown boot code is detected additional options will be presented. At this time press N then press Enter twice to continue.
When the scan has completed you should see the message Done! Press ENTER to exit... Press Enter to exit the program.
A file named MBRCheck_mm.dd.yy_hh.mm.ss.txt will appear on your Desktop.
Please Copy and Paste the entire contents of the MBRCheck_mm.dd.yy_hh.mm.ss.txt file into your next reply.
Step 6:
Include in Next Post

Did you have any problems carrying out the instructions?
Please provide a description of the computer problem(s) you have been encountering.
OTL.txt.
Extras.txt.
FSS.txt.
MBRCheck_mm.dd.yy_hh.mm.ss.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

boatnerd06
2012-05-25, 21:12
Scolabar, I will be out of town for the next 3ish days. When I return the scans will be run.

Scolabar
2012-05-28, 10:51
Hi boatnerd06,

Please post the logs requested in my last post. I am expecting to hear from you by the end of today. ;)

Scolabar

boatnerd06
2012-05-29, 04:17
Every few hours or so It brings up a window that looks official saying that my copy of Windows is not valid. This is was not the case before this entire situation began.

OTL.txt

OTL logfile created on: 5/28/2012 9:04:22 PM - Run 2
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\Nathan\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 56.82% Memory free
6.50 Gb Paging File | 4.59 Gb Available in Paging File | 70.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 11.88 Gb Free Space | 2.55% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 37.78 Gb Free Space | 4.06% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 0.01 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: NATHAN-PC | User Name: Nathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/28 21:02:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
PRC - [2012/05/09 17:36:55 | 000,932,528 | ---- | M] () -- C:\Users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/26 22:43:13 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/22 21:56:50 | 000,441,880 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll
MOD - [2012/05/22 21:56:49 | 003,922,456 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
MOD - [2012/05/22 21:55:35 | 000,553,496 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll
MOD - [2012/05/22 21:55:33 | 000,117,784 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll
MOD - [2012/05/22 21:55:24 | 000,134,696 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
MOD - [2012/05/22 21:55:23 | 000,250,408 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll
MOD - [2012/05/22 21:55:21 | 002,375,720 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
MOD - [2012/05/22 21:06:23 | 008,743,584 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
MOD - [2012/05/09 17:36:55 | 000,932,528 | ---- | M] () -- C:\Users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ppa3.dll -- (xnacc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pinger.dll -- (splitter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bc_filter.dll -- (SE2Bbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\OVT511Plus.dll -- (pdreli)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\procexp111.dll -- (ntservice1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MXOFX.dll -- (mssqlserveradhelper)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\icam4usb.dll -- (mgabg)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eventlog.dll -- (LUsbKbd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahometnslistener.dll -- (httpfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\padfsvr.dll -- (GTPTSER)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dcstor32.dll -- (dvd_2K)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lpds.dll -- (dpfusmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SMCB000.dll -- (Cam5603C)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\k750bus.dll -- (awecho)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GENERICDRV.dll -- (armoucfltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\enecbpth.dll -- (AR5523)
SRV - [2012/05/06 16:04:18 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/20 10:18:29 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/27 18:40:51 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012/03/15 01:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2012/02/06 13:22:46 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/02/06 13:22:39 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Disabled | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2010/12/23 11:54:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/08/21 08:22:08 | 000,455,784 | ---- | M] (VMLite, Inc.) [Disabled | Stopped] -- C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe -- (VMLiteService)
SRV - [2010/03/01 18:03:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/14 01:08:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Nathan\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a1ar6w9g)
DRV - [2012/05/06 22:13:24 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/02/06 13:22:40 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/05/18 09:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/11/20 08:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 08:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 06:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/18 13:28:56 | 000,127,080 | ---- | M] (VMLite, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\vmliteusbmon.sys -- (VMLiteUSBMon)
DRV - [2010/08/18 12:54:16 | 000,140,392 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmlitestor.sys -- (vmlitestor)
DRV - [2010/08/11 12:05:00 | 000,111,208 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2010/08/11 12:05:00 | 000,100,264 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/08/11 12:04:54 | 000,143,848 | ---- | M] (VMLite, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010/06/29 11:20:02 | 000,015,464 | ---- | M] (VMLite, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\vmlitedrv.sys -- (vmlitedrv)
DRV - [2010/04/22 14:33:36 | 000,014,336 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2010/04/03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/11/13 21:59:40 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/04 10:11:04 | 001,084,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2009/07/13 18:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2008/08/11 12:40:58 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:40:58 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/15 11:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/04/15 11:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext)
DRV - [2008/04/15 11:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/04/15 11:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/04/15 11:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbgps.sys -- (ZTEusbgps)
DRV - [2008/04/15 11:17:32 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{6277A898-E263-4041-B463-DF13BD763F5C}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://eagent.farmersinsurance.com/
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 F7 89 C0 2E 28 CB 01 [binary data]
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..\SearchScopes,DefaultScope = {4675F48F-8AAA-4587-A5C5-D76130138482}
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=3b7fc524-29a8-11e1-8e12-001fd08149e9&q={searchTerms}
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..\SearchScopes\{4675F48F-8AAA-4587-A5C5-D76130138482}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..\SearchScopes\{6277A898-E263-4041-B463-DF13BD763F5C}: "URL" = http://www.bing.com/search?mkt=en-us&q=?FORM=MICCD1&q={searchTerms}
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={22CBD33C-6597-47E1-A095-8380820DC49A}&mid=695c58de235e47d6b412d1569665a01a-630f14d88c88f78d12f6037265eb8b1d7839be65&lang=en&ds=AVG&pr=fr&d=2011-10-17 12:38:28&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 46.23.70.176:3128

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Nathan\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nathan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nathan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/21 02:29:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 21:13:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/31 13:26:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/31 13:26:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/15 09:39:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/10 11:36:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/09 00:08:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 10:02:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Nathan\AppData\Roaming\Move Networks [2010/01/06 23:41:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/21 02:29:45 | 000,000,000 | ---D | M]

[2009/11/30 03:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Extensions
[2009/11/30 03:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2012/02/20 19:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\jkd87gk8.default\extensions
[2012/02/20 19:37:31 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\jkd87gk8.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/03/06 09:43:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 11:58:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/06/24 11:10:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/03/06 09:43:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/10/10 21:41:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/06 09:43:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/03 16:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2011/10/03 05:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012/03/12 12:10:21 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/10/10 21:41:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Nathan\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: Bejeweled = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: YouTube = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX HiQ = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Railroad Empire = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiikpbacijhipapclbjgoeieioojhlnj\2.0.2_0\
CHR - Extension: vshare plugin = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Baseball (Deluxe) = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbbmhkhnoadhdceaokdofknafciecdea\2.1_0\
CHR - Extension: AVG Do Not Track = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Gmail = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: RebateRobot = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmfbdeonhcacfoakminfhhgllaelfhda\2.2_0\

O1 HOSTS File: ([2012/05/11 23:14:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (RebateRobot BHO) - {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - C:\Program Files\RebateRobot\RebateRobot.dll (RebateRobot)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000..\Run: [Spotify Web Helper] C:\Users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: 360-value.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: billerweb.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: bristolwest.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: bwproducers.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: cisgroup.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: co-optimum.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmers.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmers.csod.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmersces.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmersflood.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmersinsurance.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmersleadcenter.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmerslife.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmersmarketpoint.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: foremostfarmers.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: foremoststar.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: ipipeline.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: msbexpress.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: seccas.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: zurich.com ([]* in Trusted sites)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://eagent.farmersinsurance.com/PLA/eAgent/icms/commonActiveX/smsx.cab (MeadCo ScriptX)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEAEC8ED-0698-44E1-8342-E4CD3DA1D97E}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/28 21:02:16 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
[2012/05/25 14:16:07 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\HPAppData
[2012/05/15 09:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/14 01:40:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/13 19:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vehicle Simulator
[2012/05/12 14:41:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2012/05/12 14:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2012/05/12 13:42:32 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Roaming
[2012/05/11 22:52:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/11 22:52:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/11 22:11:44 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2012/05/11 21:58:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2012/05/11 21:44:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\CatRoot2_2012512144144
[2012/05/10 23:35:24 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Malwarebytes
[2012/05/10 23:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/10 23:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/10 23:35:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/10 23:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/10 23:23:41 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/05/10 11:35:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/05/10 11:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/05/08 18:57:42 | 000,000,000 | ---D | C] -- C:\AVG2012
[2012/05/08 18:52:59 | 000,000,000 | ---D | C] -- C:\temp
[2012/05/08 12:10:15 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\temp
[2012/05/08 11:48:50 | 000,000,000 | ---D | C] -- C:\jgh2002j
[2012/05/07 18:07:36 | 000,000,000 | ---D | C] -- C:\JGH
[2012/05/06 23:01:52 | 004,490,225 | R--- | C] (Swearware) -- C:\Users\Nathan\Desktop\jgh.exe
[2012/05/06 23:00:04 | 000,295,248 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\dllcache
[2012/05/06 23:00:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/06 22:11:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/06 18:12:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/06 18:12:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/06 18:10:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/06 16:02:34 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mead & Company
[2012/05/06 15:58:31 | 000,000,000 | ---D | C] -- C:\DashConfig
[2012/05/06 15:25:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/05/06 15:24:58 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\PackageAware
[2012/05/06 14:58:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2012/05/06 14:41:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2012/05/06 13:42:21 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
[2012/05/06 13:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2012/05/06 13:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/05/06 13:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012/05/06 13:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012/05/06 13:14:29 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/05/06 13:14:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/05/06 13:14:28 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/05/06 13:14:28 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/05/06 13:14:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/28 21:02:44 | 000,080,384 | ---- | M] () -- C:\Users\Nathan\Desktop\MBRCheck.exe
[2012/05/28 21:02:38 | 000,337,441 | ---- | M] () -- C:\Users\Nathan\Desktop\FSS.exe
[2012/05/28 21:02:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
[2012/05/28 20:55:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-541655578-1006378361-3361530724-1000UA.job
[2012/05/28 20:48:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/28 20:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/28 17:30:13 | 099,389,867 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/28 14:55:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-541655578-1006378361-3361530724-1000Core.job
[2012/05/27 22:48:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/27 16:49:31 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/27 16:49:31 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/25 17:29:43 | 000,192,126 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/25 12:48:09 | 000,036,901 | ---- | M] () -- C:\Users\Nathan\Desktop\bilde.jpg
[2012/05/25 11:09:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/25 11:09:36 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/24 16:51:42 | 000,037,010 | ---- | M] () -- C:\Users\Nathan\Desktop\badger_stuck.jpg
[2012/05/23 22:57:59 | 000,002,403 | ---- | M] () -- C:\Users\Nathan\Desktop\Google Chrome.lnk
[2012/05/22 09:51:35 | 000,034,814 | ---- | M] () -- C:\Users\Nathan\AppData\Local\dt.dat
[2012/05/21 19:58:09 | 000,154,624 | ---- | M] () -- C:\Users\Nathan\Desktop\TDSSQlook.exe
[2012/05/15 21:15:19 | 000,625,482 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/15 21:15:19 | 000,108,104 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/15 09:39:22 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/13 19:10:50 | 000,001,004 | ---- | M] () -- C:\Users\Nathan\Desktop\Vehicle Simulator.lnk
[2012/05/11 23:14:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/11 22:51:46 | 004,490,225 | R--- | M] (Swearware) -- C:\Users\Nathan\Desktop\jgh.exe
[2012/05/11 22:19:31 | 000,000,488 | ---- | M] () -- C:\Users\Nathan\Documents\cc_20120511_221926.reg
[2012/05/10 23:35:20 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/10 11:40:24 | 000,000,017 | ---- | M] () -- C:\Users\Nathan\AppData\Local\resmon.resmoncfg
[2012/05/10 11:31:15 | 000,021,534 | ---- | M] () -- C:\Users\Nathan\Documents\cc_20120510_113111.reg
[2012/05/06 22:13:24 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/05/06 17:47:25 | 000,001,124 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue SpeedUpMyPC 2009.lnk
[2012/05/06 17:47:25 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Uniblue SpeedUpMyPC 2009.lnk
[2012/05/06 16:04:15 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/06 16:04:14 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/01 18:00:47 | 000,157,397 | ---- | M] () -- C:\Users\Nathan\Desktop\31-5137 (1).pdf
[2012/04/28 23:17:11 | 000,351,568 | ---- | M] () -- C:\Users\Nathan\Desktop\412175_10150682391575308_652370307_9788956_1433495807_o.jpg
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/28 21:02:45 | 000,080,384 | ---- | C] () -- C:\Users\Nathan\Desktop\MBRCheck.exe
[2012/05/28 21:02:34 | 000,337,441 | ---- | C] () -- C:\Users\Nathan\Desktop\FSS.exe
[2012/05/28 17:30:13 | 099,389,867 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/25 17:29:43 | 000,192,126 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/25 12:48:15 | 000,036,901 | ---- | C] () -- C:\Users\Nathan\Desktop\bilde.jpg
[2012/05/24 16:51:51 | 000,037,010 | ---- | C] () -- C:\Users\Nathan\Desktop\badger_stuck.jpg
[2012/05/22 09:51:35 | 000,034,814 | ---- | C] () -- C:\Users\Nathan\AppData\Local\dt.dat
[2012/05/21 19:58:13 | 000,154,624 | ---- | C] () -- C:\Users\Nathan\Desktop\TDSSQlook.exe
[2012/05/13 19:10:50 | 000,001,004 | ---- | C] () -- C:\Users\Nathan\Desktop\Vehicle Simulator.lnk
[2012/05/11 22:52:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/11 22:52:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/11 22:52:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/11 22:52:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/11 22:52:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/11 22:19:28 | 000,000,488 | ---- | C] () -- C:\Users\Nathan\Documents\cc_20120511_221926.reg
[2012/05/10 23:35:20 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/10 11:40:24 | 000,000,017 | ---- | C] () -- C:\Users\Nathan\AppData\Local\resmon.resmoncfg
[2012/05/10 11:36:55 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/10 11:31:13 | 000,021,534 | ---- | C] () -- C:\Users\Nathan\Documents\cc_20120510_113111.reg
[2012/05/06 17:43:29 | 000,001,124 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue SpeedUpMyPC 2009.lnk
[2012/05/06 17:43:29 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Uniblue SpeedUpMyPC 2009.lnk
[2012/05/01 18:00:47 | 000,157,397 | ---- | C] () -- C:\Users\Nathan\Desktop\31-5137 (1).pdf
[2012/04/28 23:17:18 | 000,351,568 | ---- | C] () -- C:\Users\Nathan\Desktop\412175_10150682391575308_652370307_9788956_1433495807_o.jpg
[2012/02/09 22:10:54 | 000,000,000 | ---- | C] () -- C:\Users\Nathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/09 21:31:47 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/10/10 21:56:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/08/15 10:29:31 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/08/15 10:29:31 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/18 23:30:37 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2010/12/06 14:18:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\ScratchRemoval.dll
[2010/09/30 22:57:12 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/09/30 22:57:12 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/09/30 22:57:12 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/09/30 22:57:12 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/09/30 22:57:12 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/09/30 22:57:12 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/09/30 22:57:12 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/09/30 22:57:12 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/09/30 22:57:12 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/09/30 22:57:12 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/09/30 22:57:12 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/09/30 22:57:12 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/09/30 22:57:12 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/09/30 22:57:12 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/09/30 22:57:12 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/09/30 22:57:12 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/09/30 22:48:22 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw7c.bin
[2010/09/30 22:47:49 | 000,000,044 | ---- | C] () -- C:\Windows\PERFV500P.ini
[2010/09/30 22:35:42 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

========== LOP Check ==========

[2011/05/31 23:15:52 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\.minecraft
[2009/11/13 22:01:17 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\acccore
[2009/11/16 17:04:15 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Amazon
[2011/11/18 01:35:56 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\AnvSoft
[2009/12/28 03:29:44 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Atari
[2011/10/17 12:36:22 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\AVG2012
[2012/01/10 22:04:43 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Blender Foundation
[2009/11/16 02:19:03 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Canon
[2011/11/16 22:14:27 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\com.amazon.music.uploader
[2012/05/10 09:49:58 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Dropbox
[2010/09/30 23:39:02 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\EPSON
[2009/11/30 03:01:59 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Flickr
[2012/05/06 16:01:32 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Free Download Manager
[2009/11/16 16:57:49 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Imagenomic
[2010/01/22 04:04:31 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\IrfanView
[2011/12/26 21:09:11 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Kalypso Media
[2009/11/16 00:00:24 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Leadertech
[2010/12/03 22:30:17 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Quest3D
[2009/12/28 13:39:28 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Red Kawa
[2009/12/29 16:02:29 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Regensoft
[2012/05/12 13:42:32 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Roaming
[2011/07/01 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Smith Micro
[2012/05/25 13:12:07 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Spotify
[2012/03/26 18:34:37 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\The Creative Assembly
[2012/01/03 14:33:27 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Tropico 4
[2012/01/27 17:52:09 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Ubisoft
[2012/05/06 17:47:06 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Uniblue
[2012/05/28 21:02:02 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\uTorrent
[2011/11/18 02:40:05 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Xilisoft
[2012/03/15 09:53:25 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

boatnerd06
2012-05-29, 04:19
Extras.txt


OTL Extras logfile created on: 5/28/2012 9:04:22 PM - Run 2
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\Nathan\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 56.82% Memory free
6.50 Gb Paging File | 4.59 Gb Available in Paging File | 70.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 11.88 Gb Free Space | 2.55% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 37.78 Gb Free Space | 4.06% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 0.01 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: NATHAN-PC | User Name: Nathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A452F3B-CAA0-4968-885C-B585428A6A1F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BEB123B-94E0-4CEC-A504-EA1943A331B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0F3E2EC3-6659-40C3-867B-07C0A391DD17}" = rport=139 | protocol=6 | dir=out | app=system |
"{15BBC1E2-D780-441A-82C7-00452EDFB1C1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1663770A-FA79-4BC5-A7AA-6EFA40974AFB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{18945B4A-4F13-4AB0-AA56-37F05723C3A2}" = rport=445 | protocol=6 | dir=out | app=system |
"{1A933D60-C164-4A56-A8AF-903EEF64AD42}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
"{23BC620A-0F65-4A61-BC5C-B4381D176FC4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{2B24A9A2-4FC3-4F93-8E0D-5F333A00FAAA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2FD91BAC-222B-4EC2-8388-318BDE91759B}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{33BA9F01-968D-41BC-8A8A-3E43275A43CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3410A725-C742-4E89-80F4-B1975DC90855}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{38BB65B3-8EF3-4DF1-A916-A7D6B6CB000A}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{44A313CA-B8C2-4EDB-BDDD-DD7A5A7566BE}" = lport=137 | protocol=17 | dir=in | app=system |
"{4815FFCF-75AB-48EB-9E55-6A5AAF3107F9}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A2AC5EC-4430-4DB6-973D-6563A2B83BD3}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{5317E39D-9D52-453D-ACDD-7C041A0153DB}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{551EC835-2F01-45F6-9CE5-7ED4564958B6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{553225E0-ACF4-4574-97A5-DF27AF7E640F}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{5760B206-C898-47E6-997C-F67E062BCD07}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60D55B4C-C4B9-4520-A687-8339BFDB3ECB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61977254-E344-4E24-8A5A-167CF93F40E7}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{61A7D874-5C2F-4C2A-A54E-A453A2952614}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{644D6143-7E46-4B57-A0D0-E3C8E5C0D4D0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{69117B67-4FBD-4A34-97E9-5D044F09541C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6B536988-B066-4D34-BAD3-71AF1C57C743}" = lport=3390 | protocol=6 | dir=in | app=system |
"{6FD158D5-BD47-4C67-95A6-12EC89A8E599}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{76D33988-D526-4C06-A83E-E542FFDBC622}" = lport=3390 | protocol=6 | dir=in | app=system |
"{787756B2-638A-4E90-BADC-9F47C1492433}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7BA5A8A4-2AE7-4769-89DE-D5372506B36B}" = lport=139 | protocol=6 | dir=in | app=system |
"{877BFF74-A34F-49F8-8C6B-E0625B5345FA}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8840038B-DC83-40B7-8AFD-141C2D75C6A0}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{88AA1225-D77E-4CEC-9DA8-7960B1F5BE87}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{9014E455-711F-4617-B481-E6C687087203}" = lport=10243 | protocol=6 | dir=in | app=system |
"{93725F4F-7FC6-4DF2-AB8F-AB469B189E93}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{9460EC6B-5A4D-498E-A4AF-5D0DEF971142}" = lport=10244 | protocol=6 | dir=in | app=system |
"{98BF8813-0AEC-447B-A713-A1C8E224F0F0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A1D11FBB-9292-4C2D-830D-0FCCBF0E268D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A42625B0-33A5-49DF-BDCD-374B3A1783BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A51A28B3-D59E-4ABD-97B5-704A2FB88049}" = lport=10244 | protocol=6 | dir=in | app=system |
"{A666313C-3379-41AE-A84E-F111F8503A9A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A6C40842-03F0-4790-98E8-49AAF8AEA448}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B5039E73-D569-459D-B29F-6E6942A855BF}" = lport=138 | protocol=17 | dir=in | app=system |
"{BC85A6A3-ACC0-47D0-9107-EE80B7182227}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{BD81E9D5-5507-4CF8-8C51-7F902E30434F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BEC4530B-3525-423D-8400-9C26520515C6}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{C1C00F81-E0B7-4BEF-8EFD-2C6DC065DBD1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C28A73A2-9DEA-4520-A5F2-311862B292C2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{C424701F-5FF7-45CA-85A1-B64F9DDFD96C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{CDEA7F42-284C-4C76-B2C0-63849CE69596}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{D0F8DC7C-D1E1-4239-B7EC-2AA008A20662}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{DFC84CBB-F778-4DAD-94BA-723C6E25912F}" = rport=138 | protocol=17 | dir=out | app=system |
"{E013BC8F-26FC-41C3-ADCC-6287A98FEF41}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E9990D0B-202A-48FE-81B9-09278DECAF38}" = lport=445 | protocol=6 | dir=in | app=system |
"{F6A104FB-A3DB-46CC-87BF-BD5F9BACDD58}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F8F5FBA9-77C0-4463-B05F-6D7126EEC2F1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004B053C-7106-47E6-89F6-5F932E0BF632}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{00880126-4799-462B-80AC-1E4D907558B8}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\inputserv.exe |
"{01B1B9DA-95B1-48E7-86F0-32E931FB9EA0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{01F6D4FF-B6FF-45A6-89D6-380855A3152E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{04D8BEC3-155F-4765-8880-ED0367C17F2A}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{0D7CC053-2F01-43FE-8529-8FCA1EA9AC9C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{11695B5B-6D93-4C63-8BE5-1CD75B57E90F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{1955E97E-9C07-46B6-B578-70B4B32BE4DA}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{197592AB-6462-486E-90BB-3A9896BF85A1}" = protocol=17 | dir=in | app=c:\program files\microsoft games\rise of nations\thrones.exe |
"{1981DC00-C263-45E8-9638-6C7E0929BDFD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{1B0CBA7B-6C0D-4B9A-AB53-C007D3BAD109}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1CA11C11-03B4-45C0-9C5F-D02BB0E7DAE1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{1ED5E498-6CD9-4823-8159-92523D6119F9}" = protocol=6 | dir=in | app=c:\users\nathan\appdata\local\akamai\netsession_win.exe |
"{2568159D-9477-4B10-96DB-A15EAA4F6013}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{27BB4EBE-B19E-44BD-A15E-096BE807D544}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2EE56045-373A-47C0-ABD7-6D4031DAAF40}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3030E610-5627-4E4D-99CA-4108A617AE64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3083D0B4-931A-4A37-B062-20E37A2E65DF}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{32114DEE-9454-4A21-905B-ED31921795A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3254EEA1-F003-4FE1-AB7C-0D95EF84519D}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{37559716-E8BF-4EB2-A6F9-2A8938A541C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3C3D618D-8C21-446E-A701-0E330F618B93}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{3DBF2B6A-8404-405B-B64C-AC0EE7B246FF}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe |
"{44C8751D-0A7A-4FDA-B9FB-8819996500E6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{453DE800-892C-48DC-AACC-26E554763F82}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{45A1C8A7-86E6-4997-BD41-07E636194830}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{464CA6DF-7693-4356-84F4-EA1010AC205D}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{47A8756A-9E3D-4932-858F-7ED90BDF68E6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{493BA7C4-FEFE-4BA3-991A-6A3D87D61841}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{4A165E71-D832-40E1-9678-3C127D41DBCE}" = protocol=6 | dir=in | app=c:\users\nathan\appdata\roaming\spotify\spotify.exe |
"{4AC6B872-1679-45F7-ABE1-DBB64D720AA4}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{4B1FFB41-3777-4BD0-9873-773B37036332}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{4B8BFB8E-8AD2-48A0-A6B4-64469BDB4125}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{4BFC95BD-0E12-4AE9-880C-A6EF2C5E3CCA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{4CECFE1B-6020-45D1-BE56-AC2DF4C06D27}" = protocol=17 | dir=in | app=c:\users\nathan\appdata\roaming\dropbox\bin\dropbox.exe |
"{4D322BBD-0732-4AC2-83C2-BCD63BF53A9A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rollercoaster tycoon 3 gold\rct3plus.exe |
"{4DF4C9FB-7ACA-4E55-82FE-9381A364EAAD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{5057EBA6-BAB5-4FD6-A1A1-7D54093DC2C9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{51B54271-90C6-45B3-8783-2E1A929D78B8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{533ABC04-0C62-4BFE-A203-4E6D8980C60D}" = protocol=6 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{54D1A701-8947-41A7-AAFA-793FEB476D3D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{54FA8460-ABB5-4123-B21B-4B8410F20F07}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{550ECA81-E0F5-40FE-B744-AA22E0C95C83}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{56B5F546-A7EC-467C-BCF3-8526A093F255}" = protocol=6 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{56D9B5FC-5C87-4A52-AE69-1E7B36799DC6}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe |
"{579AA5C9-6B7B-4EAF-871C-10C17B2DCA58}" = protocol=6 | dir=in | app=c:\users\nathan\appdata\roaming\dropbox\bin\dropbox.exe |
"{57C00378-F15F-4D10-B0A7-630FC4756DAD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe |
"{5B3C2F4A-4A29-4DD0-BFFA-DFC841AD341A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5DF4749E-643B-4533-B4DC-498278BE939C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{61DF4B3D-3120-4848-9FD9-7E8002F224FD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{62E21914-4B1B-4B6C-8052-D3CDA8A98702}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{63833263-AF52-4C78-ADED-C12F9C96DDDA}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{64042822-A249-4169-B1C5-D07F2ED94DEB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{672867DD-DEBE-4651-B9B4-BD706FE21AAD}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\srlogin.exe |
"{6E8BDC6E-7946-468E-83FF-B86C691893AE}" = protocol=6 | dir=out | app=c:\windows\ehome\mcrmgr.exe |
"{6FF19883-BBFB-4602-911E-ECD58ECA0166}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{707BA506-34B6-44D5-8CD3-BB7775CF5EA1}" = protocol=6 | dir=in | app=c:\program files\microsoft games\rise of nations\thrones.exe |
"{72063B18-6CEC-4328-9B54-BAC6039A3EC1}" = protocol=6 | dir=out | app=c:\windows\ehome\mcrmgr.exe |
"{74E08EA1-6BC1-4C96-A2AC-C8E35AFB0541}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{78B4B8FD-B922-4FBB-A1BF-D5890695EB2F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{79DB61CF-1185-4802-8484-D79530DB6C75}" = protocol=17 | dir=in | app=c:\users\nathan\appdata\local\akamai\netsession_win.exe |
"{840261C1-74D0-46BB-8646-BABD40BD3913}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{8570FE5B-3587-4B5B-8585-35E1BF6691FB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{85AE8BCE-9E28-4831-B2FE-A75EB57A48AE}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{869C0104-97F1-4422-9982-EEBA85054B2E}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{8B221514-77D1-4282-AC7E-B62C34465EB7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe |
"{8B4009A4-5382-4972-9B1D-EA94BC84AB8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{8B665357-B352-41F7-BD9F-F3E290217F50}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{8F9662CE-0BAB-49A0-B4B7-AAC2596BDAB2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{90A888C7-E048-4D0D-B0AD-BC363ACED5FD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{92398F70-999F-4AED-AC19-F3E85D2B616E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{92DAC024-3218-4373-8D45-7FA306A6AED3}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{979ED4C5-FD6C-42A9-A7B0-385E2608A7B5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{97F1CA41-FDE7-4701-B660-72FDDAB7F8F8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tropico 4\tropico4.exe |
"{996129C3-F436-4CAF-95A5-7E65CCE81CAB}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{9A02C211-266B-4B78-922C-F8D1CF9E924C}" = protocol=17 | dir=in | app=c:\users\nathan\appdata\roaming\spotify\spotify.exe |
"{9B467123-7C1C-4D3A-8ABB-634F69B4E6DA}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{9BA6CDF5-BCB2-4813-9A50-DE475F2FAD1C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9C8CF425-6487-4F5B-AF11-C187C57669CC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{9F113399-7A73-4753-B904-B4BDA10CC15D}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{9FE64682-31D4-467C-AD8C-F16D2653E8D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A067CB7F-C338-4D19-A02D-C879C66499C2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe |
"{A188356B-042C-43D1-A695-E860E7603632}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A21A3FE6-75E3-49FE-B1A1-8BCDB1A81E16}" = protocol=58 | dir=in | app=system |
"{A48F0EA6-284E-453F-AF48-592DCB8163FF}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{A813405F-4A4A-4CE4-98E9-48E12F8BBDAA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rollercoaster tycoon 3 gold\rct3plus.exe |
"{AA044495-BDEA-4B12-BF5F-89C17C3BA35B}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{AB95CC9F-D9EA-4F26-981D-08B965A72894}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{AEDA7674-606D-44A6-A88D-4A570B91B025}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{B0CBCF8D-E75F-49B7-BBEA-88EB1DF057E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{B15DFB48-6AD8-477A-90D6-C35B3415EBDD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B3C9C29A-5AAE-4B89-90EC-0D6D805355CB}" = protocol=6 | dir=out | app=system |
"{B6FDE48F-7B35-4F61-BC96-E76C4A294D20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BAE72955-8BDD-452E-B47E-FF7B721BAB5C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{BD4F0476-1F86-487F-AA60-785A80DF5BB1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{C019B98E-75E4-4764-9E9B-2AB8100EBC2C}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe |
"{C417D1DB-6937-4BF5-8DBE-2FB4DDF664BD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{C4DACC02-8E0F-4E7D-BB85-BD23266C9BD9}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{C53752AB-6693-4DB7-AE5B-F7AD1076B81F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{C82CBFBE-1A39-48BC-9DF9-A6A6F4002A7E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CAEA5CE3-1D89-4F30-AC80-3123480D727A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{CFCB3BB5-5235-4EFE-975F-2737A23CC990}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{D54C1118-3003-4C26-9AFD-B1C1B1E2FD57}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D6682BA6-F1CE-41EA-8039-7ECE03FB9924}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{D9520C34-5A90-4A5B-B20B-861CD24FD828}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tropico 4\tropico4.exe |
"{DF490F7A-7C38-4ADD-8224-8444A66ACCC9}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
"{E15C4724-4402-4FF8-8005-942D40AED1CB}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
"{E1D0F5C9-48A8-4EE9-A805-F452E6D9F897}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{E6910208-4F18-4DBD-A6E3-5400FBF79774}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{E77B8B04-9478-49A0-A101-CFFC149EE518}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{EC03625C-69D4-4F22-86F5-A16F37549055}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{EC7AF683-2898-4C88-95DB-4C54B3C07EC7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F10E3735-22D9-442E-9155-0E65FD98BB8F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tropico 4\tropico4.exe |
"{F1F0516F-CA24-4C23-9021-AB3094919465}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tropico 4\tropico4.exe |
"{F7173DB7-9ED7-45DF-82EF-595873C6377D}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe |
"{FB18338E-3233-4738-A88D-8CE3E5C06151}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{FE2CA579-7C62-4346-A9C4-7640506042F3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{2A4EB33F-A510-4512-83A8-CACBC189A06B}C:\users\nathan\downloads\spotify.exe" = protocol=6 | dir=in | app=c:\users\nathan\downloads\spotify.exe |
"TCP Query User{2C7FF758-B5ED-49EA-A2F0-52301F967741}C:\program files\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files\magictune premium\magictune.exe |
"TCP Query User{2D0A3CBA-C9A2-4FEF-9836-0CB266154102}C:\program files\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files\magictune premium\magictune.exe |
"TCP Query User{436C6A54-C3AD-4899-9D14-E6BA7FF5C021}C:\users\nathan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\nathan\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{4E39E453-306F-4553-A32A-3E39F3B2AD6C}C:\program files\tightvnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files\tightvnc\winvnc.exe |
"TCP Query User{729765E4-360F-4B2A-B6F2-4C98BE7F4F39}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{8A3E5C22-0EAF-484C-8E89-21110CF1C066}C:\users\nathan\downloads\spotify installer.exe" = protocol=6 | dir=in | app=c:\users\nathan\downloads\spotify installer.exe |
"TCP Query User{9A1479DB-7742-4514-BBDC-A99B8AF53680}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{9E5120CE-8151-4B64-B3E8-74F044DAE5AF}C:\users\nathan\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nathan\appdata\local\akamai\netsession_win.exe |
"TCP Query User{A10D49BE-EBE0-408C-A6E5-B1436528E3BF}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{A67CEBF0-E2A2-4B22-94B8-1F3A21B90773}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B8673798-6A54-47F9-8E21-E0F0666B3D31}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{BB3D3260-75FF-439E-AA47-D357B4A7CF06}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"TCP Query User{D326D483-EF29-4839-A9BC-4BB21152717C}C:\users\nathan\downloads\spotify installer.exe" = protocol=6 | dir=in | app=c:\users\nathan\downloads\spotify installer.exe |
"TCP Query User{E5F00BB3-F5FF-4EC8-8A64-D7ECBBA0AF88}C:\users\nathan\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\nathan\appdata\roaming\spotify\spotify.exe |
"TCP Query User{F1432713-C4C4-4405-9144-B32DA9E36DB3}C:\program files\google\google sketchup 8\sketchup.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 8\sketchup.exe |
"TCP Query User{F2BBC428-A4FA-4409-B487-C44E46D0D7EE}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{1FA10DE0-F0E9-43C9-A9D8-D905E7880DAA}C:\users\nathan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\nathan\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{269696D2-E59B-49FC-85D5-24207BE5FD4A}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{269AF8A5-CF9B-4EBD-B8B2-0C73551CB936}C:\program files\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files\magictune premium\magictune.exe |
"UDP Query User{30C53BF8-CD82-4380-878C-0E72D0C601BD}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{4DB9A561-E773-4029-A4AB-62D6F3782D47}C:\users\nathan\downloads\spotify installer.exe" = protocol=17 | dir=in | app=c:\users\nathan\downloads\spotify installer.exe |
"UDP Query User{4FA2FFCA-37A8-4C63-A392-311F39894BF3}C:\program files\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files\magictune premium\magictune.exe |
"UDP Query User{552F49D3-255A-4191-B8BC-CEE3EA9B6BC1}C:\program files\tightvnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files\tightvnc\winvnc.exe |
"UDP Query User{62FFB00B-FA7B-48F4-8D41-7E282C1E2D43}C:\users\nathan\downloads\spotify installer.exe" = protocol=17 | dir=in | app=c:\users\nathan\downloads\spotify installer.exe |
"UDP Query User{7290F67C-7198-4E2C-B472-E1CC1950115A}C:\users\nathan\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nathan\appdata\local\akamai\netsession_win.exe |
"UDP Query User{7BC6EB37-3BB6-4455-BC97-76E33A73A24A}C:\users\nathan\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\nathan\appdata\roaming\spotify\spotify.exe |
"UDP Query User{97F45FEA-6E8C-4D2B-A6B5-C8C5EC234625}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"UDP Query User{A1CD8AAB-D427-4274-9924-4B86FB83B022}C:\program files\google\google sketchup 8\sketchup.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 8\sketchup.exe |
"UDP Query User{A5B924D3-88CA-42F4-8FEC-1FEB5B2BD136}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{AB1AB7F6-D117-4B97-BFA5-B1AD42BD89F9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D75A720A-A9EC-49F8-981F-FD06D676969C}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"UDP Query User{EB1A8164-1D31-4483-8706-4C721B7D87F3}C:\users\nathan\downloads\spotify.exe" = protocol=17 | dir=in | app=c:\users\nathan\downloads\spotify.exe |
"UDP Query User{EB8C2B85-7A45-48DB-8507-4987C8A0A65B}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{25653817-9502-41A5-A24D-FED750611E98}" = EPSON Perfection V500 Photo Scanner Driver Update
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37D9C685-0F4B-2D8E-59E3-3CE151CE0051}" = ATI Catalyst Install Manager
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D3D1E03-D506-4163-B600-82EE27FC5A89}" = Microsoft Camera Codec Pack
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4283ACFF-437C-400E-A1C8-445B57CC145A}" = VMLite Workstation
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AAC5AE8-EDE6-44D4-AA87-E90870178FDE}" = Minitab 15 English
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5ED9E38C-9A96-49D8-89B3-92E278003FCF}" = TRS2006
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{624A02E4-8F95-43F6-9EF3-7E437AB9B80B}" = VZAccess Manager
"{635C3D63-D901-4119-9AD2-852D10DCB937}" = 3dem
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69F962F7-3761-4704-9E4B-24FF10F77111}" = MagicTune Premium
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B03B4E6-E3F9-11D5-B9D9-00D0B75C082C}" = Polaroid Dust and Scratch Removal v1.0.0.15.2e
"{7B4B0AA9-F97E-49C4-AE6F-D40580B65A22}" = onOne PerfectPresets
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E10A7CC-B4B4-4BF0-A75E-9F960D58AAC4}_is1" = RebateRobot for Online Shopping version 1.0.1
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_EXCEL_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_POWERPOINT_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{90120000-0019-0000-0000-0000000FF1CE}_PUBLISHER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0000-0000-0000000FF1CE}_PUBLISHER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOK_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_Access_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOK_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_Access_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOK_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_Access_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_EXCEL_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOK_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_POWERPOINT_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_Access_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_Access_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93F78676-9219-4C9D-9E24-FAA187C4DF1E}" = ZTE USB Drivers
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{964D07BE-460C-4862-B59C-49575B8F46DC}" = Google SketchUp Pro 8
"{9985ABB2-14F3-4825-B5AF-0EFB23F715CB}" = Badongo
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E051993-7665-FE91-148D-3B0855E57F70}" = Amazon MP3 Uploader
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83C6C34-3007-422A-9E56-A74996BCCDBD}" = LogMeIn
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDE1289F-4025-41A5-AD17-101DB4D82CA7}" = TRS2004
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0ACE207-0F90-402C-8CFA-2CB3D44CE689}" = Adobe Photoshop Lightroom 3.6
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DED4B209-F114-4D85-BADB-2D702B15D2D7}_is1" = LDraw Parts Library 2010-03
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E60B8506-DDC7-433d-AF9E-999D0F543C4A}" = 2570_Help
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EA7FE7AB-34AE-4e14-84C5-187E6EC0AB9B}" = 2570
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC346DB0-4207-4756-8283-26580372DAE3}" = Bloom
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F51C2A69-D2E2-4813-AAD7-618D2BF85DFD}" = AVG 2012
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F66D5732-C2A6-4f88-B8FE-AEDA10355FBD}" = 2570Trb
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Access" = Microsoft Office Access 2007
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"AuranTS2009_DLC2_is1" = Trainz 'PRR T1 - A Fleet of Modernism' Addon Pack
"AuranTS2009_is1" = TS2009: Murchsion Pack
"AVG" = AVG 2012
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Blender" = Blender
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Carbonite Backup" = Carbonite
"CCleaner" = CCleaner
"Cities XL 2011" = Cities XL 2011
"com.amazon.music.uploader" = Amazon MP3 Uploader
"DivX Setup.divx.com" = DivX Setup
"DPP" = Canon Utilities Digital Photo Professional 3.7
"Elite Proxy Switcher_is1" = Elite Proxy Switcher 1.18
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Scanner" = EPSON Scan
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EXCEL" = Microsoft Office Excel 2007
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Free Download Manager_is1" = Free Download Manager 3.0
"Free Studio_is1" = Free Studio version 4.3
"Game Booster_is1" = Game Booster 3
"GameSpy Arcade" = GameSpy Arcade
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"IrfanView" = IrfanView (remove only)
"Klinn's ElectroSet (RCT3)_is1" = Klinn's ElectroSet Version 2
"Klinn's Framework (RCT3)_is1" = Klinn's Framework Version 2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"NirSoft ShellExView" = NirSoft ShellExView
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OUTLOOK" = Microsoft Office Outlook 2007
"PeerGuardian_is1" = PeerGuardian 2.0
"PEVAssetX" = PEVSoft AssetX
"PEVattachmentmaker" = PEVSoft AttachmentMaker
"PEVImages2TGA" = PEVSoft Images2TGA
"PEVMesh_Viewer2" = PEVSoft Trainz Mesh Viewer 2
"PEVpm2im" = PEVSoft PM2IM 2
"PEVquickshadows" = PEVSoft QuickShadows
"PhotoStitch" = Canon Utilities PhotoStitch
"POWERPOINT" = Microsoft Office PowerPoint 2007
"PUBLISHER" = Microsoft Office Publisher 2007
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"RiseOfNationsExpansion 1.0" = Rise of Nations
"Ship Simulator Extremes_is1" = Ship Simulator Extremes
"Shipsim2008" = Ship Simulator 2008
"Shop for HP Supplies" = Shop for HP Supplies
"Silent Package Run-Time Sample" = EPSON Perfection V500P User's Guide
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SS2008 RED EAGLE SUPER PACK_is1" = SS2008 RED EAGLE SUPER PACK
"SS2008 RED JET SUPER PACK_is1" = SS2008 RED JET SUPER PACK
"Steam App 10500" = Empire: Total War
"Steam App 2700" = Rollercoaster Tycoon 3 Platinum
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 400" = Portal
"Steam App 57690" = Tropico 4
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"TightVNC_is1" = TightVNC 1.3.10
"Trainz Tuner" = Trainz Tuner
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"Uninstall_is1" = Uninstall 1.0.0.1
"Vehicle Simulator_is1" = Vehicle Simulator
"Videora iPod Converter" = Videora iPod Converter 5.03
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007
"Xilisoft HD Video Converter 6" = Xilisoft HD Video Converter 6
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"YouTube Downloader App" = YouTube Downloader App 2.03
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-541655578-1006378361-3361530724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows
"Akamai" = Akamai NetSession Interface
"BSC Cleanitol TM" = BSC Cleanitol TM
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"HMAS SUCCESS AOR304 - For Vehicle Simulator" = HMAS SUCCESS AOR304 - For Vehicle Simulator
"HMAS WESTRALIA AO195 - For Vehicle Simulator" = HMAS WESTRALIA AO195 - For Vehicle Simulator
"Move Media Player" = Move Media Player
"NAM Essentials" = NAM Essentials r85
"Network Addon Mod" = Network Addon Mod Version 29
"Network Widening Mod" = Network Widening Mod Version 1.1.1
"RealHighway Mod" = RealHighway Mod Version 4.1.0
"SC4Mapper" = SC4Mapper
"Spotify" = Spotify
"The Klub 17" = The Klub 17
"Traffic Simulator Configuration Tool" = Traffic Simulator Configuration Tool

boatnerd06
2012-05-29, 04:19
Extras.txt part 2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/15/2011 2:43:09 AM | Computer Name = Nathan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7600.16385,
time stamp: 0x4a5bccb3 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850,
time stamp: 0x4e21132b Exception code: 0x0000046b Fault offset: 0x00009673 Faulting
process id: 0x1698 Faulting application start time: 0x01ccba73f117bb36 Faulting application
path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 0cf5c552-26e8-11e1-ad13-001fd08149e9

Error - 12/16/2011 2:55:35 AM | Computer Name = Nathan-PC | Source = Application Hang | ID = 1002
Description = The program trainz.exe version 1.5.0.46957 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 6f1c Start
Time: 01ccbbbf416ea86f Termination Time: 32 Application Path: C:\Program Files\N3V
Games\TS12\bin\trainz.exe Report Id: ed783233-27b2-11e1-9551-001fd08149e9

Error - 12/16/2011 4:31:10 AM | Computer Name = Nathan-PC | Source = VSS | ID = 8193
Description =

Error - 12/16/2011 4:31:10 AM | Computer Name = Nathan-PC | Source = VSS | ID = 13
Description =

Error - 12/16/2011 4:31:10 AM | Computer Name = Nathan-PC | Source = VSS | ID = 8193
Description =

Error - 12/16/2011 6:57:28 PM | Computer Name = Nathan-PC | Source = Application Hang | ID = 1002
Description = The program trainz.exe version 1.5.0.46957 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2ea0 Start
Time: 01ccbc3a5208d78b Termination Time: 520 Application Path: C:\Program Files\N3V
Games\TS12\bin\trainz.exe Report Id: 91706235-282f-11e1-bd08-001fd08149e9

Error - 12/17/2011 6:10:09 PM | Computer Name = Nathan-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 12/18/2011 3:49:44 AM | Computer Name = Nathan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ContentManager.exe, version: 1.0.0.12345,
time stamp: 0x4da2381e Faulting module name: LIBEAY32.dll, version: 0.9.8.5, time
stamp: 0x45e4dd6e Exception code: 0xc0000005 Fault offset: 0x00041843 Faulting process
id: 0x940 Faulting application start time: 0x01ccbce9f87da41e Faulting application
path: C:\Program Files\N3V Games\TS12\bin\ContentManager.exe Faulting module path:
C:\Program Files\N3V Games\TS12\bin\LIBEAY32.dll Report Id: d949a7a4-294c-11e1-9dd5-001fd08149e9

Error - 12/19/2011 1:09:47 PM | Computer Name = Nathan-PC | Source = Application Hang | ID = 1002
Description = The program trainz.exe version 1.5.0.46957 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2630 Start
Time: 01ccbe6fcf871568 Termination Time: 813 Application Path: C:\Program Files\N3V
Games\TS12\bin\trainz.exe Report Id: 2568c37a-2a64-11e1-ad65-001fd08149e9

Error - 12/20/2011 7:19:28 PM | Computer Name = Nathan-PC | Source = Application Hang | ID = 1002
Description = The program trainz.exe version 1.5.0.46957 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 3e1c Start
Time: 01ccbf53d8649c7e Termination Time: 2400 Application Path: C:\Program Files\N3V
Games\TS12\bin\trainz.exe Report Id: fcf83f5b-2b60-11e1-9dd3-001fd08149e9

[ Media Center Events ]
Error - 2/9/2012 9:33:30 PM | Computer Name = Nathan-PC | Source = MCUpdate | ID = 0
Description = 8:33:29 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 2/9/2012 9:33:44 PM | Computer Name = Nathan-PC | Source = MCUpdate | ID = 0
Description = 8:33:30 PM - Failed to retrieve Broadband (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 2/9/2012 9:33:51 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 543
Description =

Error - 2/9/2012 11:13:26 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 543
Description =

Error - 2/10/2012 12:59:45 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 116
Description =

Error - 2/10/2012 1:32:16 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 701
Description =

Error - 2/10/2012 1:32:16 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 700
Description =

Error - 2/10/2012 1:34:12 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 701
Description =

Error - 2/10/2012 1:36:12 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =

Error - 2/10/2012 1:36:19 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 112
Description =

[ OSession Events ]
Error - 2/3/2010 3:52:57 AM | Computer Name = Nathan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23973
seconds with 420 seconds of active time. This session ended with a crash.

Error - 3/1/2012 7:47:58 PM | Computer Name = Nathan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14312
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 3/31/2012 2:44:05 AM | Computer Name = Nathan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 50650
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/26/2012 11:35:04 PM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/27/2012 12:25:43 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/27/2012 12:52:29 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/27/2012 3:49:29 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/27/2012 7:15:15 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/27/2012 9:09:19 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/27/2012 10:43:07 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/27/2012 10:28:44 PM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/28/2012 10:07:33 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/28/2012 11:17:29 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =


< End of report >

boatnerd06
2012-05-29, 04:21
FSS.txt

Farbar Service Scanner Version: 27-05-2012
Ran by Nathan (administrator) on 28-05-2012 at 21:20:29
Running from "C:\Users\Nathan\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

boatnerd06
2012-05-29, 04:23
MBRCheckLog

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: EP45-UD3P
Logical Drives Mask: 0x00006e7d

Kernel Drivers (total 201):
0x82E3A000 \SystemRoot\system32\ntkrnlpa.exe
0x82E03000 \SystemRoot\system32\halmacpi.dll
0x80B9B000 \SystemRoot\system32\kdcom.dll
0x8BA39000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8BABE000 \SystemRoot\system32\PSHED.dll
0x8BACF000 \SystemRoot\system32\BOOTVID.dll
0x8BAD7000 \SystemRoot\system32\CLFS.SYS
0x8BB19000 \SystemRoot\system32\CI.dll
0x8BC37000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BCA8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BCB6000 \SystemRoot\System32\Drivers\spnn.sys
0x8BDB7000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8BDC0000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8BE39000 \SystemRoot\system32\drivers\ACPI.sys
0x8BE81000 \SystemRoot\system32\drivers\msisadrv.sys
0x8BE89000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8BE94000 \SystemRoot\system32\drivers\pci.sys
0x8BEBE000 \SystemRoot\System32\drivers\partmgr.sys
0x8BECF000 \SystemRoot\system32\drivers\volmgr.sys
0x8BEDF000 \SystemRoot\System32\drivers\volmgrx.sys
0x8BF2A000 \SystemRoot\system32\drivers\pciide.sys
0x8BF31000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8BF3F000 \SystemRoot\System32\drivers\mountmgr.sys
0x8BF55000 \SystemRoot\system32\drivers\vmbus.sys
0x8BF7F000 \SystemRoot\system32\drivers\winhv.sys
0x8BF91000 \SystemRoot\system32\drivers\atapi.sys
0x8BF9A000 \SystemRoot\system32\drivers\ataport.SYS
0x8BFBD000 \SystemRoot\system32\drivers\amdxata.sys
0x8BFC6000 \SystemRoot\system32\drivers\fltmgr.sys
0x8BE00000 \SystemRoot\system32\drivers\fileinfo.sys
0x8BE11000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8C00C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C13B000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C166000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C179000 \SystemRoot\System32\Drivers\cng.sys
0x8C1D6000 \SystemRoot\System32\drivers\pcw.sys
0x8C1E4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C23E000 \SystemRoot\system32\drivers\ndis.sys
0x8C2F5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C333000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C408000 \SystemRoot\System32\drivers\tcpip.sys
0x8C552000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C583000 \SystemRoot\system32\drivers\vmstorfl.sys
0x8C58C000 \SystemRoot\system32\drivers\volsnap.sys
0x8C5CB000 \SystemRoot\System32\Drivers\spldr.sys
0x8C5D3000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C358000 \SystemRoot\System32\Drivers\mup.sys
0x8C400000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C368000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C39A000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C3AB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C3D0000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8C3D7000 \SystemRoot\system32\DRIVERS\avgidshx.sys
0x8C211000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C230000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8C1ED000 \SystemRoot\System32\Drivers\Null.SYS
0x8C1F4000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C3FC000 \SystemRoot\system32\drivers\MTiCtwl.sys
0x8C000000 \SystemRoot\System32\drivers\vga.sys
0x8BC00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BE1B000 \SystemRoot\System32\drivers\watchdog.sys
0x8BE28000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BE30000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BC21000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8BC29000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BDE6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BBC4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BDF4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9203B000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x92082000 \SystemRoot\System32\DRIVERS\netbt.sys
0x920B4000 \SystemRoot\system32\drivers\afd.sys
0x9210E000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x92117000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x9211E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9213D000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x9214D000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x9215E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9216C000 \SystemRoot\system32\DRIVERS\serial.sys
0x92186000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92199000 \SystemRoot\system32\drivers\vpcvmm.sys
0x921E0000 \SystemRoot\system32\drivers\vmliteusbmon.sys
0x92000000 \SystemRoot\system32\drivers\vmlitedrv.sys
0x92007000 \SystemRoot\system32\drivers\VBoxDrv.sys
0x92029000 \SystemRoot\system32\drivers\termdd.sys
0x9262B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9266C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92676000 \SystemRoot\system32\drivers\mssmbios.sys
0x92680000 \SystemRoot\System32\drivers\discache.sys
0x9268C000 \SystemRoot\system32\drivers\csc.sys
0x926F0000 \SystemRoot\System32\Drivers\dfsc.sys
0x92708000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x92716000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x9274D000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x9276E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x93205000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x93D0D000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x93D0F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x93DC6000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92780000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9278B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x927D6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x92600000 \SystemRoot\system32\drivers\HDAudBus.sys
0x8BBDB000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x94038000 \SystemRoot\system32\DRIVERS\atinavrr.sys
0x94141000 \SystemRoot\system32\DRIVERS\ks.sys
0x94175000 \SystemRoot\system32\DRIVERS\NCREMOTEPCI.SYS
0x94179000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9417B000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x9417E000 \SystemRoot\system32\drivers\1394ohci.sys
0x941AB000 \SystemRoot\system32\DRIVERS\fdc.sys
0x941B6000 \SystemRoot\system32\DRIVERS\serenum.sys
0x941C0000 \SystemRoot\system32\DRIVERS\parport.sys
0x941D8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x94000000 \SystemRoot\System32\Drivers\a1ar6w9g.SYS
0x941DE000 \SystemRoot\system32\drivers\CompositeBus.sys
0x941EB000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0x941EC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x927E5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9261F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x94624000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9463C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x94653000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9466A000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
0x94681000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x9468B000 \SystemRoot\system32\drivers\kbdclass.sys
0x94698000 \SystemRoot\system32\drivers\mouclass.sys
0x946A5000 \SystemRoot\system32\DRIVERS\vmlitestor.sys
0x946CA000 \SystemRoot\system32\DRIVERS\storport.sys
0x94712000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
0x9472C000 \SystemRoot\system32\drivers\swenum.sys
0x9472E000 \SystemRoot\system32\drivers\umbus.sys
0x9473C000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x94754000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x94761000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x94797000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x947DB000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x947E5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x94A35000 \SystemRoot\system32\drivers\HdAudio.sys
0x94A85000 \SystemRoot\system32\drivers\portcls.sys
0x94AB4000 \SystemRoot\system32\drivers\drmk.sys
0x94ACD000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x94AE4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x94AFB000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x94B05000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x94B0C000 \SystemRoot\system32\drivers\hidusb.sys
0x94B17000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x94B2A000 \SystemRoot\system32\drivers\kbdhid.sys
0x94B36000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x94B41000 \SystemRoot\system32\DRIVERS\point32.sys
0x94B4A000 \SystemRoot\system32\DRIVERS\netr28u.sys
0x94BF3000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x94A00000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x94A0E000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x94A19000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x94600000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x94E0F000 \SystemRoot\System32\Drivers\fastfat.SYS
0x94E39000 \SystemRoot\System32\Drivers\crashdmp.sys
0x94E46000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x94E51000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x94E5A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9CB30000 \SystemRoot\System32\win32k.sys
0x94E6B000 \SystemRoot\System32\drivers\Dxapi.sys
0x94E75000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9CD90000 \SystemRoot\System32\TSDDD.dll
0x9CDC0000 \SystemRoot\System32\cdd.dll
0x9CA00000 \SystemRoot\System32\ATMFD.DLL
0x94E80000 \SystemRoot\system32\drivers\luafv.sys
0x94E9B000 \SystemRoot\system32\drivers\WudfPf.sys
0x94EB5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x94EC5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x94F0B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x94F1B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x94F2E000 \SystemRoot\system32\drivers\HTTP.sys
0x94FB3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x94FD4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x94FED000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA343B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA345E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA3499000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA34B4000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3504000 \SystemRoot\System32\DRIVERS\srv.sys
0xA3556000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xA355D000 \SystemRoot\system32\DRIVERS\avgidsshimx.sys
0xA3560000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0xA3562000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
0xABA27000 \SystemRoot\system32\drivers\peauth.sys
0xABABE000 \SystemRoot\System32\Drivers\secdrv.SYS
0xABAC8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xABAD5000 \SystemRoot\system32\DRIVERS\avgidsfilterx.sys
0xABADA000 \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
0xABAFB000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xABB1C000 \SystemRoot\System32\drivers\rdpdr.sys
0xABB41000 \SystemRoot\system32\drivers\tdtcp.sys
0xABB4C000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xABB59000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xABBF5000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x776A0000 \Windows\System32\ntdll.dll
0x47A30000 \Windows\System32\smss.exe
0x778E0000 \Windows\System32\apisetschema.dll
0x10000000 \Program Files\Alcohol Soft\Alcohol 52\alcoholx.dll

Processes (total 75):
0 System Idle Process
4 System
280 C:\Windows\System32\smss.exe
364 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
420 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
680 csrss.exe
748 csrss.exe
756 C:\Windows\System32\wininit.exe
796 C:\Windows\System32\services.exe
820 C:\Windows\System32\lsass.exe
828 C:\Windows\System32\lsm.exe
908 C:\Windows\System32\winlogon.exe
980 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\nvvsvc.exe
1080 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\svchost.exe
1504 C:\Windows\System32\nvvsvc.exe
1576 C:\Windows\System32\svchost.exe
1768 C:\Windows\System32\spoolsv.exe
1804 C:\Windows\System32\svchost.exe
576 PrintIsolationHost.exe
692 C:\Windows\System32\svchost.exe
1064 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1528 C:\Windows\System32\dwm.exe
1636 C:\Windows\explorer.exe
1544 C:\Windows\System32\taskhost.exe
944 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
2064 C:\Program Files\Bonjour\mDNSResponder.exe
2132 C:\Windows\System32\svchost.exe
2168 C:\Windows\System32\svchost.exe
2292 C:\Windows\System32\svchost.exe
2360 C:\Windows\System32\svchost.exe
2440 C:\Windows\System32\svchost.exe
2516 C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
2544 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2668 C:\Program Files\AVG\AVG2012\avgidsagent.exe
2716 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2984 C:\Program Files\Microsoft IntelliType Pro\itype.exe
2992 C:\Program Files\iTunes\iTunesHelper.exe
3000 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3008 C:\Program Files\AVG\AVG2012\avgtray.exe
3036 C:\Users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
3640 C:\Program Files\iPod\bin\iPodService.exe
3712 C:\Windows\System32\SearchIndexer.exe
3740 C:\Program Files\AVG\AVG2012\avgnsx.exe
3748 C:\Program Files\AVG\AVG2012\avgemcx.exe
3860 C:\Windows\System32\svchost.exe
2344 WUDFHost.exe
5416 C:\Windows\System32\svchost.exe
5024 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
4568 C:\Windows\System32\conhost.exe
5468 C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
5160 C:\Windows\System32\conhost.exe
5480 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
1340 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
5092 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
4644 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
4956 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
3624 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
5676 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
5988 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
1480 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
4440 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
4616 C:\Windows\System32\notepad.exe
5940 C:\Windows\System32\notepad.exe
5208 C:\Windows\System32\audiodg.exe
2772 WmiPrvSE.exe
4584 <unknown>
4544 <unknown>
3412 C:\Users\Nathan\Desktop\MBRCheck.exe
6124 C:\Windows\System32\conhost.exe
5352 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3500320AS, Rev: SD15
PhysicalDrive1 Model Number: WDCWD1001FALS-00J7B0, Rev: 05.00K05
PhysicalDrive2 Model Number: SeagatePortable, Rev: 0130

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
931 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
931 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Scolabar
2012-05-29, 13:22
Hi boatnerd06,

Thank you for the logs and update. :)

Please confirm what OS, if any, is installed on the F: drive.

Again, please remember to read the instructions below carefully before executing and perform the steps exactly in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before proceeding please make sure any open programs are closed.

Step 1:
MGA Diagnostics

Please download this tool (http://go.microsoft.com/fwlink/?linkid=52012) from Microsoft and Save it to your Desktop.
Right-click on MGADiag.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Click on the Continue button to proceed.
The program will now run. It will take a short while to complete its diagnosis, please be patient.
When it has finished click on the Copy button.
Go to Start > All Programs > Accessories > Notepad.
This will open an empty Notepad file.
Paste the copied contents into the new Notepad window and Save the file as mgadiag.txt to your Desktop.
Click on the OK button to exit the MGA Diagnostics program.
Then Copy and Paste the entire contents of mgadiag.txt into your next reply.
Step 2:
WVCheck

Please download WVCheck (http://artellos.com/ccount/click.php?id=7) and Save it to your Desktop.
Right-click on WVCheck.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Read the comments on the screen and then press Enter.
The scan can take a while depending on the size of your hard drive.
Once the program is finished, a scan report named WVCheck_hhmm_dd-mm-yyyy.txt will automatically saved to your Desktop and opened in Notepad.
Please Copy and Paste the entire contents of WVCheck_hhmm_dd-mm-yyyy.txt into your next reply.
Step 3:
CKScanner

Please download CKScanner (http://downloads.malwareremoval.com/CKScanner.exe) and Save it to your Desktop.
Make sure that CKScanner.exe is on your Desktop before running the application!
Right-click on CKScanner.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Then click on the Search For Files button.
When the scan has finished (- the hourglass cursor will disappear when the scan has completed) click on the Save List To File button.
A text file will be created on your Desktop named ckfiles.txt. A message box will verify the file saved.
Note: Please run the program ONCE only.
Click on the Exit button to close the program.
Double-click on the ckfiles.txt file to open it.
Then Copy and Paste the entire contents of the file into your next reply.
Step 4:
Include in Next Post

Did you have any problems carrying out the instructions?
What OS, if any, is installed on the F: drive?
mgadiag.txt.
WVCheck_hhmm_dd-mm-yyyy.txt.
ckfiles.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

boatnerd06
2012-05-29, 16:39
Their is no OS running on the F:/ drive, however it does seem to be infected with something as their is a $RECYCLE.BIN folder

mgadiag.txt


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-TV7MC-7MV9J-KJ3TY
Windows Product Key Hash: lCbeR4W9iEXWpqMYUWEzLtdzIi8=
Windows Product ID: 00371-152-2839481-85843
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {28DB8098-55C5-4C0D-833E-906BF774C36D}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120305-1505
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Access 2007 - 100 Genuine
Microsoft Office Excel 2007 - 103 Blocked VLK
Microsoft Office PowerPoint 2007 - 103 Blocked VLK
Microsoft Office Publisher 2007 - 100 Genuine
Microsoft Office Outlook 2007 - 100 Genuine
Microsoft Office Word 2007 - 103 Blocked VLK
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{28DB8098-55C5-4C0D-833E-906BF774C36D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-KJ3TY</PKey><PID>00371-152-2839481-85843</PID><PIDType>5</PIDType><SID>S-1-5-21-541655578-1006378361-3361530724</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>EP45-UD3P</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F6</Version><SMBIOSVersion major="2" minor="4"/><Date>20081114000000.000000+000</Date></BIOS><HWID>D1CC3907018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0015-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Access 2007</Name><Ver>12</Ver><Val>437005356259D86</Val><Hash>G5Qjl2nuHEjAmcG9TDdU8SHIOkc=</Hash><Pid>89384-707-0356806-63147</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0016-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Excel 2007</Name><Ver>12</Ver><Val>437005356259D86</Val><Hash>G5Qjl2nuHEjAmcG9TDdU8SHIOkc=</Hash><Pid>89385-707-0356806-63210</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0018-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office PowerPoint 2007</Name><Ver>12</Ver><Val>437005356259D86</Val><Hash>G5Qjl2nuHEjAmcG9TDdU8SHIOkc=</Hash><Pid>89400-707-0356806-63925</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0019-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Publisher 2007</Name><Ver>12</Ver><Val>437005356259D86</Val><Hash>G5Qjl2nuHEjAmcG9TDdU8SHIOkc=</Hash><Pid>89404-707-0356806-63595</Pid><PidType>14</PidType></Product><Product GUID="{90120000-001A-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Outlook 2007</Name><Ver>12</Ver><Val>437005356259D86</Val><Hash>G5Qjl2nuHEjAmcG9TDdU8SHIOkc=</Hash><Pid>89399-707-0356806-63075</Pid><PidType>14</PidType></Product><Product GUID="{90120000-001B-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Word 2007</Name><Ver>12</Ver><Val>437005356259D86</Val><Hash>G5Qjl2nuHEjAmcG9TDdU8SHIOkc=</Hash><Pid>89407-707-0356806-63723</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00170-152-283948-01-1033-7600.0000-3172009
Installation ID: 012843030550324256174432524860840414971714476816553442
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: KJ3TY
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 5/29/2012 9:35:50 AM

Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000003EFFF
Event Time Stamp: 5:27:2012 16:44
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\wat\watadminsvc.exe
Tampered File: %systemroot%\system32\wat\watweb.dll
Tampered File: %systemroot%\system32\wat\npwatweb.dll
Tampered File: %systemroot%\system32\wat\watux.exe
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
Tampered File: %systemroot%\system32\drivers\spldr.sys


HWID Data-->
HWID Hash Current: RAAAAAIABgABAAIAAgABAAAABQABAAEA6GGE2Wrw7+2ENAiFwo8MNUa85L+gRc5w4HmC3o3vKs9OEwbV1jCuJa8lRso=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC GBT GBTUACPI
FACP GBT GBTUACPI
HPET GBT GBTUACPI
MCFG GBT GBTUACPI
EUDS GBT
SSDT PmRef CpuPm

boatnerd06
2012-05-29, 18:27
wvcheck.txt

Windows Validation Check
Version: 1.9.12.5
Log Created On: 0938_29-05-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Do not download or install updates automatically.
-----------------------
Last Success Time for Update Detection: 2012-05-06 17:09:50
Last Success Time for Update Download: 2012-05-06 17:14:37
Last Success Time for Update Installation: 2012-05-06 17:21:34


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 10/10/2011 21:57:4
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 13/7/2009 19:36:22
Modification; 13/7/2009 21:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_ff66c6b2047a22cd\slwga.dll
Size: 14336 bytes
Creation; 26/5/2011 15:20:40
Modification; 21/12/2010 0:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_ffc423831db91904\slwga.dll
Size: 14336 bytes
Creation; 26/5/2011 15:20:40
Modification; 21/12/2010 0:29:6
MD5; 2332de32759ebcc691850e092b2564a6
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 10/10/2011 21:57:4
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - f1dd3acaee5e6b4bbc69bc6df75cef66


-------- End of File, program close at 1046_29-05-2012 --------

boatnerd06
2012-05-29, 19:52
ckflies.txt


CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\n3v games\ts12\userdata\backups\11-12-13\crackedmud\config.chump
c:\program files\n3v games\ts12\userdata\backups\11-12-13\crackedmud\crackedmud.texture.txt
c:\program files\n3v games\ts12\userdata\backups\11-12-14\cb_crackedrock\cb_crackedrock.texture.txt
c:\program files\n3v games\ts12\userdata\backups\11-12-14\cb_crackedrock\config.chump
c:\program files\n3v games\ts12\userdata\backups\11-12-27\tunnel prr 2 track stone concrete crack cover\ballest dark.texture.txt
c:\program files\n3v games\ts12\userdata\backups\11-12-27\tunnel prr 2 track stone concrete crack cover\ballest dark.tga
c:\program files\n3v games\ts12\userdata\backups\11-12-27\tunnel prr 2 track stone concrete crack cover\bricks old daek.texture.txt
c:\program files\n3v games\ts12\userdata\backups\11-12-27\tunnel prr 2 track stone concrete crack cover\bricks old daek.tga
c:\program files\n3v games\ts12\userdata\backups\11-12-27\tunnel prr 2 track stone concrete crack cover\config.chump
c:\program files\n3v games\ts12\userdata\backups\11-12-27\tunnel prr 2 track stone concrete crack cover\tunnel bore cover 2t.im
c:\program files\n3v games\ts12\userdata\backups\11-12-27\tunnel prr 2 track stone concrete crack cover\tunnel cover red.texture.txt
c:\program files\n3v games\ts12\userdata\backups\11-12-27\tunnel prr 2 track stone concrete crack cover\tunnel cover red.tga
c:\program files\n3v games\ts12\userdata\backups\12-01-23\coal_bagging_hopper\cookiesheet_crackle_ofsq.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-01-26\crackers boxed on pallet\config.chump
c:\program files\n3v games\ts12\userdata\backups\12-01-26\crackers boxed on pallet\icon.tga
c:\program files\n3v games\ts12\userdata\backups\12-01-27\m6ns_a\m6-a_body\cookiesheet_crackle_ofsq.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-13\tunnel prr 1t crack cover\ballest dark.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-13\tunnel prr 1t crack cover\ballest dark.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-13\tunnel prr 1t crack cover\bricks old daek.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-13\tunnel prr 1t crack cover\bricks old daek.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-13\tunnel prr 1t crack cover\bricks old.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-13\tunnel prr 1t crack cover\config.chump
c:\program files\n3v games\ts12\userdata\backups\12-02-13\tunnel prr 1t crack cover\tunnel bore cover 1t.im
c:\program files\n3v games\ts12\userdata\backups\12-02-13\tunnel prr 1t crack cover\tunnel cover red.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-13\tunnel prr 1t crack cover\tunnel cover red.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-25\cracked_cement_a1\config.chump
c:\program files\n3v games\ts12\userdata\backups\12-02-25\cracked_cement_a1\cracked-cement-a1-normal.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-25\cracked_cement_a1\cracked-cement-a1-normal.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-25\cracked_cement_a1\cracked-cement-a1.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-25\cracked_cement_a1\cracked-cement-a1.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-25\cracked_cement_a1\preview.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-25\cracked_cement_a1\user_license.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 1\config.chump
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 1\normal.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 1\normal.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 1\soil cracked 1.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 1\soil cracked 1.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 2\config.chump
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 2\normal.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 2\normal.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 2\soil cracked 2.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 2\soil cracked 2.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 3\config.chump
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 3\normal.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 3\normal.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 3\soil cracked 3.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 3\soil cracked 3.tga
c:\program files\n3v games\ts12\userdata\backups\12-03-06\kuid2 130544 28011 2\wooden_cracked_plank_7040207.texture
c:\program files\n3v games\ts12\userdata\backups\12-03-06\kuid2 130544 28011 2\wooden_cracked_plank_7040207.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-03-06\kuid2 130544 28011 2\wooden_cracked_plank_7040207.tga
c:\program files\n3v games\ts12\userdata\backups\12-03-06\kuid2 38793 270001 1\cookiesheet_crackle_ofsq.texture
c:\program files\n3v games\ts12\userdata\backups\12-03-06\kuid2 38793 270001 1\cookiesheet_crackle_ofsq.texture.txt
c:\program files\n3v games\ts12\userdata\local\hash-23\kuid 5204 21041\cb_crackedrock_brown.texture
c:\program files\n3v games\ts12\userdata\local\hash-32\kuid 5204 21024\cb_crackedrock.texture
c:\program files\n3v games\ts12\userdata\local\hash-32\kuid 5204 21024\cb_crackedrock.texture.txt
c:\program files\n3v games\ts12\userdata\local\hash-93\kuid2 130544 15013 3\m6-a_body\cookiesheet_crackle_ofsq.texture
c:\program files\n3v games\ts12\userdata\local\hash-93\kuid2 130544 15013 3\m6-a_body\cookiesheet_crackle_ofsq.texture.txt
c:\program files\n3v games\ts12\userdata\local\hash-9b\kuid2 453099 1179 1\cracked-cement-a1-normal.texture
c:\program files\n3v games\ts12\userdata\local\hash-9b\kuid2 453099 1179 1\cracked-cement-a1-normal.texture.txt
c:\program files\n3v games\ts12\userdata\local\hash-9b\kuid2 453099 1179 1\cracked-cement-a1-normal.tga
c:\program files\n3v games\ts12\userdata\local\hash-9b\kuid2 453099 1179 1\cracked-cement-a1.texture
c:\program files\n3v games\ts12\userdata\local\hash-9b\kuid2 453099 1179 1\cracked-cement-a1.texture.txt
c:\program files\n3v games\ts12\userdata\local\hash-9b\kuid2 453099 1179 1\cracked-cement-a1.tga
c:\program files\n3v games\ts12\userdata\original\hash-21\kuid 5204 21043\cb_crackedrock_ltbrown.texture
c:\program files\n3v games\ts12\userdata\original\hash-21\kuid 5204 21043\cb_crackedrock_ltbrown.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-32\kuid 5204 21024\cb_crackedrock.texture
c:\program files\n3v games\ts12\userdata\original\hash-32\kuid 5204 21024\cb_crackedrock.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-40\kuid2 334896 1133 1\soil cracked 2.texture
c:\program files\n3v games\ts12\userdata\original\hash-40\kuid2 334896 1133 1\soil cracked 2.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-40\kuid2 334896 1133 1\soil cracked 2.tga
c:\program files\n3v games\ts12\userdata\original\hash-41\kuid2 334896 1132 1\soil cracked 1.texture
c:\program files\n3v games\ts12\userdata\original\hash-41\kuid2 334896 1132 1\soil cracked 1.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-41\kuid2 334896 1132 1\soil cracked 1.tga
c:\program files\n3v games\ts12\userdata\original\hash-43\kuid2 334896 1134 1\soil cracked 3.texture
c:\program files\n3v games\ts12\userdata\original\hash-43\kuid2 334896 1134 1\soil cracked 3.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-43\kuid2 334896 1134 1\soil cracked 3.tga
c:\program files\n3v games\ts12\userdata\original\hash-64\kuid2 93677 10700 2\cracked.texture
c:\program files\n3v games\ts12\userdata\original\hash-64\kuid2 93677 10700 2\cracked.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-64\kuid2 93677 10700 2\cracked.tga
c:\program files\n3v games\ts12\userdata\original\hash-70\kuid2 65769 22222 1\cookiesheet_crackle_ofsq.texture
c:\program files\n3v games\ts12\userdata\original\hash-70\kuid2 65769 22222 1\cookiesheet_crackle_ofsq.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-70\kuid2 65769 22222 1\cookiesheet_crackle_ofsq.tga
c:\program files\n3v games\ts12\userdata\original\hash-93\kuid2 130544 15013 3\m6-a_body\cookiesheet_crackle_ofsq.texture
c:\program files\n3v games\ts12\userdata\original\hash-93\kuid2 130544 15013 3\m6-a_body\cookiesheet_crackle_ofsq.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-9b\kuid2 453099 1179 1\cracked-cement-a1-normal.texture
c:\program files\n3v games\ts12\userdata\original\hash-9b\kuid2 453099 1179 1\cracked-cement-a1-normal.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-9b\kuid2 453099 1179 1\cracked-cement-a1-normal.tga
c:\program files\n3v games\ts12\userdata\original\hash-9b\kuid2 453099 1179 1\cracked-cement-a1.texture
c:\program files\n3v games\ts12\userdata\original\hash-9b\kuid2 453099 1179 1\cracked-cement-a1.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-9b\kuid2 453099 1179 1\cracked-cement-a1.tga
c:\program files\n3v games\ts12\userdata\original\hash-a9\kuid 2300 21007\crackedmud.texture
c:\program files\n3v games\ts12\userdata\original\hash-a9\kuid 2300 21007\crackedmud.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-ac\kuid2 130544 15002 6\m6-b_body\cookiesheet_crackle_ofsq.texture
c:\program files\n3v games\ts12\userdata\original\hash-ac\kuid2 130544 15002 6\m6-b_body\cookiesheet_crackle_ofsq.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-ad\kuid2 130544 15003 6\m6-a_body\cookiesheet_crackle_ofsq.texture
c:\program files\n3v games\ts12\userdata\original\hash-ad\kuid2 130544 15003 6\m6-a_body\cookiesheet_crackle_ofsq.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-fe\kuid2 117948 1163 2\cookiesheet_crackle_ofsq.texture
c:\program files\n3v games\ts12\userdata\original\hash-fe\kuid2 117948 1163 2\cookiesheet_crackle_ofsq.texture.txt
c:\program files\steam\steamapps\common\empire total war\data\ui\campaign ui\pips\military-crackdown-repression.tga
c:\programdata\adobe\photoshop elements\6.0\locale\en_us\photo creations metadata\backgrounds\cracked paint.xml
c:\users\nathan\downloads\google_sketchup_pro_8___keygen_[misterpale].6337876.tpb.torrent
c:\users\nathan\downloads\[kat.ph]google.sketchup.pro.8.0.4811.incl.crack.serials.torrent
c:\users\nathan\downloads\[kat.ph]google.sketchup.pro.8.eng.crack.torrent
c:\users\nathan\downloads\conv3ds\photoshop extended 12.0 keygen + howto\howto generate a serial for photoshop extended 12.0 (cs5.x).pdf
c:\users\nathan\downloads\google sketchup pro 8.0.4811 incl crack-serials\google sketchup pro 8.0.4811 incl crack-serials-slicer.rar
c:\users\nathan\downloads\google sketchup pro 8.0.4811 incl crack-serials\google sketchup pro 8.0.4811 incl crack-serials-slicer\googlesketchupprowen 8.0.4811.exe
c:\users\nathan\downloads\google sketchup pro 8.0.4811 incl crack-serials\google sketchup pro 8.0.4811 incl crack-serials-slicer\readme.nfo
c:\users\nathan\downloads\google sketchup pro 8.0.4811 incl crack-serials\google sketchup pro 8.0.4811 incl crack-serials-slicer\serials.nfo
c:\users\nathan\downloads\google sketchup pro 8.0.4811 incl crack-serials\google sketchup pro 8.0.4811 incl crack-serials-slicer\crack\sketchup.exe
c:\users\nathan\music\itunes\itunes media\music\compilations\itunes holiday sampler\17 the nutcracker, op. 71, act 2_ ch.m4a
c:\windows.old\users\nathan\music\itunes\itunes music\mastodon\crack the skye\01 oblivion.m4a
scanner sequence 3.ZZ.11.TVAPVJ
----- EOF -----

Scolabar
2012-05-30, 20:30
Hi boatnerd06,

Thank you for the logs.

A number of issues will need to be addressed in order that I continue to assist you the malware issues on your computer.

Did you install the following software? If so, how did you come by this software?

Adobe Creative Suite 3 Master Collection

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Non-Genuine Office Product(s)

The following Microsoft software installations on your computer are non-genuine:


Microsoft Office Excel 2007
Microsoft Office PowerPoint 2007
Microsoft Office Word 2007

All have been installed with a now blocked Volume Licensing Key (VLK) that was valid and only available to corporations, education entities and government agencies. VLKs are blocked by Microsoft at the request and consent of the original keyholder for such reasons as the key was lost, stolen, compromised, misused, or expired. Also, Microsoft may have blocked the key if it notices a pattern of misuse, i.e. more installations of Windows using that key than is authorized.

Please refer to Safer-Networking's policy regarding the use of illegal Pirated/Warez/Cracked software below.
If you still want to receive assistance, please remove the illegal items from your computer. If you still need the software, you will need to get a legal version from a legitimate source.
If you advise that the illegal software has been removed and I find otherwise (- the tools we use can and will detect them), then I will be left no choice but to have this topic closed.
If further such findings occur afterwards, the topic will also be closed.

You may return to the seller to demand for a replacement with a genuine copy or get a full refund. Read this article (http://windows.microsoft.com/en-GB/windows/help/genuine/faq#ID0EKNAC) to see if you qualify for the Genuine Office Offer.

The following freeware office suites are available as alternative options:

LibreOffice (http://www.libreoffice.org/download/)
OpenOffice (http://www.openoffice.org/download/)

Step 2:
Cracked/Pirated Software Detected!

Checking through your logs I can detect that you have downloaded and installed cracked software on the computer.


c:\users\nathan\downloads\google_sketchup_pro_8___keygen_[misterpale].6337876.tpb.torrent
c:\users\nathan\downloads\[kat.ph]google.sketchup.pro.8.0.4811.incl.crack.serials.torrent
c:\users\nathan\downloads\[kat.ph]google.sketchup.pro.8.eng.crack.torrent
c:\users\nathan\downloads\conv3ds\photoshop extended 12.0 keygen + howto\howto generate a serial for photoshop extended 12.0 (cs5.x).pdf
c:\users\nathan\downloads\google sketchup pro 8.0.4811 incl crack-serials\google sketchup pro 8.0.4811 incl crack-serials-slicer.rar
c:\users\nathan\downloads\google sketchup pro 8.0.4811 incl crack-serials\google sketchup pro 8.0.4811 incl crack-serials-slicer\googlesketchupprowen 8.0.4811.exe
c:\users\nathan\downloads\google sketchup pro 8.0.4811 incl crack-serials\google sketchup pro 8.0.4811 incl crack-serials-slicer\readme.nfo
c:\users\nathan\downloads\google sketchup pro 8.0.4811 incl crack-serials\google sketchup pro 8.0.4811 incl crack-serials-slicer\serials.nfo
c:\users\nathan\downloads\google sketchup pro 8.0.4811 incl crack-serials\google sketchup pro 8.0.4811 incl crack-serials-slicer\crack\sketchup.exe

This may or may not be related to your computer issues, however, if you wish me to continue helping you, then you must remove both the keygen and crack files as well as the related programs.

May I draw your attention to THIS TOPIC (http://forums.spybot.info/showpost.php?p=25290&postcount=4).

We do not support the use of illegal Pirated/Warez/Cracked software.

If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. Aside from the legalities be aware malware authors prey on users looking to circumvent a software's protection mechanisms. There is a high risk of infection involved in downloading and running crack codes.

Step 3:
Uninstall Programs

P2P Software Present!

IMPORTANT There are signs of a P2P (Peer-to-Peer) Related File Sharing Program installed on your computer.


vShare.tv plugin 1.3
P2P File Sharing Programs are used as a major conduit for spreading malware infection to computer systems these days.

P2P programs open up access to the computer on which the program is installed. The computer's settings are more often than not changed in a manner that renders the computer insecure and access to the computer remains open even when the program is not in use. Consequently, the system's security is completely compromised.

So be aware that it is not just what is downloaded that causes problems, just having a P2P program installed is like leaving all the doors to your house unlocked.

I advise you take the time to read the following articles that explain the risk of installing these programs:

Perils of P2P File Sharing (http://www.techsupportforum.com/forums/f50/perils-of-p2p-file-sharing-305923.html)
Use of P2P File Sharing Programs (http://spywarewarrior.com/viewtopic.php?t=26216)
Clean/Infected P2P Programs (http://malwareremoval.com/p2pindex.php)
Risks of Peer-to-Peer Systems (http://www.fbi.gov/scams-safety/peertopeer/oeertopeer)
File sharing infects 500,000 computers (http://www.itpro.co.uk/195672/file-sharing-infects-500-000-computers)
File-sharing dangers involve more than legal troubles (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
How to Prevent the Online Invasion of Spyware and Adware (http://www.internetworldstats.com/articles/art053.htm)

In order to continue assisting you with your malware issues I will require you to uninstall the P2P software.

Registry Cleaners - Advisory

I notice that the Uniblue SpeedUpMyPC 2009 is installed on this computer. This product incorporates a Registry Cleaner function.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference.
If it doesn't work properly you may end up with an expensive doorstop.
http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html
http://forums.whatthetech.com/Regcleaner_t42862.html

The decision whether or not to remove this program is yours.

Steering clear of such products in future will reduce your exposure to potential malware threats.

Please follow the instructions below to remove these programs:

Select Start > Control Panel > Programs > Programs and Features.
Under the Programs heading, click on Uninstall a program.
Scroll down the list of installed programs and locate the following program:


Uniblue SpeedUpMyPC 2009 <-- Opional Removal - see reasons provided above
vShare.tv plugin 1.3


Right-click on Uninstall to uninstall it.
Repeat steps 3 - 4 for each program in the list.
When finished Close the Control Panel window.
Restart the computer to complete removal of the program.

Step 4:
Re-Run CKScanner

Please re-run CKScanner. Then Copy and Paste the contents of the ckfiles.txt log into your next reply.

Step 5:
Re-Run DDS

Please re-run DDS. Then Copy and Paste the contents of the DDS.txt and Attach.txt files into your next post.

Step 6:
Include in Next Post

Did you have any problems carrying out the instructions?
Did you install the following software? If so, how did you come by this software?

Adobe Creative Suite 3 Master Collection
ckfiles.txt.
DDS.txt.
Attach.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

boatnerd06
2012-05-30, 21:25
Well, I guess the option is going to have to be to close this topic as the programs which you have requested to be deleted are vital to my computing needs, and to purchase the versions directly from Microsoft and adobe would be prohibitively expensive. On the same note these programs in there present form have not caused the issue at hand. It is unfortunate that this assistance has come down to becoming a pseudo police force for Microsoft and Adobe but, I guess it is what it is.

Thank you

boatnerd06

Scolabar
2012-05-31, 08:33
Hi boatnerd06,

FYI, read the section of my last post regarding P2P Software. It will give you a clear indication of the root cause of why your system became infected.
Downloading and installing cracked software has definitely contributed to, if not directly caused, the infection of your computer.

This topic will now be closed.

Scolabar