IDP.Trojan Crpt.AQLW Issues

B

boatnerd06

New member
Hello,
I am having many of the same problems that others are having with this bugger. I got into a file earlier and started getting the Vault messages from AVG Free. Any help to remove this issue would be appreciated.

Thanks

dds log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Nathan at 23:08:14 on 2012-05-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3326.1521 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Steam\Steam.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Users\Nathan\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Nathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Nathan\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://startsear.ch/?aff=1&cf=3b7fc524-29a8-11e1-8e12-001fd08149e9
uInternet Settings,ProxyServer = 46.23.70.176:3128
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - c:\program files\vshare.tv plugin\BarLcher.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: RebateRobot BHO: {fa3fedf6-1a34-4076-9f25-a26a2de6a401} - c:\program files\rebaterobot\RebateRobot.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - c:\program files\vshare.tv plugin\BarLcher.dll
TB: {B771FEA3-2A05-4C21-B1E2-55551A97D520} - No File
TB: {719D74AB-1AF9-43A1-8C62-D8750628D93E} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 52\axcmd.exe" /automount
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [ISUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [Akamai NetSession Interface] "c:\users\nathan\appdata\local\akamai\netsession_win.exe"
uRun: [Google Update] "c:\users\nathan\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [CA737A4C8A218980B307F7230906C3F73A69889A._service_run] "c:\users\nathan\appdata\local\google\chrome\application\chrome.exe" --type=service
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [PowerSuite] "c:\program files\uniblue\powersuite\launcher.exe" delay 20000 -m
uRun: [DriverScanner] "c:\program files\uniblue\driverscanner\launcher.exe" delay 20000
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\nathan\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\nathan\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gammat~1.lnk - c:\program files\magictune premium\GammaTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: 360-value.com
Trusted Zone: billerweb.com
Trusted Zone: bristolwest.com
Trusted Zone: bwproducers.com
Trusted Zone: cisgroup.com
Trusted Zone: co-optimum.com
Trusted Zone: farmers.com
Trusted Zone: farmers.csod.com
Trusted Zone: farmersces.com
Trusted Zone: farmersflood.com
Trusted Zone: farmersinsurance.com
Trusted Zone: farmersleadcenter.com
Trusted Zone: farmerslife.com
Trusted Zone: farmersmarketpoint.com
Trusted Zone: foremostfarmers.com
Trusted Zone: foremoststar.com
Trusted Zone: ipipeline.com
Trusted Zone: msbexpress.net
Trusted Zone: seccas.com
Trusted Zone: zurich.com
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://eagent.farmersinsurance.com/PLA/eAgent/icms/commonActiveX/smsx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{FEAEC8ED-0698-44E1-8342-E4CD3DA1D97E} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nathan\appdata\roaming\mozilla\firefox\profiles\jkd87gk8.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1&cf=3b7fc524-29a8-11e1-8e12-001fd08149e9
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bbc3f9e54-7112-455e-8307-e15978e50026%7D&mid=695c58de235e47d6b412d1569665a01a-630f14d88c88f78d12f6037265eb8b1d7839be65&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-17%2012%3A38%3A28&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\nathan\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\users\nathan\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\nathan\appdata\roaming\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 vmlitedrv;vmlitedrv;c:\windows\system32\drivers\vmlitedrv.sys [2012-1-26 15464]
R1 VMLiteUSBMon;VMLiteUSBMon;c:\windows\system32\drivers\vmliteusbmon.sys [2012-1-26 127080]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-27 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-9-12 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-5-3 47640]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2012-2-9 531328]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2012-3-15 370504]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 VMLiteService;VMLiteService;c:\program files\vmlite\vmlite workstation\VMLiteService.exe [2010-8-21 455784]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
R3 vmlitestor;vmlitestor;c:\windows\system32\drivers\vmlitestor.sys [2010-8-18 140392]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-26 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 257696]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-27 984392]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-26 135664]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-7-1 9216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-10-10 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-1 1343400]
S3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\drivers\ZTEusbgps.sys [2011-7-1 105856]
S3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\drivers\ZTEusbnmeaext.sys [2011-7-1 105856]
.
=============== Created Last 30 ================
.
2012-05-07 03:00:04 295248 ----a-w- c:\windows\system32\dllcache
2012-05-07 03:00:04 -------- d-----w- C:\_OTL
2012-05-07 02:11:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-07 01:16:06 -------- d-s---w- C:\ComboFix
2012-05-06 22:12:22 98816 ----a-w- c:\windows\sed.exe
2012-05-06 22:12:22 518144 ----a-w- c:\windows\SWREG.exe
2012-05-06 22:12:22 256000 ----a-w- c:\windows\PEV.exe
2012-05-06 22:12:22 208896 ----a-w- c:\windows\MBR.exe
2012-05-06 19:58:31 -------- d-----w- C:\DashConfig
2012-05-06 19:25:23 -------- dc-h--w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-05-06 19:24:58 -------- d-----w- c:\users\nathan\appdata\local\PackageAware
2012-05-06 18:58:22 -------- dc-h--w- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2012-05-06 18:41:32 -------- dc-h--w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}
2012-05-06 17:42:21 -------- d-----w- c:\program files\NirSoft
2012-05-06 17:37:45 -------- d-----w- c:\programdata\Uniblue
2012-05-06 17:37:22 -------- d-----w- c:\program files\Uniblue
2012-04-28 00:23:59 -------- d-----w- c:\program files\Paradox Interactive
2012-04-11 02:48:07 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 02:48:07 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 02:48:07 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 02:48:07 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 02:46:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 02:46:49 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 02:44:43 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-04-11 02:44:43 739840 ----a-w- c:\windows\system32\d2d1.dll
.
==================== Find3M ====================
.
2012-05-07 02:13:24 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-05-06 20:04:15 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 20:04:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-06 13:43:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-28 05:38:52 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 03:52:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-24 19:43:36 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 15:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 23:09:38.21 ===============
 
Hi boatnerd06,

Firstly, welcome to the Safer-Networking Malware Removal Forum. :)
My name is Scolabar, and I'll be helping you with your malware problems.
Logs can take a while to research, so please be patient.
If you no longer require help I would be grateful if you would let me know.

Please note the following important guidelines before proceeding:
  1. The instructions that will be provided are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable    !
  2. If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
  3. Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  4. Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
    Absence of symptoms does not necessarily mean that everything is clear.
  5. DO NOT run any other fix or removal tools unless instructed to do so!
  6. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  7. Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Please Note: If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) where the conditions for receiving help here are explained.

Windows 7 Advice:
Please Note: The programs I ask you to use will need to be run in Administrator Mode.
In order to do this Right-click on the program file and select the Run as Administrator option.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
If prompted, please click on the Allow button.
Reference: User Account Control (UAC) and Running as Administrator

Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Click to expand...
In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.

If you follow these guidelines, things should proceed smoothly. :)
I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.

Scolabar
 
Hi boatnerd06,

Thank you again for your patience. :)

Please read these instructions carefully before executing and perform the steps exactly in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before proceeding please make sure any open programs are closed.

Step 1:
Company-Owned Computer?

Entries in the log provided lead me to believe this may be a company-owned computer.
Please confirm whether or not this computer is a company owned computer, a computer used for business or connected to a business network.
If this is not the case, please proceed with Step 2 and clarify for what purposes this computer is used in your next post.

Step 2:
Tools Already Used

Have you already been receiving help at another malware removal forum?

Please Note: Using powerful tools without the guidance of a Malware Removal Expert runs the risk of turning a computer into a brick.

I will need to see the log files for the fixes run:

TDSSKiller - Log

I notice that TDSSKiller has been used recently on this computer. Please follow the instructions below to retrieve the log file:

  1. Please download TDSSQlook.exe by Kaspersky and save it to your Desktop. <-- Important!!!
  2. Right-click on TDSSQlook.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    A log file will be created on the Desktop called TDSSQ.txt.
  3. Copy and Paste the entire contents of the TDSSQ.txt file into your next reply.

ComboFix - Log

I also notice that ComboFix has been recently installed on this computer. You need to be aware of the following:

Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.
Click to expand...
Please post the entire contents of the combofix.txt log file (- it is normally to be found in the C:\qoobox\ directory) into your next reply.

OTL - Log

If you ran an OTL fix I will need to see that log file as well. Otherwise, go to Step 3.

The OTL log can be found in the following location:

C:\_OTL\MovedFiles\DD/DD/DD TT/TT.txt <-- denotes date/time log created.​

Please Copy and Paste that log report into your next reply.​

Step 3:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. Is this computer a company-owned computer, a computer used for business or connected to a business network?
    If not, please clarify for what purposes the computer is used.
  3. TDSSQ.txt.
  4. combofix.txt.
  5. C:\_OTL\MovedFiles\DD/DD/DD TT/TT.txt.
  6. Do you have the original Windows installation media for your PC?

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
 
Hi boatnerd06,

It has been over 48 hours since my last post.

  1. Do you still need help?
  2. Do you need more time?
  3. Are you having problems following my instructions?
  4. In line with Safer-Networking's Forum Guidelines, topics will be closed after 3 days without a response.
  5. If you do not reply within the next 24 hours, this topic will be closed.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
 
Sorry about the lack of response I was gone for the weekend.

2. It is my own personal computer that I also use for business. In order for our website to work on my computer it requires that we download a packet to make everything work well.

3. I have not been using another form however I was attempting to fix it myself as I was completely unusable. I got it to a point that its functional but not to the point that It was before.

6. I do not have the original Installation media for this computer. It was a Vista Media Center to Windows 7 Upgrade via a downloadable file from Microsoft.
 
TTDSQ Log


TDSSKiller Quarantine Information log
Version 1.0.0.4
***** START SCAN Mon 05/21/2012 20:00:00.02 *****

---------- TDSSKiller logs ----------

TDSSKiller.2.7.34.0_06.05.2012_22.08.18_log.txt

---------- TDSSStarter logs ----------


---------- DIR LIST ----------

C:\TDSSKiller_Quarantine\06.05.2012_22.08.18
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\zaea0000
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\svc0000
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\object.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\svc0000\tsk0001.dta
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\svc0000\tsk0001.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0011.dta
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0010.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0011.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0009.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0009.dta
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0008.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0007.dta
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0007.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0006.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0006.dta
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0005.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0005.dta
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0004.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0004.dta
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0003.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0003.dta
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0002.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0001.dta
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0000.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0000.dta
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0001.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\zaea0000\svc0000
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\zaea0000\object.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\zaea0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\zaea0000\svc0000\object.ini

---------- INI FILES ----------

=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\object.ini

[InfectedObject]
Verdict: Virus.Win32.ZAccess.aml


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\svc0000\object.ini

[InfectedObject]
Type: Service
Name: Avgtdix
Type: Kernel driver (0x1)
Start: System (0x1)
ImagePath: system32\DRIVERS\avgtdix.sys
Suspicious states: Forged file;


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\DRIVERS\avgtdix.sys
md5: 9c38f5a390e2c50773603458d8f0814d


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\svc0000\tsk0001.ini

[InfectedFile]
Type: Api image
Src: C:\Windows\system32\DRIVERS\avgtdix.sys
md5: a6d562b612216d8d02a35ebeb92366bd


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0000.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\@
Size: 2048


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0001.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\cfg.ini
Size: 297


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0002.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\Desktop.ini
Size: 4608


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0003.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\L\xadqgnnk
Size: 295248


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0004.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\oemid
Size: 57


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0005.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\U\00000001.@
Size: 2048


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0006.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\U\00000002.@
Size: 224768


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0007.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\U\00000004.@
Size: 1024


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0008.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\U\80000000.@
Size: 66560


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0009.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\U\80000004.@
Size: 1024


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0010.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\U\80000032.@
Size: 115712


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\rtkt0000\zafs0000\tsk0011.ini

[InfectedFile]
Name: C:\Windows\$NtUninstallKB19561$\3558119549\version
Size: 1268


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\zaea0000\object.ini

[InfectedObject]
Verdict: Backdoor.Multi.ZAccess.gen


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\zaea0000\svc0000\object.ini

[InfectedObject]
Type: Service
Name: pcradminserver
Type: n/a (0x20)
Start: Auto (0x2)
ImagePath: %SystemRoot%\system32\svchost.exe -k netsvcs
Suspicious states: Locked file;


=== C:\TDSSKiller_Quarantine\06.05.2012_22.08.18\zaea0000\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\ultra.dll
md5: 11028c6a84a967070cb1286550f2058f
 
Latest Combo Fix Log


ComboFix 12-05-11.04 - Nathan 05/11/2012 22:52:54.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3326.2406 [GMT -4:00]
Running from: c:\users\Nathan\Desktop\jgh.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Microsoft
c:\users\Nathan\AppData\Roaming\Roaming
c:\users\Nathan\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
.
---- Previous Run -------
.
c:\users\Nathan\AppData\Roaming\Roaming
c:\users\Nathan\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\windows\system32\explorer.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BridgeMP
-------\Service_Dot4Print
-------\Service_p2psvc
-------\Service_SiSRaid2
.
.
((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-12 03:10 . 2012-05-12 03:10 -------- d-----w- c:\users\Mcx1-NATHAN-PC\AppData\Local\temp
2012-05-12 03:10 . 2012-05-12 03:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-12 02:11 . 2012-05-12 02:11 -------- d--h--w- c:\windows\AxInstSV
2012-05-12 01:44 . 2012-05-12 01:53 -------- d-----w- c:\windows\system32\catroot2
2012-05-11 03:35 . 2012-05-11 03:35 -------- d-----w- c:\users\Nathan\AppData\Roaming\Malwarebytes
2012-05-11 03:35 . 2012-05-11 03:35 -------- d-----w- c:\programdata\Malwarebytes
2012-05-11 03:35 . 2012-05-11 03:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-11 03:35 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-10 15:35 . 2012-05-11 22:35 -------- d-----w- c:\windows\system32\drivers\AVG
2012-05-10 15:35 . 2012-05-10 15:49 -------- d-----w- c:\programdata\AVG2012
2012-05-08 22:57 . 2012-05-09 04:08 -------- d-----w- C:\AVG2012
2012-05-08 22:52 . 2012-05-12 01:58 -------- d-----w- C:\temp
2012-05-08 16:10 . 2012-05-12 03:14 -------- d-----w- c:\users\Nathan\AppData\Local\temp
2012-05-08 15:48 . 2012-05-09 04:08 -------- d-----w- C:\jgh2002j
2012-05-07 22:07 . 2012-05-07 22:07 -------- d-----w- C:\JGH
2012-05-07 03:00 . 2012-05-09 04:06 -------- d-----w- C:\_OTL
2012-05-07 03:00 . 2011-07-11 05:14 295248 ----a-w- c:\windows\system32\dllcache
2012-05-07 02:11 . 2012-05-09 04:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-06 19:58 . 2012-05-09 00:55 -------- d-----w- C:\DashConfig
2012-05-06 19:25 . 2012-05-06 19:25 -------- dc-h--w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-05-06 19:24 . 2012-05-06 19:24 -------- d-----w- c:\users\Nathan\AppData\Local\PackageAware
2012-05-06 18:58 . 2012-05-09 04:06 -------- dc-h--w- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2012-05-06 18:41 . 2012-05-06 19:16 -------- dc-h--w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}
2012-05-06 17:42 . 2012-05-09 04:06 -------- d-----w- c:\program files\NirSoft
2012-05-06 17:37 . 2012-05-06 17:37 -------- d-----w- c:\programdata\Uniblue
2012-05-06 17:37 . 2012-05-09 04:06 -------- d-----w- c:\program files\Uniblue
2012-04-28 00:23 . 2012-04-28 00:23 -------- d-----w- c:\program files\Paradox Interactive
2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 02:13 . 2011-07-11 05:14 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-05-06 20:04 . 2012-04-04 14:11 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 20:04 . 2011-05-27 15:37 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-19 09:17 . 2012-03-19 09:17 301248 ----a-w- c:\windows\system32\drivers\SET7F13.tmp
2012-03-06 13:43 . 2010-05-16 15:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-06 05:59 . 2012-04-11 02:46 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-06 05:59 . 2012-04-11 02:46 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-01 05:46 . 2012-04-11 02:48 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-11 02:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-11 02:48 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 02:48 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-24 19:43 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-02-22 09:25 . 2012-02-22 09:25 235216 ----a-w- c:\windows\system32\drivers\SET5D10.tmp
2012-02-17 05:34 . 2012-03-15 04:55 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-15 04:55 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-15 04:55 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01 . 2012-02-15 16:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-10-11 01:41 . 2011-03-22 22:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-07_21.56.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-14 06:24 . 2012-05-12 02:48 69388 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-05-12 03:15 47126 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-14 05:04 . 2012-05-12 03:15 22760 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-541655578-1006378361-3361530724-1000_UserData.bin
+ 2010-03-19 21:17 . 2012-05-08 23:49 67584 c:\windows\System32\LogFiles\Srt\bootstat.dat
- 2010-03-19 21:17 . 2010-03-19 23:36 67584 c:\windows\System32\LogFiles\Srt\bootstat.dat
+ 2009-07-14 04:50 . 2012-05-12 03:16 86016 c:\windows\System32\DriverStore\infpub.dat
- 2009-07-14 04:50 . 2012-05-07 12:52 86016 c:\windows\System32\DriverStore\infpub.dat
+ 2012-01-31 08:46 . 2012-01-31 08:46 31952 c:\windows\System32\drivers\avgrkx86.sys
+ 2011-12-23 17:32 . 2011-12-23 17:32 41040 c:\windows\System32\drivers\avgmfx86.sys
+ 2011-12-23 17:32 . 2011-12-23 17:32 17232 c:\windows\System32\drivers\avgidsshimx.sys
+ 2011-12-23 17:32 . 2011-12-23 17:32 24144 c:\windows\System32\drivers\avgidsfilterx.sys
+ 2009-11-14 05:04 . 2012-05-12 03:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-14 05:04 . 2012-05-07 22:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-14 05:04 . 2012-05-12 03:17 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-14 05:04 . 2012-05-07 22:04 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-14 05:04 . 2012-05-07 22:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-14 05:04 . 2012-05-12 03:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-14 03:07 . 2012-05-07 22:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-14 03:07 . 2012-05-12 03:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-14 03:07 . 2012-05-12 03:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-14 03:07 . 2012-05-07 22:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-16 16:18 . 2010-07-16 16:18 10134 c:\windows\Installer\{DA97BDF9-BC72-46FD-8E76-427F2BB951EE}\ARPPRODUCTICON.exe
+ 2012-05-12 01:37 . 2012-05-12 01:37 10134 c:\windows\Installer\{DA97BDF9-BC72-46FD-8E76-427F2BB951EE}\ARPPRODUCTICON.exe
- 2012-05-07 21:29 . 2012-05-07 21:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-12 02:45 . 2012-05-12 03:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-07 21:29 . 2012-05-07 21:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-12 02:45 . 2012-05-12 03:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-13 23:58 . 2010-11-20 12:18 854016 c:\windows\winsxs\x86_microsoft-windows-imageanalysis_31bf3856ad364e35_6.1.7601.17514_none_4a6381a588654ba6\dbghelp.dll
- 2011-10-11 01:57 . 2010-11-20 12:18 854016 c:\windows\winsxs\x86_microsoft-windows-imageanalysis_31bf3856ad364e35_6.1.7601.17514_none_4a6381a588654ba6\dbghelp.dll
- 2009-07-14 04:50 . 2012-05-07 12:52 143360 c:\windows\System32\DriverStore\infstrng.dat
+ 2009-07-14 04:50 . 2012-05-12 03:16 143360 c:\windows\System32\DriverStore\infstrng.dat
- 2009-07-14 04:50 . 2012-05-07 12:52 143360 c:\windows\System32\DriverStore\infstor.dat
+ 2009-07-14 04:50 . 2012-05-12 03:16 143360 c:\windows\System32\DriverStore\infstor.dat
+ 2011-12-23 17:32 . 2011-12-23 17:32 139856 c:\windows\System32\drivers\avgidsdriverx.sys
+ 2009-07-14 04:34 . 2012-05-12 02:47 116104 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:47 . 2012-05-07 21:27 470464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2012-05-12 02:19 470464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2007-03-23 19:51 . 2007-03-23 19:51 150368 c:\windows\Downloaded Program Files\igdtoolx.dll
+ 2010-04-03 22:27 . 2010-04-03 22:27 1515624 c:\windows\System32\nvsvcr.dll
+ 2010-04-27 06:17 . 2012-05-12 02:19 2431816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-541655578-1006378361-3361530724-1000-8192.dat
- 2010-04-27 06:17 . 2012-05-07 21:27 2431816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-541655578-1006378361-3361530724-1000-8192.dat
+ 2012-05-10 15:31 . 2012-05-10 15:31 5161984 c:\windows\Installer\61b840.msi
+ 2012-05-10 15:34 . 2012-05-10 15:34 2208768 c:\windows\Installer\61b83c.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA3FEDF6-1A34-4076-9F25-A26A2DE6A401}]
2011-12-04 05:05 88576 ----a-w- c:\program files\RebateRobot\RebateRobot.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-09 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GammaTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.lnk
backup=c:\windows\pss\GammaTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Nathan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 04:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM for Windows]
2012-02-11 04:57 1263448 ----a-w- c:\users\Nathan\AppData\Local\AOL\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2012-03-13 09:37 3331872 ----a-w- c:\users\Nathan\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:05 203416 ----a-w- c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 02:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2012-04-05 09:12 2587008 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CA737A4C8A218980B307F7230906C3F73A69889A._service_run]
2012-04-28 02:07 1224176 ----a-w- c:\users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup]
2011-03-04 00:52 948880 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2006-10-12 19:57 102400 ------w- c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 07:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 23:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 20:41 222128 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2007-09-12 14:20 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicTuneLauncher]
2010-12-21 14:39 51712 ----a-w- c:\program files\MagicTune Premium\MagicTuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
2007-06-02 20:59 1457152 ----a-w- c:\program files\PeerGuardian2\pg2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-05-09 21:36 9478320 ----a-w- c:\users\Nathan\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-05-09 21:36 932528 ----a-w- c:\users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-09 13:58 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-03-06 22:24 741240 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-04-15 9216]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-01 1343400]
R3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\DRIVERS\ZTEusbgps.sys [2008-04-15 105856]
R3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext.sys [2008-04-15 105856]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 135664]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-02-06 374152]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R4 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-09 531328]
R4 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
R4 VMLiteService;VMLiteService;c:\program files\VMLite\VMLite Workstation\VMLiteService.exe [2010-08-21 455784]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-14 721904]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-05-07 295248]
S1 VBoxDrv;VBoxDrv;c:\windows\system32\drivers\VBoxDrv.sys [2010-08-11 143848]
S1 vmlitedrv;vmlitedrv;c:\windows\system32\drivers\vmlitedrv.sys [2010-06-29 15464]
S1 VMLiteUSBMon;VMLiteUSBMon;c:\windows\system32\drivers\vmliteusbmon.sys [2010-08-18 127080]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
S3 VBoxNetAdp;VMLite Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-08-11 100264]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-08-11 111208]
S3 vmlitestor;vmlitestor;c:\windows\system32\DRIVERS\vmlitestor.sys [2010-08-18 140392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Cam5603C
AR5523
SE2Bbus
dvd_2K
LUsbKbd
mgabg
httpfilter
armoucfltr
pcradminserver
awecho
splitter
mssqlserveradhelper
dpfusmgr
GTPTSER
xnacc
pdreli
ntservice1
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:04]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 17:16]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 17:16]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-541655578-1006378361-3361530724-1000Core.job
- c:\users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-14 02:38]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-541655578-1006378361-3361530724-1000UA.job
- c:\users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-14 02:38]
.
.
------- Supplementary Scan -------
.
uStart Page = https://eagent.farmersinsurance.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 46.23.70.176:3128
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
Trusted Zone: 360-value.com
Trusted Zone: billerweb.com
Trusted Zone: bristolwest.com
Trusted Zone: bwproducers.com
Trusted Zone: cisgroup.com
Trusted Zone: co-optimum.com
Trusted Zone: farmers.com
Trusted Zone: farmers.csod.com
Trusted Zone: farmersces.com
Trusted Zone: farmersflood.com
Trusted Zone: farmersinsurance.com
Trusted Zone: farmersleadcenter.com
Trusted Zone: farmerslife.com
Trusted Zone: farmersmarketpoint.com
Trusted Zone: foremostfarmers.com
Trusted Zone: foremoststar.com
Trusted Zone: ipipeline.com
Trusted Zone: msbexpress.net
Trusted Zone: seccas.com
Trusted Zone: zurich.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\jkd87gk8.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1&cf=3b7fc524-29a8-11e1-8e12-001fd08149e9
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bbc3f9e54-7112-455e-8307-e15978e50026%7D&mid=695c58de235e47d6b412d1569665a01a-630f14d88c88f78d12f6037265eb8b1d7839be65&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-17%2012%3A38%3A28&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2204)
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\PrintIsolationHost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Completion time: 2012-05-11 23:23:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-12 03:23
ComboFix2.txt 2012-05-07 22:07
.
Pre-Run: 21,887,176,704 bytes free
Post-Run: 21,658,742,784 bytes free
.
- - End Of File - - E09FA5E9093EBB11028084417CFBF20C
 
TT Log:


========== REGISTRY ==========
========== SERVICES/DRIVERS ==========
Error: No service named .avgtdix was found to stop!
Service\Driver key .avgtdix not found.
========== FILES ==========
< copy "C:\Program Files\AVG\AVG2012\Drivers\avgtdix.sys" "C:\WINDOWS\system32\dllcache" /c >
1 file(s) copied.
C:\Users\Nathan\Downloads\cmd.bat deleted successfully.
C:\Users\Nathan\Downloads\cmd.txt deleted successfully.
C:\WINDOWS\System32\dds_trash_log.cmd moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.42.3 log created on 05062012_230004
 
Hi boatnerd06,

boatnerd06 said:
Sorry about the lack of response I was gone for the weekend.
Click to expand...
You are fortunate. I had requested this topic to be closed, but the request somehow got overlooked. Please make sure you reply in good time otherwise you will run the risk of the topic being closed. ;)

I'm afraid have some bad news for you. :sad:

Rootkit Warning

Your logs show signs of the Zero Access Rootkit infection.
A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:
  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Your company's IT department should also be informed.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft
    and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords.
    (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, any online activity you perform, requiring a username and password).
    Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
  • Back up all your important data except programs. The programs can be re-installed back from the original disc or from the Net.
Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again.
Many experts in the security community believe that once infected with this type of malware, the best course of action would be to do a reformat and re-installation of the operating system (OS).

This decision will have to be made by you.

To help you understand more, please take some time to read the following articles:
An attempt can be made to clean this machine, however, you will need to be aware that having already attempted to deal with the malware infections present on your computer your system may have been damaged beyond repair. In addition, there will be no guarantee, if the cleanup is successful, that the computer won't still be compromised, afterwards.

boatnerd06 said:
I do not have the original Installation media for this computer. It was a Vista Media Center to Windows 7 Upgrade via a downloadable file from Microsoft.
Click to expand...
This does not help your situation. I hope you have your original Vista Media Center installation media. :sad:

Please confirm how you would like to proceed.


Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
 
I think I would like to attempt to clean the machine. I do plan to in the near future to rebuild this computer anyway so if it fails it fails. I am beginning the process of using windows backup and restore to backup my computer unless you have a suggestion of something better.

Thanks,
boatnerd06
 
Hi boatnerd06,

boatnerd06 said:
I think I would like to attempt to clean the machine. I do plan to in the near future to rebuild this computer anyway so if it fails it fails.
Click to expand...
OK, thanks for the confirmation. Let's see how we get on.

boatnerd06 said:
I am beginning the process of using windows backup and restore to backup my computer unless you have a suggestion of something better.
Click to expand...
A link to instructions on how to back up your data was provided in my initial post: ;)

Scolabar said:
In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.

Click to expand...

OK, let's get started - assuming you have completed the backup of your data:

Please read these instructions carefully before executing and perform the steps exactly in the order given.
If, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Computer Problem(s) - Details

Please can you provide a description of the computer issues you are experiencing.
The description does not need to be technically detailed, but if your computer has given you any Error Codes or flashed up any messages, then the exact wording of them can be very useful.
Please describe the computer problem(s) you are encountering in your next post.

Step 2:
Advisory - P2P Software Present!

IMPORTANT There are signs of a P2P (Peer-to-Peer) File Sharing Program installed on your computer.

µTorrent
P2P File Sharing Programs are used as a major conduit for spreading malware infection to computer systems these days.

P2P programs open up access to the computer on which the program is installed. The computer's settings are more often than not changed in a manner that renders the computer insecure and access to the computer remains open even when the program is not in use. Consequently, the system's security is completely compromised.

So be aware that it is not just what is downloaded that causes problems, just having a P2P program installed is like leaving all the doors to your house unlocked.

I advise you take the time to read the following articles that explain the risk of installing these programs:

I strongly recommend that you uninstall the P2P software as follows:

Remove P2P Program
  1. Click on Start > Control Panel and double-click on Programs and Features.
  2. Locate the following program:

    µTorrent
  3. Click on the Change/Remove button to uninstall it.
  4. Please repeat the above instructions to remove any other P2P File Sharing Programs you may have installed on your system.
  5. When the program(s) has/have been uninstalled Close the Programs and Features and Control Panel windows.
Step 3:
OTL - Scan

  1. Before proceeding please make sure you delete any existing version of OTL you already have on your computer.
  2. Please download OTL by Old Timer. Save it to your Desktop.
  3. Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
  4. Under Output, ensure that the Standard Output option is selected.
  5. Under the Extra Registry section, select the Use SafeList option.
  6. Click the Scan All Users checkbox.
  7. Tick the LOP Check and Purity Check checkboxes.
    Note: Please leave the remaining selections on the default settings.
  8. Click on the Run Scan button in the top left-hand corner of the program window.
  9. When done, two Notepad files will automatically open:
    OTL.txt <-- Will be opened, maximized.
    Extras.txt <-- Will be minimized on task bar.
  10. Please Copy and Paste the entire contents of both OTL.txt and Extras.txt files into your next reply.
Step 4:
Farbar Service Scanner

  1. Please download Farbar Service Scanner and save it to your Desktop.
  2. Right-click on FSS.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
  3. Click on the Scan button.
  4. When the scan has finished, a text file named FSS.txt will be created on your Desktop. (- the same location where the tool is run from).
  5. Please Copy and Paste the entire contents of the FSS.txt log into your next reply.
Step 5:
MBRCheck - Scan

  1. Please download MBRCheck.exe © a_d_13 to your Desktop.
    Alternate links: Link 2 or Link 3
  2. Right-click on MBRCheck.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
  3. A small black window will open with some information. Please do not fix anything (- if it gives you an option).
  4. If an unknown boot code is detected additional options will be presented. At this time press N then press Enter twice to continue.
  5. When the scan has completed you should see the message Done! Press ENTER to exit... Press Enter to exit the program.
    A file named MBRCheck_mm.dd.yy_hh.mm.ss.txt will appear on your Desktop.
  6. Please Copy and Paste the entire contents of the MBRCheck_mm.dd.yy_hh.mm.ss.txt file into your next reply.
Step 6:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. Please provide a description of the computer problem(s) you have been encountering.
  3. OTL.txt.
  4. Extras.txt.
  5. FSS.txt.
  6. MBRCheck_mm.dd.yy_hh.mm.ss.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
 
Hi boatnerd06,

Please post the logs requested in my last post. I am expecting to hear from you by the end of today. ;)

Scolabar
 
Every few hours or so It brings up a window that looks official saying that my copy of Windows is not valid. This is was not the case before this entire situation began.

OTL.txt

OTL logfile created on: 5/28/2012 9:04:22 PM - Run 2
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\Nathan\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 56.82% Memory free
6.50 Gb Paging File | 4.59 Gb Available in Paging File | 70.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 11.88 Gb Free Space | 2.55% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 37.78 Gb Free Space | 4.06% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 0.01 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: NATHAN-PC | User Name: Nathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/28 21:02:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
PRC - [2012/05/09 17:36:55 | 000,932,528 | ---- | M] () -- C:\Users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/26 22:43:13 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/22 21:56:50 | 000,441,880 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll
MOD - [2012/05/22 21:56:49 | 003,922,456 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
MOD - [2012/05/22 21:55:35 | 000,553,496 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll
MOD - [2012/05/22 21:55:33 | 000,117,784 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll
MOD - [2012/05/22 21:55:24 | 000,134,696 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
MOD - [2012/05/22 21:55:23 | 000,250,408 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll
MOD - [2012/05/22 21:55:21 | 002,375,720 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
MOD - [2012/05/22 21:06:23 | 008,743,584 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
MOD - [2012/05/09 17:36:55 | 000,932,528 | ---- | M] () -- C:\Users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ppa3.dll -- (xnacc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pinger.dll -- (splitter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bc_filter.dll -- (SE2Bbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\OVT511Plus.dll -- (pdreli)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\procexp111.dll -- (ntservice1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MXOFX.dll -- (mssqlserveradhelper)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\icam4usb.dll -- (mgabg)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eventlog.dll -- (LUsbKbd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahometnslistener.dll -- (httpfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\padfsvr.dll -- (GTPTSER)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dcstor32.dll -- (dvd_2K)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lpds.dll -- (dpfusmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SMCB000.dll -- (Cam5603C)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\k750bus.dll -- (awecho)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GENERICDRV.dll -- (armoucfltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\enecbpth.dll -- (AR5523)
SRV - [2012/05/06 16:04:18 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/20 10:18:29 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/27 18:40:51 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012/03/15 01:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2012/02/06 13:22:46 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/02/06 13:22:39 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Disabled | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2010/12/23 11:54:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/08/21 08:22:08 | 000,455,784 | ---- | M] (VMLite, Inc.) [Disabled | Stopped] -- C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe -- (VMLiteService)
SRV - [2010/03/01 18:03:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/14 01:08:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Nathan\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a1ar6w9g)
DRV - [2012/05/06 22:13:24 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/02/06 13:22:40 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/05/18 09:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/11/20 08:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 08:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 06:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/18 13:28:56 | 000,127,080 | ---- | M] (VMLite, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\vmliteusbmon.sys -- (VMLiteUSBMon)
DRV - [2010/08/18 12:54:16 | 000,140,392 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmlitestor.sys -- (vmlitestor)
DRV - [2010/08/11 12:05:00 | 000,111,208 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2010/08/11 12:05:00 | 000,100,264 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/08/11 12:04:54 | 000,143,848 | ---- | M] (VMLite, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010/06/29 11:20:02 | 000,015,464 | ---- | M] (VMLite, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\vmlitedrv.sys -- (vmlitedrv)
DRV - [2010/04/22 14:33:36 | 000,014,336 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2010/04/03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/11/13 21:59:40 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/04 10:11:04 | 001,084,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2009/07/13 18:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2008/08/11 12:40:58 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:40:58 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/15 11:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/04/15 11:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext)
DRV - [2008/04/15 11:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/04/15 11:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/04/15 11:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbgps.sys -- (ZTEusbgps)
DRV - [2008/04/15 11:17:32 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{6277A898-E263-4041-B463-DF13BD763F5C}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://eagent.farmersinsurance.com/
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 F7 89 C0 2E 28 CB 01 [binary data]
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..\SearchScopes,DefaultScope = {4675F48F-8AAA-4587-A5C5-D76130138482}
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=3b7fc524-29a8-11e1-8e12-001fd08149e9&q={searchTerms}
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..\SearchScopes\{4675F48F-8AAA-4587-A5C5-D76130138482}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..\SearchScopes\{6277A898-E263-4041-B463-DF13BD763F5C}: "URL" = http://www.bing.com/search?mkt=en-us&q=?FORM=MICCD1&q={searchTerms}
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={22CBD33C-6597-47E1-A095-8380820DC49A}&mid=695c58de235e47d6b412d1569665a01a-630f14d88c88f78d12f6037265eb8b1d7839be65&lang=en&ds=AVG&pr=fr&d=2011-10-17 12:38:28&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 46.23.70.176:3128

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Nathan\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nathan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nathan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/21 02:29:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 21:13:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/31 13:26:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/31 13:26:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/15 09:39:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/10 11:36:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/09 00:08:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 10:02:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Nathan\AppData\Roaming\Move Networks [2010/01/06 23:41:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/21 02:29:45 | 000,000,000 | ---D | M]

[2009/11/30 03:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Extensions
[2009/11/30 03:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2012/02/20 19:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\jkd87gk8.default\extensions
[2012/02/20 19:37:31 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\jkd87gk8.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/03/06 09:43:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 11:58:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/06/24 11:10:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/03/06 09:43:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/10/10 21:41:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/06 09:43:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/03 16:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2011/10/03 05:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012/03/12 12:10:21 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/10/10 21:41:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Nathan\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: Bejeweled = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: YouTube = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX HiQ = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Railroad Empire = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiikpbacijhipapclbjgoeieioojhlnj\2.0.2_0\
CHR - Extension: vshare plugin = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Baseball (Deluxe) = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbbmhkhnoadhdceaokdofknafciecdea\2.1_0\
CHR - Extension: AVG Do Not Track = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Gmail = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: RebateRobot = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmfbdeonhcacfoakminfhhgllaelfhda\2.2_0\

O1 HOSTS File: ([2012/05/11 23:14:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (RebateRobot BHO) - {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - C:\Program Files\RebateRobot\RebateRobot.dll (RebateRobot)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000..\Run: [Spotify Web Helper] C:\Users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: 360-value.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: billerweb.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: bristolwest.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: bwproducers.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: cisgroup.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: co-optimum.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmers.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmers.csod.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmersces.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmersflood.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmersinsurance.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmersleadcenter.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmerslife.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmersmarketpoint.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: foremostfarmers.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: foremoststar.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: ipipeline.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: msbexpress.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: seccas.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: zurich.com ([]* in Trusted sites)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://eagent.farmersinsurance.com/PLA/eAgent/icms/commonActiveX/smsx.cab (MeadCo ScriptX)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEAEC8ED-0698-44E1-8342-E4CD3DA1D97E}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/28 21:02:16 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
[2012/05/25 14:16:07 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\HPAppData
[2012/05/15 09:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/14 01:40:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/13 19:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vehicle Simulator
[2012/05/12 14:41:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2012/05/12 14:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2012/05/12 13:42:32 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Roaming
[2012/05/11 22:52:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/11 22:52:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/11 22:11:44 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2012/05/11 21:58:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2012/05/11 21:44:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\CatRoot2_2012512144144
[2012/05/10 23:35:24 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Malwarebytes
[2012/05/10 23:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/10 23:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/10 23:35:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/10 23:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/10 23:23:41 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/05/10 11:35:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/05/10 11:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/05/08 18:57:42 | 000,000,000 | ---D | C] -- C:\AVG2012
[2012/05/08 18:52:59 | 000,000,000 | ---D | C] -- C:\temp
[2012/05/08 12:10:15 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\temp
[2012/05/08 11:48:50 | 000,000,000 | ---D | C] -- C:\jgh2002j
[2012/05/07 18:07:36 | 000,000,000 | ---D | C] -- C:\JGH
[2012/05/06 23:01:52 | 004,490,225 | R--- | C] (Swearware) -- C:\Users\Nathan\Desktop\jgh.exe
[2012/05/06 23:00:04 | 000,295,248 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\dllcache
[2012/05/06 23:00:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/06 22:11:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/06 18:12:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/06 18:12:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/06 18:10:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/06 16:02:34 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mead & Company
[2012/05/06 15:58:31 | 000,000,000 | ---D | C] -- C:\DashConfig
[2012/05/06 15:25:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/05/06 15:24:58 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\PackageAware
[2012/05/06 14:58:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2012/05/06 14:41:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2012/05/06 13:42:21 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
[2012/05/06 13:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2012/05/06 13:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/05/06 13:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012/05/06 13:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012/05/06 13:14:29 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/05/06 13:14:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/05/06 13:14:28 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/05/06 13:14:28 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/05/06 13:14:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/28 21:02:44 | 000,080,384 | ---- | M] () -- C:\Users\Nathan\Desktop\MBRCheck.exe
[2012/05/28 21:02:38 | 000,337,441 | ---- | M] () -- C:\Users\Nathan\Desktop\FSS.exe
[2012/05/28 21:02:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
[2012/05/28 20:55:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-541655578-1006378361-3361530724-1000UA.job
[2012/05/28 20:48:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/28 20:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/28 17:30:13 | 099,389,867 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/28 14:55:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-541655578-1006378361-3361530724-1000Core.job
[2012/05/27 22:48:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/27 16:49:31 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/27 16:49:31 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/25 17:29:43 | 000,192,126 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/25 12:48:09 | 000,036,901 | ---- | M] () -- C:\Users\Nathan\Desktop\bilde.jpg
[2012/05/25 11:09:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/25 11:09:36 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/24 16:51:42 | 000,037,010 | ---- | M] () -- C:\Users\Nathan\Desktop\badger_stuck.jpg
[2012/05/23 22:57:59 | 000,002,403 | ---- | M] () -- C:\Users\Nathan\Desktop\Google Chrome.lnk
[2012/05/22 09:51:35 | 000,034,814 | ---- | M] () -- C:\Users\Nathan\AppData\Local\dt.dat
[2012/05/21 19:58:09 | 000,154,624 | ---- | M] () -- C:\Users\Nathan\Desktop\TDSSQlook.exe
[2012/05/15 21:15:19 | 000,625,482 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/15 21:15:19 | 000,108,104 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/15 09:39:22 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/13 19:10:50 | 000,001,004 | ---- | M] () -- C:\Users\Nathan\Desktop\Vehicle Simulator.lnk
[2012/05/11 23:14:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/11 22:51:46 | 004,490,225 | R--- | M] (Swearware) -- C:\Users\Nathan\Desktop\jgh.exe
[2012/05/11 22:19:31 | 000,000,488 | ---- | M] () -- C:\Users\Nathan\Documents\cc_20120511_221926.reg
[2012/05/10 23:35:20 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/10 11:40:24 | 000,000,017 | ---- | M] () -- C:\Users\Nathan\AppData\Local\resmon.resmoncfg
[2012/05/10 11:31:15 | 000,021,534 | ---- | M] () -- C:\Users\Nathan\Documents\cc_20120510_113111.reg
[2012/05/06 22:13:24 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/05/06 17:47:25 | 000,001,124 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue SpeedUpMyPC 2009.lnk
[2012/05/06 17:47:25 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Uniblue SpeedUpMyPC 2009.lnk
[2012/05/06 16:04:15 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/06 16:04:14 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/01 18:00:47 | 000,157,397 | ---- | M] () -- C:\Users\Nathan\Desktop\31-5137 (1).pdf
[2012/04/28 23:17:11 | 000,351,568 | ---- | M] () -- C:\Users\Nathan\Desktop\412175_10150682391575308_652370307_9788956_1433495807_o.jpg
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/28 21:02:45 | 000,080,384 | ---- | C] () -- C:\Users\Nathan\Desktop\MBRCheck.exe
[2012/05/28 21:02:34 | 000,337,441 | ---- | C] () -- C:\Users\Nathan\Desktop\FSS.exe
[2012/05/28 17:30:13 | 099,389,867 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/25 17:29:43 | 000,192,126 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/25 12:48:15 | 000,036,901 | ---- | C] () -- C:\Users\Nathan\Desktop\bilde.jpg
[2012/05/24 16:51:51 | 000,037,010 | ---- | C] () -- C:\Users\Nathan\Desktop\badger_stuck.jpg
[2012/05/22 09:51:35 | 000,034,814 | ---- | C] () -- C:\Users\Nathan\AppData\Local\dt.dat
[2012/05/21 19:58:13 | 000,154,624 | ---- | C] () -- C:\Users\Nathan\Desktop\TDSSQlook.exe
[2012/05/13 19:10:50 | 000,001,004 | ---- | C] () -- C:\Users\Nathan\Desktop\Vehicle Simulator.lnk
[2012/05/11 22:52:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/11 22:52:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/11 22:52:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/11 22:52:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/11 22:52:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/11 22:19:28 | 000,000,488 | ---- | C] () -- C:\Users\Nathan\Documents\cc_20120511_221926.reg
[2012/05/10 23:35:20 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/10 11:40:24 | 000,000,017 | ---- | C] () -- C:\Users\Nathan\AppData\Local\resmon.resmoncfg
[2012/05/10 11:36:55 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/10 11:31:13 | 000,021,534 | ---- | C] () -- C:\Users\Nathan\Documents\cc_20120510_113111.reg
[2012/05/06 17:43:29 | 000,001,124 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue SpeedUpMyPC 2009.lnk
[2012/05/06 17:43:29 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Uniblue SpeedUpMyPC 2009.lnk
[2012/05/01 18:00:47 | 000,157,397 | ---- | C] () -- C:\Users\Nathan\Desktop\31-5137 (1).pdf
[2012/04/28 23:17:18 | 000,351,568 | ---- | C] () -- C:\Users\Nathan\Desktop\412175_10150682391575308_652370307_9788956_1433495807_o.jpg
[2012/02/09 22:10:54 | 000,000,000 | ---- | C] () -- C:\Users\Nathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/09 21:31:47 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/10/10 21:56:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/08/15 10:29:31 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/08/15 10:29:31 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/18 23:30:37 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2010/12/06 14:18:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\ScratchRemoval.dll
[2010/09/30 22:57:12 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/09/30 22:57:12 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/09/30 22:57:12 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/09/30 22:57:12 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/09/30 22:57:12 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/09/30 22:57:12 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/09/30 22:57:12 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/09/30 22:57:12 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/09/30 22:57:12 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/09/30 22:57:12 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/09/30 22:57:12 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/09/30 22:57:12 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/09/30 22:57:12 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/09/30 22:57:12 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/09/30 22:57:12 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/09/30 22:57:12 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/09/30 22:48:22 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw7c.bin
[2010/09/30 22:47:49 | 000,000,044 | ---- | C] () -- C:\Windows\PERFV500P.ini
[2010/09/30 22:35:42 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

========== LOP Check ==========

[2011/05/31 23:15:52 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\.minecraft
[2009/11/13 22:01:17 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\acccore
[2009/11/16 17:04:15 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Amazon
[2011/11/18 01:35:56 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\AnvSoft
[2009/12/28 03:29:44 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Atari
[2011/10/17 12:36:22 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\AVG2012
[2012/01/10 22:04:43 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Blender Foundation
[2009/11/16 02:19:03 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Canon
[2011/11/16 22:14:27 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\com.amazon.music.uploader
[2012/05/10 09:49:58 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Dropbox
[2010/09/30 23:39:02 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\EPSON
[2009/11/30 03:01:59 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Flickr
[2012/05/06 16:01:32 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Free Download Manager
[2009/11/16 16:57:49 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Imagenomic
[2010/01/22 04:04:31 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\IrfanView
[2011/12/26 21:09:11 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Kalypso Media
[2009/11/16 00:00:24 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Leadertech
[2010/12/03 22:30:17 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Quest3D
[2009/12/28 13:39:28 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Red Kawa
[2009/12/29 16:02:29 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Regensoft
[2012/05/12 13:42:32 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Roaming
[2011/07/01 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Smith Micro
[2012/05/25 13:12:07 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Spotify
[2012/03/26 18:34:37 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\The Creative Assembly
[2012/01/03 14:33:27 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Tropico 4
[2012/01/27 17:52:09 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Ubisoft
[2012/05/06 17:47:06 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Uniblue
[2012/05/28 21:02:02 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\uTorrent
[2011/11/18 02:40:05 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Xilisoft
[2012/03/15 09:53:25 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
 
Extras.txt


OTL Extras logfile created on: 5/28/2012 9:04:22 PM - Run 2
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\Nathan\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 56.82% Memory free
6.50 Gb Paging File | 4.59 Gb Available in Paging File | 70.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 11.88 Gb Free Space | 2.55% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 37.78 Gb Free Space | 4.06% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 0.01 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: NATHAN-PC | User Name: Nathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A452F3B-CAA0-4968-885C-B585428A6A1F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BEB123B-94E0-4CEC-A504-EA1943A331B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0F3E2EC3-6659-40C3-867B-07C0A391DD17}" = rport=139 | protocol=6 | dir=out | app=system |
"{15BBC1E2-D780-441A-82C7-00452EDFB1C1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1663770A-FA79-4BC5-A7AA-6EFA40974AFB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{18945B4A-4F13-4AB0-AA56-37F05723C3A2}" = rport=445 | protocol=6 | dir=out | app=system |
"{1A933D60-C164-4A56-A8AF-903EEF64AD42}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
"{23BC620A-0F65-4A61-BC5C-B4381D176FC4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{2B24A9A2-4FC3-4F93-8E0D-5F333A00FAAA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2FD91BAC-222B-4EC2-8388-318BDE91759B}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{33BA9F01-968D-41BC-8A8A-3E43275A43CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3410A725-C742-4E89-80F4-B1975DC90855}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{38BB65B3-8EF3-4DF1-A916-A7D6B6CB000A}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{44A313CA-B8C2-4EDB-BDDD-DD7A5A7566BE}" = lport=137 | protocol=17 | dir=in | app=system |
"{4815FFCF-75AB-48EB-9E55-6A5AAF3107F9}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A2AC5EC-4430-4DB6-973D-6563A2B83BD3}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{5317E39D-9D52-453D-ACDD-7C041A0153DB}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{551EC835-2F01-45F6-9CE5-7ED4564958B6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{553225E0-ACF4-4574-97A5-DF27AF7E640F}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{5760B206-C898-47E6-997C-F67E062BCD07}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60D55B4C-C4B9-4520-A687-8339BFDB3ECB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61977254-E344-4E24-8A5A-167CF93F40E7}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{61A7D874-5C2F-4C2A-A54E-A453A2952614}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{644D6143-7E46-4B57-A0D0-E3C8E5C0D4D0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{69117B67-4FBD-4A34-97E9-5D044F09541C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6B536988-B066-4D34-BAD3-71AF1C57C743}" = lport=3390 | protocol=6 | dir=in | app=system |
"{6FD158D5-BD47-4C67-95A6-12EC89A8E599}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{76D33988-D526-4C06-A83E-E542FFDBC622}" = lport=3390 | protocol=6 | dir=in | app=system |
"{787756B2-638A-4E90-BADC-9F47C1492433}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7BA5A8A4-2AE7-4769-89DE-D5372506B36B}" = lport=139 | protocol=6 | dir=in | app=system |
"{877BFF74-A34F-49F8-8C6B-E0625B5345FA}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8840038B-DC83-40B7-8AFD-141C2D75C6A0}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{88AA1225-D77E-4CEC-9DA8-7960B1F5BE87}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{9014E455-711F-4617-B481-E6C687087203}" = lport=10243 | protocol=6 | dir=in | app=system |
"{93725F4F-7FC6-4DF2-AB8F-AB469B189E93}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{9460EC6B-5A4D-498E-A4AF-5D0DEF971142}" = lport=10244 | protocol=6 | dir=in | app=system |
"{98BF8813-0AEC-447B-A713-A1C8E224F0F0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A1D11FBB-9292-4C2D-830D-0FCCBF0E268D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A42625B0-33A5-49DF-BDCD-374B3A1783BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A51A28B3-D59E-4ABD-97B5-704A2FB88049}" = lport=10244 | protocol=6 | dir=in | app=system |
"{A666313C-3379-41AE-A84E-F111F8503A9A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A6C40842-03F0-4790-98E8-49AAF8AEA448}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B5039E73-D569-459D-B29F-6E6942A855BF}" = lport=138 | protocol=17 | dir=in | app=system |
"{BC85A6A3-ACC0-47D0-9107-EE80B7182227}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{BD81E9D5-5507-4CF8-8C51-7F902E30434F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BEC4530B-3525-423D-8400-9C26520515C6}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{C1C00F81-E0B7-4BEF-8EFD-2C6DC065DBD1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C28A73A2-9DEA-4520-A5F2-311862B292C2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{C424701F-5FF7-45CA-85A1-B64F9DDFD96C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{CDEA7F42-284C-4C76-B2C0-63849CE69596}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{D0F8DC7C-D1E1-4239-B7EC-2AA008A20662}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{DFC84CBB-F778-4DAD-94BA-723C6E25912F}" = rport=138 | protocol=17 | dir=out | app=system |
"{E013BC8F-26FC-41C3-ADCC-6287A98FEF41}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E9990D0B-202A-48FE-81B9-09278DECAF38}" = lport=445 | protocol=6 | dir=in | app=system |
"{F6A104FB-A3DB-46CC-87BF-BD5F9BACDD58}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F8F5FBA9-77C0-4463-B05F-6D7126EEC2F1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004B053C-7106-47E6-89F6-5F932E0BF632}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{00880126-4799-462B-80AC-1E4D907558B8}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\inputserv.exe |
"{01B1B9DA-95B1-48E7-86F0-32E931FB9EA0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{01F6D4FF-B6FF-45A6-89D6-380855A3152E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{04D8BEC3-155F-4765-8880-ED0367C17F2A}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{0D7CC053-2F01-43FE-8529-8FCA1EA9AC9C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{11695B5B-6D93-4C63-8BE5-1CD75B57E90F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{1955E97E-9C07-46B6-B578-70B4B32BE4DA}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{197592AB-6462-486E-90BB-3A9896BF85A1}" = protocol=17 | dir=in | app=c:\program files\microsoft games\rise of nations\thrones.exe |
"{1981DC00-C263-45E8-9638-6C7E0929BDFD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{1B0CBA7B-6C0D-4B9A-AB53-C007D3BAD109}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1CA11C11-03B4-45C0-9C5F-D02BB0E7DAE1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{1ED5E498-6CD9-4823-8159-92523D6119F9}" = protocol=6 | dir=in | app=c:\users\nathan\appdata\local\akamai\netsession_win.exe |
"{2568159D-9477-4B10-96DB-A15EAA4F6013}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{27BB4EBE-B19E-44BD-A15E-096BE807D544}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2EE56045-373A-47C0-ABD7-6D4031DAAF40}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3030E610-5627-4E4D-99CA-4108A617AE64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3083D0B4-931A-4A37-B062-20E37A2E65DF}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{32114DEE-9454-4A21-905B-ED31921795A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3254EEA1-F003-4FE1-AB7C-0D95EF84519D}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{37559716-E8BF-4EB2-A6F9-2A8938A541C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3C3D618D-8C21-446E-A701-0E330F618B93}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{3DBF2B6A-8404-405B-B64C-AC0EE7B246FF}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe |
"{44C8751D-0A7A-4FDA-B9FB-8819996500E6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{453DE800-892C-48DC-AACC-26E554763F82}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{45A1C8A7-86E6-4997-BD41-07E636194830}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{464CA6DF-7693-4356-84F4-EA1010AC205D}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{47A8756A-9E3D-4932-858F-7ED90BDF68E6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{493BA7C4-FEFE-4BA3-991A-6A3D87D61841}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{4A165E71-D832-40E1-9678-3C127D41DBCE}" = protocol=6 | dir=in | app=c:\users\nathan\appdata\roaming\spotify\spotify.exe |
"{4AC6B872-1679-45F7-ABE1-DBB64D720AA4}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{4B1FFB41-3777-4BD0-9873-773B37036332}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{4B8BFB8E-8AD2-48A0-A6B4-64469BDB4125}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{4BFC95BD-0E12-4AE9-880C-A6EF2C5E3CCA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{4CECFE1B-6020-45D1-BE56-AC2DF4C06D27}" = protocol=17 | dir=in | app=c:\users\nathan\appdata\roaming\dropbox\bin\dropbox.exe |
"{4D322BBD-0732-4AC2-83C2-BCD63BF53A9A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rollercoaster tycoon 3 gold\rct3plus.exe |
"{4DF4C9FB-7ACA-4E55-82FE-9381A364EAAD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{5057EBA6-BAB5-4FD6-A1A1-7D54093DC2C9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{51B54271-90C6-45B3-8783-2E1A929D78B8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{533ABC04-0C62-4BFE-A203-4E6D8980C60D}" = protocol=6 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{54D1A701-8947-41A7-AAFA-793FEB476D3D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{54FA8460-ABB5-4123-B21B-4B8410F20F07}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{550ECA81-E0F5-40FE-B744-AA22E0C95C83}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{56B5F546-A7EC-467C-BCF3-8526A093F255}" = protocol=6 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{56D9B5FC-5C87-4A52-AE69-1E7B36799DC6}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe |
"{579AA5C9-6B7B-4EAF-871C-10C17B2DCA58}" = protocol=6 | dir=in | app=c:\users\nathan\appdata\roaming\dropbox\bin\dropbox.exe |
"{57C00378-F15F-4D10-B0A7-630FC4756DAD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe |
"{5B3C2F4A-4A29-4DD0-BFFA-DFC841AD341A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5DF4749E-643B-4533-B4DC-498278BE939C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{61DF4B3D-3120-4848-9FD9-7E8002F224FD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{62E21914-4B1B-4B6C-8052-D3CDA8A98702}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{63833263-AF52-4C78-ADED-C12F9C96DDDA}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{64042822-A249-4169-B1C5-D07F2ED94DEB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{672867DD-DEBE-4651-B9B4-BD706FE21AAD}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\srlogin.exe |
"{6E8BDC6E-7946-468E-83FF-B86C691893AE}" = protocol=6 | dir=out | app=c:\windows\ehome\mcrmgr.exe |
"{6FF19883-BBFB-4602-911E-ECD58ECA0166}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{707BA506-34B6-44D5-8CD3-BB7775CF5EA1}" = protocol=6 | dir=in | app=c:\program files\microsoft games\rise of nations\thrones.exe |
"{72063B18-6CEC-4328-9B54-BAC6039A3EC1}" = protocol=6 | dir=out | app=c:\windows\ehome\mcrmgr.exe |
"{74E08EA1-6BC1-4C96-A2AC-C8E35AFB0541}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{78B4B8FD-B922-4FBB-A1BF-D5890695EB2F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{79DB61CF-1185-4802-8484-D79530DB6C75}" = protocol=17 | dir=in | app=c:\users\nathan\appdata\local\akamai\netsession_win.exe |
"{840261C1-74D0-46BB-8646-BABD40BD3913}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{8570FE5B-3587-4B5B-8585-35E1BF6691FB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{85AE8BCE-9E28-4831-B2FE-A75EB57A48AE}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{869C0104-97F1-4422-9982-EEBA85054B2E}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{8B221514-77D1-4282-AC7E-B62C34465EB7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe |
"{8B4009A4-5382-4972-9B1D-EA94BC84AB8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{8B665357-B352-41F7-BD9F-F3E290217F50}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{8F9662CE-0BAB-49A0-B4B7-AAC2596BDAB2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{90A888C7-E048-4D0D-B0AD-BC363ACED5FD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{92398F70-999F-4AED-AC19-F3E85D2B616E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{92DAC024-3218-4373-8D45-7FA306A6AED3}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{979ED4C5-FD6C-42A9-A7B0-385E2608A7B5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{97F1CA41-FDE7-4701-B660-72FDDAB7F8F8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tropico 4\tropico4.exe |
"{996129C3-F436-4CAF-95A5-7E65CCE81CAB}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{9A02C211-266B-4B78-922C-F8D1CF9E924C}" = protocol=17 | dir=in | app=c:\users\nathan\appdata\roaming\spotify\spotify.exe |
"{9B467123-7C1C-4D3A-8ABB-634F69B4E6DA}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{9BA6CDF5-BCB2-4813-9A50-DE475F2FAD1C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9C8CF425-6487-4F5B-AF11-C187C57669CC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{9F113399-7A73-4753-B904-B4BDA10CC15D}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{9FE64682-31D4-467C-AD8C-F16D2653E8D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A067CB7F-C338-4D19-A02D-C879C66499C2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe |
"{A188356B-042C-43D1-A695-E860E7603632}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A21A3FE6-75E3-49FE-B1A1-8BCDB1A81E16}" = protocol=58 | dir=in | app=system |
"{A48F0EA6-284E-453F-AF48-592DCB8163FF}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{A813405F-4A4A-4CE4-98E9-48E12F8BBDAA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rollercoaster tycoon 3 gold\rct3plus.exe |
"{AA044495-BDEA-4B12-BF5F-89C17C3BA35B}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{AB95CC9F-D9EA-4F26-981D-08B965A72894}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{AEDA7674-606D-44A6-A88D-4A570B91B025}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{B0CBCF8D-E75F-49B7-BBEA-88EB1DF057E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{B15DFB48-6AD8-477A-90D6-C35B3415EBDD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B3C9C29A-5AAE-4B89-90EC-0D6D805355CB}" = protocol=6 | dir=out | app=system |
"{B6FDE48F-7B35-4F61-BC96-E76C4A294D20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BAE72955-8BDD-452E-B47E-FF7B721BAB5C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{BD4F0476-1F86-487F-AA60-785A80DF5BB1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{C019B98E-75E4-4764-9E9B-2AB8100EBC2C}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe |
"{C417D1DB-6937-4BF5-8DBE-2FB4DDF664BD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{C4DACC02-8E0F-4E7D-BB85-BD23266C9BD9}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{C53752AB-6693-4DB7-AE5B-F7AD1076B81F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{C82CBFBE-1A39-48BC-9DF9-A6A6F4002A7E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CAEA5CE3-1D89-4F30-AC80-3123480D727A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{CFCB3BB5-5235-4EFE-975F-2737A23CC990}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{D54C1118-3003-4C26-9AFD-B1C1B1E2FD57}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D6682BA6-F1CE-41EA-8039-7ECE03FB9924}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{D9520C34-5A90-4A5B-B20B-861CD24FD828}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tropico 4\tropico4.exe |
"{DF490F7A-7C38-4ADD-8224-8444A66ACCC9}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
"{E15C4724-4402-4FF8-8005-942D40AED1CB}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
"{E1D0F5C9-48A8-4EE9-A805-F452E6D9F897}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{E6910208-4F18-4DBD-A6E3-5400FBF79774}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{E77B8B04-9478-49A0-A101-CFFC149EE518}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{EC03625C-69D4-4F22-86F5-A16F37549055}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{EC7AF683-2898-4C88-95DB-4C54B3C07EC7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F10E3735-22D9-442E-9155-0E65FD98BB8F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tropico 4\tropico4.exe |
"{F1F0516F-CA24-4C23-9021-AB3094919465}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tropico 4\tropico4.exe |
"{F7173DB7-9ED7-45DF-82EF-595873C6377D}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe |
"{FB18338E-3233-4738-A88D-8CE3E5C06151}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{FE2CA579-7C62-4346-A9C4-7640506042F3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{2A4EB33F-A510-4512-83A8-CACBC189A06B}C:\users\nathan\downloads\spotify.exe" = protocol=6 | dir=in | app=c:\users\nathan\downloads\spotify.exe |
"TCP Query User{2C7FF758-B5ED-49EA-A2F0-52301F967741}C:\program files\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files\magictune premium\magictune.exe |
"TCP Query User{2D0A3CBA-C9A2-4FEF-9836-0CB266154102}C:\program files\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files\magictune premium\magictune.exe |
"TCP Query User{436C6A54-C3AD-4899-9D14-E6BA7FF5C021}C:\users\nathan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\nathan\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{4E39E453-306F-4553-A32A-3E39F3B2AD6C}C:\program files\tightvnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files\tightvnc\winvnc.exe |
"TCP Query User{729765E4-360F-4B2A-B6F2-4C98BE7F4F39}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{8A3E5C22-0EAF-484C-8E89-21110CF1C066}C:\users\nathan\downloads\spotify installer.exe" = protocol=6 | dir=in | app=c:\users\nathan\downloads\spotify installer.exe |
"TCP Query User{9A1479DB-7742-4514-BBDC-A99B8AF53680}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{9E5120CE-8151-4B64-B3E8-74F044DAE5AF}C:\users\nathan\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nathan\appdata\local\akamai\netsession_win.exe |
"TCP Query User{A10D49BE-EBE0-408C-A6E5-B1436528E3BF}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{A67CEBF0-E2A2-4B22-94B8-1F3A21B90773}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B8673798-6A54-47F9-8E21-E0F0666B3D31}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{BB3D3260-75FF-439E-AA47-D357B4A7CF06}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"TCP Query User{D326D483-EF29-4839-A9BC-4BB21152717C}C:\users\nathan\downloads\spotify installer.exe" = protocol=6 | dir=in | app=c:\users\nathan\downloads\spotify installer.exe |
"TCP Query User{E5F00BB3-F5FF-4EC8-8A64-D7ECBBA0AF88}C:\users\nathan\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\nathan\appdata\roaming\spotify\spotify.exe |
"TCP Query User{F1432713-C4C4-4405-9144-B32DA9E36DB3}C:\program files\google\google sketchup 8\sketchup.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 8\sketchup.exe |
"TCP Query User{F2BBC428-A4FA-4409-B487-C44E46D0D7EE}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{1FA10DE0-F0E9-43C9-A9D8-D905E7880DAA}C:\users\nathan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\nathan\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{269696D2-E59B-49FC-85D5-24207BE5FD4A}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{269AF8A5-CF9B-4EBD-B8B2-0C73551CB936}C:\program files\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files\magictune premium\magictune.exe |
"UDP Query User{30C53BF8-CD82-4380-878C-0E72D0C601BD}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{4DB9A561-E773-4029-A4AB-62D6F3782D47}C:\users\nathan\downloads\spotify installer.exe" = protocol=17 | dir=in | app=c:\users\nathan\downloads\spotify installer.exe |
"UDP Query User{4FA2FFCA-37A8-4C63-A392-311F39894BF3}C:\program files\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files\magictune premium\magictune.exe |
"UDP Query User{552F49D3-255A-4191-B8BC-CEE3EA9B6BC1}C:\program files\tightvnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files\tightvnc\winvnc.exe |
"UDP Query User{62FFB00B-FA7B-48F4-8D41-7E282C1E2D43}C:\users\nathan\downloads\spotify installer.exe" = protocol=17 | dir=in | app=c:\users\nathan\downloads\spotify installer.exe |
"UDP Query User{7290F67C-7198-4E2C-B472-E1CC1950115A}C:\users\nathan\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nathan\appdata\local\akamai\netsession_win.exe |
"UDP Query User{7BC6EB37-3BB6-4455-BC97-76E33A73A24A}C:\users\nathan\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\nathan\appdata\roaming\spotify\spotify.exe |
"UDP Query User{97F45FEA-6E8C-4D2B-A6B5-C8C5EC234625}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"UDP Query User{A1CD8AAB-D427-4274-9924-4B86FB83B022}C:\program files\google\google sketchup 8\sketchup.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 8\sketchup.exe |
"UDP Query User{A5B924D3-88CA-42F4-8FEC-1FEB5B2BD136}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{AB1AB7F6-D117-4B97-BFA5-B1AD42BD89F9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D75A720A-A9EC-49F8-981F-FD06D676969C}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"UDP Query User{EB1A8164-1D31-4483-8706-4C721B7D87F3}C:\users\nathan\downloads\spotify.exe" = protocol=17 | dir=in | app=c:\users\nathan\downloads\spotify.exe |
"UDP Query User{EB8C2B85-7A45-48DB-8507-4987C8A0A65B}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{25653817-9502-41A5-A24D-FED750611E98}" = EPSON Perfection V500 Photo Scanner Driver Update
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37D9C685-0F4B-2D8E-59E3-3CE151CE0051}" = ATI Catalyst Install Manager
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D3D1E03-D506-4163-B600-82EE27FC5A89}" = Microsoft Camera Codec Pack
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4283ACFF-437C-400E-A1C8-445B57CC145A}" = VMLite Workstation
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AAC5AE8-EDE6-44D4-AA87-E90870178FDE}" = Minitab 15 English
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5ED9E38C-9A96-49D8-89B3-92E278003FCF}" = TRS2006
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{624A02E4-8F95-43F6-9EF3-7E437AB9B80B}" = VZAccess Manager
"{635C3D63-D901-4119-9AD2-852D10DCB937}" = 3dem
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69F962F7-3761-4704-9E4B-24FF10F77111}" = MagicTune Premium
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B03B4E6-E3F9-11D5-B9D9-00D0B75C082C}" = Polaroid Dust and Scratch Removal v1.0.0.15.2e
"{7B4B0AA9-F97E-49C4-AE6F-D40580B65A22}" = onOne PerfectPresets
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E10A7CC-B4B4-4BF0-A75E-9F960D58AAC4}_is1" = RebateRobot for Online Shopping version 1.0.1
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_EXCEL_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_POWERPOINT_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{90120000-0019-0000-0000-0000000FF1CE}_PUBLISHER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0000-0000-0000000FF1CE}_PUBLISHER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOK_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_Access_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOK_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_Access_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOK_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_Access_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_EXCEL_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOK_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_POWERPOINT_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_Access_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_Access_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93F78676-9219-4C9D-9E24-FAA187C4DF1E}" = ZTE USB Drivers
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{964D07BE-460C-4862-B59C-49575B8F46DC}" = Google SketchUp Pro 8
"{9985ABB2-14F3-4825-B5AF-0EFB23F715CB}" = Badongo
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E051993-7665-FE91-148D-3B0855E57F70}" = Amazon MP3 Uploader
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83C6C34-3007-422A-9E56-A74996BCCDBD}" = LogMeIn
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDE1289F-4025-41A5-AD17-101DB4D82CA7}" = TRS2004
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0ACE207-0F90-402C-8CFA-2CB3D44CE689}" = Adobe Photoshop Lightroom 3.6
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DED4B209-F114-4D85-BADB-2D702B15D2D7}_is1" = LDraw Parts Library 2010-03
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E60B8506-DDC7-433d-AF9E-999D0F543C4A}" = 2570_Help
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EA7FE7AB-34AE-4e14-84C5-187E6EC0AB9B}" = 2570
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC346DB0-4207-4756-8283-26580372DAE3}" = Bloom
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F51C2A69-D2E2-4813-AAD7-618D2BF85DFD}" = AVG 2012
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F66D5732-C2A6-4f88-B8FE-AEDA10355FBD}" = 2570Trb
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Access" = Microsoft Office Access 2007
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"AuranTS2009_DLC2_is1" = Trainz 'PRR T1 - A Fleet of Modernism' Addon Pack
"AuranTS2009_is1" = TS2009: Murchsion Pack
"AVG" = AVG 2012
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Blender" = Blender
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Carbonite Backup" = Carbonite
"CCleaner" = CCleaner
"Cities XL 2011" = Cities XL 2011
"com.amazon.music.uploader" = Amazon MP3 Uploader
"DivX Setup.divx.com" = DivX Setup
"DPP" = Canon Utilities Digital Photo Professional 3.7
"Elite Proxy Switcher_is1" = Elite Proxy Switcher 1.18
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Scanner" = EPSON Scan
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EXCEL" = Microsoft Office Excel 2007
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Free Download Manager_is1" = Free Download Manager 3.0
"Free Studio_is1" = Free Studio version 4.3
"Game Booster_is1" = Game Booster 3
"GameSpy Arcade" = GameSpy Arcade
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"IrfanView" = IrfanView (remove only)
"Klinn's ElectroSet (RCT3)_is1" = Klinn's ElectroSet Version 2
"Klinn's Framework (RCT3)_is1" = Klinn's Framework Version 2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"NirSoft ShellExView" = NirSoft ShellExView
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OUTLOOK" = Microsoft Office Outlook 2007
"PeerGuardian_is1" = PeerGuardian 2.0
"PEVAssetX" = PEVSoft AssetX
"PEVattachmentmaker" = PEVSoft AttachmentMaker
"PEVImages2TGA" = PEVSoft Images2TGA
"PEVMesh_Viewer2" = PEVSoft Trainz Mesh Viewer 2
"PEVpm2im" = PEVSoft PM2IM 2
"PEVquickshadows" = PEVSoft QuickShadows
"PhotoStitch" = Canon Utilities PhotoStitch
"POWERPOINT" = Microsoft Office PowerPoint 2007
"PUBLISHER" = Microsoft Office Publisher 2007
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"RiseOfNationsExpansion 1.0" = Rise of Nations
"Ship Simulator Extremes_is1" = Ship Simulator Extremes
"Shipsim2008" = Ship Simulator 2008
"Shop for HP Supplies" = Shop for HP Supplies
"Silent Package Run-Time Sample" = EPSON Perfection V500P User's Guide
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SS2008 RED EAGLE SUPER PACK_is1" = SS2008 RED EAGLE SUPER PACK
"SS2008 RED JET SUPER PACK_is1" = SS2008 RED JET SUPER PACK
"Steam App 10500" = Empire: Total War
"Steam App 2700" = Rollercoaster Tycoon 3 Platinum
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 400" = Portal
"Steam App 57690" = Tropico 4
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"TightVNC_is1" = TightVNC 1.3.10
"Trainz Tuner" = Trainz Tuner
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"Uninstall_is1" = Uninstall 1.0.0.1
"Vehicle Simulator_is1" = Vehicle Simulator
"Videora iPod Converter" = Videora iPod Converter 5.03
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007
"Xilisoft HD Video Converter 6" = Xilisoft HD Video Converter 6
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"YouTube Downloader App" = YouTube Downloader App 2.03
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-541655578-1006378361-3361530724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows
"Akamai" = Akamai NetSession Interface
"BSC Cleanitol TM" = BSC Cleanitol TM
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"HMAS SUCCESS AOR304 - For Vehicle Simulator" = HMAS SUCCESS AOR304 - For Vehicle Simulator
"HMAS WESTRALIA AO195 - For Vehicle Simulator" = HMAS WESTRALIA AO195 - For Vehicle Simulator
"Move Media Player" = Move Media Player
"NAM Essentials" = NAM Essentials r85
"Network Addon Mod" = Network Addon Mod Version 29
"Network Widening Mod" = Network Widening Mod Version 1.1.1
"RealHighway Mod" = RealHighway Mod Version 4.1.0
"SC4Mapper" = SC4Mapper
"Spotify" = Spotify
"The Klub 17" = The Klub 17
"Traffic Simulator Configuration Tool" = Traffic Simulator Configuration Tool
 
Extras.txt part 2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/15/2011 2:43:09 AM | Computer Name = Nathan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7600.16385,
time stamp: 0x4a5bccb3 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850,
time stamp: 0x4e21132b Exception code: 0x0000046b Fault offset: 0x00009673 Faulting
process id: 0x1698 Faulting application start time: 0x01ccba73f117bb36 Faulting application
path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 0cf5c552-26e8-11e1-ad13-001fd08149e9

Error - 12/16/2011 2:55:35 AM | Computer Name = Nathan-PC | Source = Application Hang | ID = 1002
Description = The program trainz.exe version 1.5.0.46957 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 6f1c Start
Time: 01ccbbbf416ea86f Termination Time: 32 Application Path: C:\Program Files\N3V
Games\TS12\bin\trainz.exe Report Id: ed783233-27b2-11e1-9551-001fd08149e9

Error - 12/16/2011 4:31:10 AM | Computer Name = Nathan-PC | Source = VSS | ID = 8193
Description =

Error - 12/16/2011 4:31:10 AM | Computer Name = Nathan-PC | Source = VSS | ID = 13
Description =

Error - 12/16/2011 4:31:10 AM | Computer Name = Nathan-PC | Source = VSS | ID = 8193
Description =

Error - 12/16/2011 6:57:28 PM | Computer Name = Nathan-PC | Source = Application Hang | ID = 1002
Description = The program trainz.exe version 1.5.0.46957 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2ea0 Start
Time: 01ccbc3a5208d78b Termination Time: 520 Application Path: C:\Program Files\N3V
Games\TS12\bin\trainz.exe Report Id: 91706235-282f-11e1-bd08-001fd08149e9

Error - 12/17/2011 6:10:09 PM | Computer Name = Nathan-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 12/18/2011 3:49:44 AM | Computer Name = Nathan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ContentManager.exe, version: 1.0.0.12345,
time stamp: 0x4da2381e Faulting module name: LIBEAY32.dll, version: 0.9.8.5, time
stamp: 0x45e4dd6e Exception code: 0xc0000005 Fault offset: 0x00041843 Faulting process
id: 0x940 Faulting application start time: 0x01ccbce9f87da41e Faulting application
path: C:\Program Files\N3V Games\TS12\bin\ContentManager.exe Faulting module path:
C:\Program Files\N3V Games\TS12\bin\LIBEAY32.dll Report Id: d949a7a4-294c-11e1-9dd5-001fd08149e9

Error - 12/19/2011 1:09:47 PM | Computer Name = Nathan-PC | Source = Application Hang | ID = 1002
Description = The program trainz.exe version 1.5.0.46957 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2630 Start
Time: 01ccbe6fcf871568 Termination Time: 813 Application Path: C:\Program Files\N3V
Games\TS12\bin\trainz.exe Report Id: 2568c37a-2a64-11e1-ad65-001fd08149e9

Error - 12/20/2011 7:19:28 PM | Computer Name = Nathan-PC | Source = Application Hang | ID = 1002
Description = The program trainz.exe version 1.5.0.46957 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 3e1c Start
Time: 01ccbf53d8649c7e Termination Time: 2400 Application Path: C:\Program Files\N3V
Games\TS12\bin\trainz.exe Report Id: fcf83f5b-2b60-11e1-9dd3-001fd08149e9

[ Media Center Events ]
Error - 2/9/2012 9:33:30 PM | Computer Name = Nathan-PC | Source = MCUpdate | ID = 0
Description = 8:33:29 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 2/9/2012 9:33:44 PM | Computer Name = Nathan-PC | Source = MCUpdate | ID = 0
Description = 8:33:30 PM - Failed to retrieve Broadband (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 2/9/2012 9:33:51 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 543
Description =

Error - 2/9/2012 11:13:26 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 543
Description =

Error - 2/10/2012 12:59:45 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 116
Description =

Error - 2/10/2012 1:32:16 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 701
Description =

Error - 2/10/2012 1:32:16 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 700
Description =

Error - 2/10/2012 1:34:12 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 701
Description =

Error - 2/10/2012 1:36:12 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =

Error - 2/10/2012 1:36:19 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 112
Description =

[ OSession Events ]
Error - 2/3/2010 3:52:57 AM | Computer Name = Nathan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23973
seconds with 420 seconds of active time. This session ended with a crash.

Error - 3/1/2012 7:47:58 PM | Computer Name = Nathan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14312
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 3/31/2012 2:44:05 AM | Computer Name = Nathan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 50650
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/26/2012 11:35:04 PM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/27/2012 12:25:43 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/27/2012 12:52:29 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/27/2012 3:49:29 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/27/2012 7:15:15 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/27/2012 9:09:19 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/27/2012 10:43:07 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/27/2012 10:28:44 PM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/28/2012 10:07:33 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/28/2012 11:17:29 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =


< End of report >
 
FSS.txt

Farbar Service Scanner Version: 27-05-2012
Ran by Nathan (administrator) on 28-05-2012 at 21:20:29
Running from "C:\Users\Nathan\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
MBRCheckLog

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: EP45-UD3P
Logical Drives Mask: 0x00006e7d

Kernel Drivers (total 201):
0x82E3A000 \SystemRoot\system32\ntkrnlpa.exe
0x82E03000 \SystemRoot\system32\halmacpi.dll
0x80B9B000 \SystemRoot\system32\kdcom.dll
0x8BA39000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8BABE000 \SystemRoot\system32\PSHED.dll
0x8BACF000 \SystemRoot\system32\BOOTVID.dll
0x8BAD7000 \SystemRoot\system32\CLFS.SYS
0x8BB19000 \SystemRoot\system32\CI.dll
0x8BC37000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BCA8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BCB6000 \SystemRoot\System32\Drivers\spnn.sys
0x8BDB7000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8BDC0000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8BE39000 \SystemRoot\system32\drivers\ACPI.sys
0x8BE81000 \SystemRoot\system32\drivers\msisadrv.sys
0x8BE89000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8BE94000 \SystemRoot\system32\drivers\pci.sys
0x8BEBE000 \SystemRoot\System32\drivers\partmgr.sys
0x8BECF000 \SystemRoot\system32\drivers\volmgr.sys
0x8BEDF000 \SystemRoot\System32\drivers\volmgrx.sys
0x8BF2A000 \SystemRoot\system32\drivers\pciide.sys
0x8BF31000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8BF3F000 \SystemRoot\System32\drivers\mountmgr.sys
0x8BF55000 \SystemRoot\system32\drivers\vmbus.sys
0x8BF7F000 \SystemRoot\system32\drivers\winhv.sys
0x8BF91000 \SystemRoot\system32\drivers\atapi.sys
0x8BF9A000 \SystemRoot\system32\drivers\ataport.SYS
0x8BFBD000 \SystemRoot\system32\drivers\amdxata.sys
0x8BFC6000 \SystemRoot\system32\drivers\fltmgr.sys
0x8BE00000 \SystemRoot\system32\drivers\fileinfo.sys
0x8BE11000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8C00C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C13B000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C166000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C179000 \SystemRoot\System32\Drivers\cng.sys
0x8C1D6000 \SystemRoot\System32\drivers\pcw.sys
0x8C1E4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C23E000 \SystemRoot\system32\drivers\ndis.sys
0x8C2F5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C333000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C408000 \SystemRoot\System32\drivers\tcpip.sys
0x8C552000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C583000 \SystemRoot\system32\drivers\vmstorfl.sys
0x8C58C000 \SystemRoot\system32\drivers\volsnap.sys
0x8C5CB000 \SystemRoot\System32\Drivers\spldr.sys
0x8C5D3000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C358000 \SystemRoot\System32\Drivers\mup.sys
0x8C400000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C368000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C39A000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C3AB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C3D0000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8C3D7000 \SystemRoot\system32\DRIVERS\avgidshx.sys
0x8C211000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C230000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8C1ED000 \SystemRoot\System32\Drivers\Null.SYS
0x8C1F4000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C3FC000 \SystemRoot\system32\drivers\MTiCtwl.sys
0x8C000000 \SystemRoot\System32\drivers\vga.sys
0x8BC00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BE1B000 \SystemRoot\System32\drivers\watchdog.sys
0x8BE28000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BE30000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BC21000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8BC29000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BDE6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BBC4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BDF4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9203B000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x92082000 \SystemRoot\System32\DRIVERS\netbt.sys
0x920B4000 \SystemRoot\system32\drivers\afd.sys
0x9210E000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x92117000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x9211E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9213D000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x9214D000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x9215E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9216C000 \SystemRoot\system32\DRIVERS\serial.sys
0x92186000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92199000 \SystemRoot\system32\drivers\vpcvmm.sys
0x921E0000 \SystemRoot\system32\drivers\vmliteusbmon.sys
0x92000000 \SystemRoot\system32\drivers\vmlitedrv.sys
0x92007000 \SystemRoot\system32\drivers\VBoxDrv.sys
0x92029000 \SystemRoot\system32\drivers\termdd.sys
0x9262B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9266C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92676000 \SystemRoot\system32\drivers\mssmbios.sys
0x92680000 \SystemRoot\System32\drivers\discache.sys
0x9268C000 \SystemRoot\system32\drivers\csc.sys
0x926F0000 \SystemRoot\System32\Drivers\dfsc.sys
0x92708000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x92716000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x9274D000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x9276E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x93205000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x93D0D000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x93D0F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x93DC6000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92780000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9278B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x927D6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x92600000 \SystemRoot\system32\drivers\HDAudBus.sys
0x8BBDB000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x94038000 \SystemRoot\system32\DRIVERS\atinavrr.sys
0x94141000 \SystemRoot\system32\DRIVERS\ks.sys
0x94175000 \SystemRoot\system32\DRIVERS\NCREMOTEPCI.SYS
0x94179000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9417B000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x9417E000 \SystemRoot\system32\drivers\1394ohci.sys
0x941AB000 \SystemRoot\system32\DRIVERS\fdc.sys
0x941B6000 \SystemRoot\system32\DRIVERS\serenum.sys
0x941C0000 \SystemRoot\system32\DRIVERS\parport.sys
0x941D8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x94000000 \SystemRoot\System32\Drivers\a1ar6w9g.SYS
0x941DE000 \SystemRoot\system32\drivers\CompositeBus.sys
0x941EB000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0x941EC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x927E5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9261F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x94624000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9463C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x94653000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9466A000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
0x94681000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x9468B000 \SystemRoot\system32\drivers\kbdclass.sys
0x94698000 \SystemRoot\system32\drivers\mouclass.sys
0x946A5000 \SystemRoot\system32\DRIVERS\vmlitestor.sys
0x946CA000 \SystemRoot\system32\DRIVERS\storport.sys
0x94712000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
0x9472C000 \SystemRoot\system32\drivers\swenum.sys
0x9472E000 \SystemRoot\system32\drivers\umbus.sys
0x9473C000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x94754000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x94761000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x94797000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x947DB000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x947E5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x94A35000 \SystemRoot\system32\drivers\HdAudio.sys
0x94A85000 \SystemRoot\system32\drivers\portcls.sys
0x94AB4000 \SystemRoot\system32\drivers\drmk.sys
0x94ACD000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x94AE4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x94AFB000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x94B05000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x94B0C000 \SystemRoot\system32\drivers\hidusb.sys
0x94B17000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x94B2A000 \SystemRoot\system32\drivers\kbdhid.sys
0x94B36000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x94B41000 \SystemRoot\system32\DRIVERS\point32.sys
0x94B4A000 \SystemRoot\system32\DRIVERS\netr28u.sys
0x94BF3000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x94A00000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x94A0E000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x94A19000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x94600000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x94E0F000 \SystemRoot\System32\Drivers\fastfat.SYS
0x94E39000 \SystemRoot\System32\Drivers\crashdmp.sys
0x94E46000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x94E51000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x94E5A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9CB30000 \SystemRoot\System32\win32k.sys
0x94E6B000 \SystemRoot\System32\drivers\Dxapi.sys
0x94E75000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9CD90000 \SystemRoot\System32\TSDDD.dll
0x9CDC0000 \SystemRoot\System32\cdd.dll
0x9CA00000 \SystemRoot\System32\ATMFD.DLL
0x94E80000 \SystemRoot\system32\drivers\luafv.sys
0x94E9B000 \SystemRoot\system32\drivers\WudfPf.sys
0x94EB5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x94EC5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x94F0B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x94F1B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x94F2E000 \SystemRoot\system32\drivers\HTTP.sys
0x94FB3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x94FD4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x94FED000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA343B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA345E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA3499000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA34B4000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3504000 \SystemRoot\System32\DRIVERS\srv.sys
0xA3556000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xA355D000 \SystemRoot\system32\DRIVERS\avgidsshimx.sys
0xA3560000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0xA3562000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
0xABA27000 \SystemRoot\system32\drivers\peauth.sys
0xABABE000 \SystemRoot\System32\Drivers\secdrv.SYS
0xABAC8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xABAD5000 \SystemRoot\system32\DRIVERS\avgidsfilterx.sys
0xABADA000 \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
0xABAFB000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xABB1C000 \SystemRoot\System32\drivers\rdpdr.sys
0xABB41000 \SystemRoot\system32\drivers\tdtcp.sys
0xABB4C000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xABB59000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xABBF5000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x776A0000 \Windows\System32\ntdll.dll
0x47A30000 \Windows\System32\smss.exe
0x778E0000 \Windows\System32\apisetschema.dll
0x10000000 \Program Files\Alcohol Soft\Alcohol 52\alcoholx.dll

Processes (total 75):
0 System Idle Process
4 System
280 C:\Windows\System32\smss.exe
364 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
420 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
680 csrss.exe
748 csrss.exe
756 C:\Windows\System32\wininit.exe
796 C:\Windows\System32\services.exe
820 C:\Windows\System32\lsass.exe
828 C:\Windows\System32\lsm.exe
908 C:\Windows\System32\winlogon.exe
980 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\nvvsvc.exe
1080 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\svchost.exe
1504 C:\Windows\System32\nvvsvc.exe
1576 C:\Windows\System32\svchost.exe
1768 C:\Windows\System32\spoolsv.exe
1804 C:\Windows\System32\svchost.exe
576 PrintIsolationHost.exe
692 C:\Windows\System32\svchost.exe
1064 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1528 C:\Windows\System32\dwm.exe
1636 C:\Windows\explorer.exe
1544 C:\Windows\System32\taskhost.exe
944 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
2064 C:\Program Files\Bonjour\mDNSResponder.exe
2132 C:\Windows\System32\svchost.exe
2168 C:\Windows\System32\svchost.exe
2292 C:\Windows\System32\svchost.exe
2360 C:\Windows\System32\svchost.exe
2440 C:\Windows\System32\svchost.exe
2516 C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
2544 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2668 C:\Program Files\AVG\AVG2012\avgidsagent.exe
2716 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2984 C:\Program Files\Microsoft IntelliType Pro\itype.exe
2992 C:\Program Files\iTunes\iTunesHelper.exe
3000 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3008 C:\Program Files\AVG\AVG2012\avgtray.exe
3036 C:\Users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
3640 C:\Program Files\iPod\bin\iPodService.exe
3712 C:\Windows\System32\SearchIndexer.exe
3740 C:\Program Files\AVG\AVG2012\avgnsx.exe
3748 C:\Program Files\AVG\AVG2012\avgemcx.exe
3860 C:\Windows\System32\svchost.exe
2344 WUDFHost.exe
5416 C:\Windows\System32\svchost.exe
5024 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
4568 C:\Windows\System32\conhost.exe
5468 C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
5160 C:\Windows\System32\conhost.exe
5480 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
1340 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
5092 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
4644 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
4956 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
3624 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
5676 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
5988 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
1480 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
4440 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
4616 C:\Windows\System32\notepad.exe
5940 C:\Windows\System32\notepad.exe
5208 C:\Windows\System32\audiodg.exe
2772 WmiPrvSE.exe
4584 <unknown>
4544 <unknown>
3412 C:\Users\Nathan\Desktop\MBRCheck.exe
6124 C:\Windows\System32\conhost.exe
5352 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3500320AS, Rev: SD15
PhysicalDrive1 Model Number: WDCWD1001FALS-00J7B0, Rev: 05.00K05
PhysicalDrive2 Model Number: SeagatePortable, Rev: 0130

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
931 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
931 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
Hi boatnerd06,

Thank you for the logs and update. :)

Please confirm what OS, if any, is installed on the F: drive.

Again, please remember to read the instructions below carefully before executing and perform the steps exactly in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before proceeding please make sure any open programs are closed.

Step 1:
MGA Diagnostics

  1. Please download this tool from Microsoft and Save it to your Desktop.
  2. Right-click on MGADiag.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
  3. Click on the Continue button to proceed.
  4. The program will now run. It will take a short while to complete its diagnosis, please be patient.
  5. When it has finished click on the Copy button.
  6. Go to Start > All Programs > Accessories > Notepad.
  7. This will open an empty Notepad file.
  8. Paste the copied contents into the new Notepad window and Save the file as mgadiag.txt to your Desktop.
  9. Click on the OK button to exit the MGA Diagnostics program.
  10. Then Copy and Paste the entire contents of mgadiag.txt into your next reply.
Step 2:
WVCheck

  1. Please download WVCheck and Save it to your Desktop.
  2. Right-click on WVCheck.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
  3. Read the comments on the screen and then press Enter.
    The scan can take a while depending on the size of your hard drive.
  4. Once the program is finished, a scan report named WVCheck_hhmm_dd-mm-yyyy.txt will automatically saved to your Desktop and opened in Notepad.
  5. Please Copy and Paste the entire contents of WVCheck_hhmm_dd-mm-yyyy.txt into your next reply.
Step 3:
CKScanner

  1. Please download CKScanner and Save it to your Desktop.
    Make sure that CKScanner.exe is on your Desktop before running the application!
  2. Right-click on CKScanner.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
  3. Then click on the Search For Files button.
  4. When the scan has finished (- the hourglass cursor will disappear when the scan has completed) click on the Save List To File button.
    A text file will be created on your Desktop named ckfiles.txt. A message box will verify the file saved.
    Note: Please run the program ONCE only.
  5. Click on the Exit button to close the program.
  6. Double-click on the ckfiles.txt file to open it.
  7. Then Copy and Paste the entire contents of the file into your next reply.
Step 4:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. What OS, if any, is installed on the F: drive?
  3. mgadiag.txt.
  4. WVCheck_hhmm_dd-mm-yyyy.txt.
  5. ckfiles.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
 
You must log in or register to reply here.
Back
Top