View Full Version : A simple browser hijacker, I hope.
Hello :). Starting on July 17th, I started encountering browser hijacking. It happens on both Internet Explorer and Firefox. I have encountered this on both Google and Yahoo. When I try to click on a search result, the hijacker forwards me to a different page that is most certainly not the link I clicked on. These are usually garbage "search engines" or antivirus ads.
As a temporary solution, I have started using Blocksite to blacklist the domains that the hijacker is forwarding me to. This has protected me from the spyware- ridden sites, but the hijacker still tries to forward me to them, which is annoying :P.
I have already tried the following to remove them:
Spybot Search and Destroy
Spybot Search and Destroy 2
McAfee Security Center
Malwarebytes Anti- malware
AVG Antivirus
None of these programs detected any sign of infection, except Spybot S&D 2 which keeps finding some tracking cookies.
I have backed up my registry. Thanks in advance your for help. Here is my DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Matthew at 21:01:11 on 2012-07-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8180.5913 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Spybot - Search and Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Alienware\AlienFX\AlienwareAlienFXController.exe
C:\Program Files\Dell\XPS Thermal Monitor\ThermalApp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Logitech\G35\G35.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Alienware\AlienFX\AlienFXHook32Mngr.exe
C:\Program Files\Alienware\AlienFX\AlienFXHook64Mngr.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.shawneelink.net
uWindow Title = Microsoft Internet Explorer provided by ShawneeLink
mWindow Title = ShawneeLink
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120626123001.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [XPS Thermal Monitor] "C:\Program Files\Dell\XPS Thermal Monitor\ThermalApp.exe"
uRun: [Citrix] rundll32.exe "C:\Users\Matthew\AppData\Local\DataSafeOnline\Citrix\fvuldh.dll",CreateInstance
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Matthew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\G35\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MI1933~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MI1933~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\BfLLR.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E682FBAB-81CA-4273-A76D-AE65C47E9500} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FF9C67AB-5215-40DD-8C79-6340E99DF643} : NameServer = 216.240.66.19
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120626123001.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun-x64: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 192.168.254.2 mykillernic
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\z7yr9m7x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/05/12 12:12:09];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-5-12 146928]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-14 361984]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2008-10-2 122880]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
R2 Apache2.2;Remote Access Media Server;C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [2007-9-21 15872]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 dsl-db;Remote Access DB;C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2007-9-14 5730304]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-1 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-1 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-1 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-1 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-1 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-1 162192]
R2 RadeonPro Support Service;RadeonPro Support Service;C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [2011-11-17 12800]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-7-18 1188896]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-7-18 1395736]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-7-18 166528]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-5-21 24652]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\system32\DRIVERS\AmdLLD64.sys --> C:\Windows\system32\DRIVERS\AmdLLD64.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH6.sys --> C:\Windows\system32\drivers\AtihdLH6.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 Nv834x64;Killer NIC Gaming Adapter Service;C:\Windows\system32\DRIVERS\nv834x64.sys --> C:\Windows\system32\DRIVERS\nv834x64.sys [?]
R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\t3.sys --> C:\Windows\system32\drivers\t3.sys [?]
S2 AODService;AODService; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2009-5-12 79360]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-10-31 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-7-26 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2009-10-31 79360]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-10-27 130976]
S3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys --> C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys [?]
S3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys --> C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys [?]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 NvEdge64;Killer NIC NDIS-Edge Service;C:\Windows\system32\DRIVERS\NvEdge64.sys --> C:\Windows\system32\DRIVERS\NvEdge64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-5-30 89920]
S4 dsl-fs-sync;Remote Access File Sync Service;C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-1-5 173296]
S4 Killer Port Manager;Killer Port Manager;C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe [2010-12-24 238080]
S4 uvnc_service;UltraVNC Server;C:\ProgramData\UltraVNC\winvnc.exe -service --> C:\ProgramData\UltraVNC\winvnc.exe -service [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-07-21 21:01:30 -------- d-----w- C:\Users\Matthew\AppData\Roaming\Ad-Aware Antivirus
2012-07-20 13:16:34 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94512789-CFD3-4DC0-9F5F-957EF97C9838}\mpengine.dll
2012-07-18 22:14:35 -------- d-----w- C:\Program Files\HitmanPro
2012-07-18 22:13:51 -------- d-----w- C:\ProgramData\HitmanPro
2012-07-18 15:59:43 -------- d--h--w- C:\ProgramData\Common Files
2012-07-18 15:59:43 -------- d-----w- C:\ProgramData\MFAData
2012-07-18 13:41:24 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-07-18 13:31:22 -------- d-----w- C:\Users\Matthew\AppData\Roaming\Safer Networking
2012-07-18 13:30:54 -------- d-----w- C:\Program Files (x86)\Safer Networking
2012-07-17 17:30:09 -------- d-----w- C:\Program Files (x86)\NoVirusThanks
2012-07-11 20:39:50 -------- d-----w- C:\Users\Matthew\AppData\Roaming\XRay Engine
2012-07-10 21:16:24 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-06-26 17:30:00 29312 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2012-06-25 03:24:25 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-25 03:24:25 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-23 23:26:11 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-23 23:25:52 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-23 23:25:52 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-23 23:25:44 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-23 23:25:44 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-23 23:25:44 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-23 23:25:44 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-19 23:05:10 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-19 23:05:09 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-13 13:58:27 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-01 14:29:44 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-23 16:25:30 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-23 16:25:30 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-23 16:25:30 1267200 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-23 16:00:53 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-23 16:00:53 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-23 16:00:53 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
.
============= FINISH: 21:02:18.68 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Sorry for the delay, sometimes a log or two may fall through the cracks, but i'm linked to you now
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
Thank you for your response :). I ran aswMBR.exe. It didn't detect anything, and I am still having the redirect symptoms.
Here is my aswMBR.exe log:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-26 12:24:21
-----------------------------
12:24:21.111 OS Version: Windows x64 6.0.6002 Service Pack 2
12:24:21.111 Number of processors: 4 586 0x402
12:24:21.111 ComputerName: SNIPER4 UserName: Matthew
12:24:22.780 Initialize success
12:29:05.239 AVAST engine defs: 12072601
12:30:06.079 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
12:30:06.079 Disk 0 Vendor: Hitachi_ GK8O Size: 715404MB BusType: 8
12:30:06.094 Disk 0 MBR read successfully
12:30:06.094 Disk 0 MBR scan
12:30:06.094 Disk 0 Windows VISTA default MBR code
12:30:06.094 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
12:30:06.110 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 129024
12:30:06.126 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 705100 MB offset 21100544
12:30:06.141 Disk 0 scanning C:\Windows\system32\drivers
12:30:18.559 Service scanning
12:30:40.804 Modules scanning
12:30:40.804 Disk 0 trace - called modules:
12:30:40.820 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
12:30:40.820 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007edc060]
12:30:40.820 3 CLASSPNP.SYS[fffffa60010a5c33] -> nt!IofCallDriver -> \Device\00000064[0xfffffa8007dc2060]
12:30:42.318 AVAST engine scan C:\Windows
12:30:45.937 AVAST engine scan C:\Windows\system32
12:34:49.671 AVAST engine scan C:\Windows\system32\drivers
12:35:05.895 AVAST engine scan C:\Users\Matthew
12:53:56.755 AVAST engine scan C:\ProgramData
13:00:52.604 Scan finished successfully
14:00:26.860 Disk 0 MBR has been saved successfully to "C:\Users\Matthew\Desktop\MBR.dat"
14:00:26.860 The log file has been saved successfully to "C:\Users\Matthew\Desktop\aswMBR.txt"
OK, lets just try this , something maybe hiding and if finds nothing we will move on.
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
Then run this one and post the log please
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
TDSSKiller didn't find anything. My TDSSKiller log was 158 characters too large to put all in one post, so here is the first part:
23:07:57.0894 7024 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
23:07:58.0464 7024 ============================================================
23:07:58.0464 7024 Current date / time: 2012/07/26 23:07:58.0464
23:07:58.0464 7024 SystemInfo:
23:07:58.0465 7024
23:07:58.0465 7024 OS Version: 6.0.6002 ServicePack: 2.0
23:07:58.0465 7024 Product type: Workstation
23:07:58.0465 7024 ComputerName: SNIPER4
23:07:58.0465 7024 UserName: Matthew
23:07:58.0465 7024 Windows directory: C:\Windows
23:07:58.0465 7024 System windows directory: C:\Windows
23:07:58.0465 7024 Running under WOW64
23:07:58.0465 7024 Processor architecture: Intel x64
23:07:58.0465 7024 Number of processors: 4
23:07:58.0465 7024 Page size: 0x1000
23:07:58.0465 7024 Boot type: Normal boot
23:07:58.0465 7024 ============================================================
23:07:59.0248 7024 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:07:59.0251 7024 ============================================================
23:07:59.0251 7024 \Device\Harddisk0\DR0:
23:07:59.0251 7024 MBR partitions:
23:07:59.0251 7024 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1400000
23:07:59.0251 7024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141F800, BlocksNum 0x56126000
23:07:59.0251 7024 ============================================================
23:07:59.0282 7024 C: <-> \Device\Harddisk0\DR0\Partition1
23:07:59.0300 7024 D: <-> \Device\Harddisk0\DR0\Partition0
23:07:59.0300 7024 ============================================================
23:07:59.0300 7024 Initialize success
23:07:59.0300 7024 ============================================================
23:08:02.0096 4940 ============================================================
23:08:02.0096 4940 Scan started
23:08:02.0096 4940 Mode: Manual;
23:08:02.0096 4940 ============================================================
23:08:02.0835 4940 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
23:08:02.0837 4940 ACPI - ok
23:08:02.0943 4940 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:08:02.0943 4940 AdobeARMservice - ok
23:08:02.0994 4940 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
23:08:02.0997 4940 adp94xx - ok
23:08:03.0042 4940 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
23:08:03.0044 4940 adpahci - ok
23:08:03.0055 4940 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
23:08:03.0056 4940 adpu160m - ok
23:08:03.0079 4940 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
23:08:03.0080 4940 adpu320 - ok
23:08:03.0108 4940 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
23:08:03.0109 4940 AeLookupSvc - ok
23:08:03.0185 4940 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
23:08:03.0187 4940 AFD - ok
23:08:03.0212 4940 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
23:08:03.0213 4940 agp440 - ok
23:08:03.0237 4940 ahcix64s (97dd49ccdb89a22cfcea78b29d393d87) C:\Windows\system32\drivers\ahcix64s.sys
23:08:03.0238 4940 ahcix64s - ok
23:08:03.0275 4940 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
23:08:03.0276 4940 aic78xx - ok
23:08:03.0300 4940 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
23:08:03.0301 4940 ALG - ok
23:08:03.0322 4940 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
23:08:03.0323 4940 aliide - ok
23:08:03.0378 4940 AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe
23:08:03.0380 4940 AMD External Events Utility - ok
23:08:03.0442 4940 AMD FUEL Service - ok
23:08:03.0459 4940 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
23:08:03.0459 4940 amdide - ok
23:08:03.0494 4940 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
23:08:03.0495 4940 amdiox64 - ok
23:08:03.0520 4940 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
23:08:03.0520 4940 AmdK8 - ok
23:08:03.0877 4940 amdkmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
23:08:03.0928 4940 amdkmdag - ok
23:08:04.0006 4940 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys
23:08:04.0008 4940 amdkmdap - ok
23:08:04.0080 4940 AmdLLD64 (f5761675da9d15d7ae0e40907a8f4404) C:\Windows\system32\DRIVERS\AmdLLD64.sys
23:08:04.0080 4940 AmdLLD64 - ok
23:08:04.0121 4940 AMD_RAIDXpert (ddef43e00d866724cb2d3e553cd4999e) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
23:08:04.0122 4940 AMD_RAIDXpert - ok
23:08:04.0141 4940 AODDriver4.0 - ok
23:08:04.0149 4940 AODDriver4.01 - ok
23:08:04.0234 4940 AODDriver4.1 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
23:08:04.0235 4940 AODDriver4.1 - ok
23:08:04.0289 4940 Apache2.2 (ea504a3e708a37cda81d214d09b8a62f) C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
23:08:04.0289 4940 Apache2.2 - ok
23:08:04.0313 4940 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
23:08:04.0313 4940 Appinfo - ok
23:08:04.0348 4940 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
23:08:04.0349 4940 arc - ok
23:08:04.0364 4940 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
23:08:04.0364 4940 arcsas - ok
23:08:04.0476 4940 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:08:04.0476 4940 aspnet_state - ok
23:08:04.0513 4940 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
23:08:04.0513 4940 AsyncMac - ok
23:08:04.0533 4940 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
23:08:04.0533 4940 atapi - ok
23:08:04.0554 4940 AtiHDAudioService (9e66c9e321a7c596ca12d839a77fcb95) C:\Windows\system32\drivers\AtihdLH6.sys
23:08:04.0555 4940 AtiHDAudioService - ok
23:08:04.0606 4940 AtiHdmiService (6831c91c74afc9f1d88e1cccabada12b) C:\Windows\system32\drivers\AtiHdmi.sys
23:08:04.0607 4940 AtiHdmiService - ok
23:08:04.0952 4940 atikmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
23:08:04.0999 4940 atikmdag - ok
23:08:05.0123 4940 atksgt (4aef9ec86818375495fb78ca58df4e18) C:\Windows\system32\DRIVERS\atksgt.sys
23:08:05.0124 4940 atksgt - ok
23:08:05.0174 4940 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
23:08:05.0177 4940 AudioEndpointBuilder - ok
23:08:05.0180 4940 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
23:08:05.0182 4940 AudioSrv - ok
23:08:05.0225 4940 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
23:08:05.0227 4940 BFE - ok
23:08:05.0292 4940 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
23:08:05.0298 4940 BITS - ok
23:08:05.0320 4940 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
23:08:05.0321 4940 blbdrive - ok
23:08:05.0371 4940 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
23:08:05.0372 4940 bowser - ok
23:08:05.0400 4940 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
23:08:05.0401 4940 BrFiltLo - ok
23:08:05.0423 4940 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
23:08:05.0423 4940 BrFiltUp - ok
23:08:05.0442 4940 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
23:08:05.0442 4940 Browser - ok
23:08:05.0480 4940 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
23:08:05.0481 4940 Brserid - ok
23:08:05.0508 4940 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
23:08:05.0508 4940 BrSerWdm - ok
23:08:05.0527 4940 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
23:08:05.0528 4940 BrUsbMdm - ok
23:08:05.0540 4940 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
23:08:05.0540 4940 BrUsbSer - ok
23:08:05.0568 4940 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
23:08:05.0569 4940 BTHMODEM - ok
23:08:05.0599 4940 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
23:08:05.0600 4940 cdfs - ok
23:08:05.0630 4940 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
23:08:05.0630 4940 cdrom - ok
23:08:05.0637 4940 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
23:08:05.0638 4940 CertPropSvc - ok
23:08:05.0675 4940 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
23:08:05.0676 4940 cfwids - ok
23:08:05.0694 4940 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
23:08:05.0695 4940 circlass - ok
23:08:05.0730 4940 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
23:08:05.0732 4940 CLFS - ok
23:08:05.0788 4940 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:08:05.0789 4940 clr_optimization_v2.0.50727_32 - ok
23:08:05.0834 4940 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:08:05.0835 4940 clr_optimization_v2.0.50727_64 - ok
23:08:05.0899 4940 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:08:05.0900 4940 clr_optimization_v4.0.30319_32 - ok
23:08:05.0923 4940 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:08:05.0924 4940 clr_optimization_v4.0.30319_64 - ok
23:08:05.0959 4940 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
23:08:05.0959 4940 cmdide - ok
23:08:05.0974 4940 Compbatt (34a6aa82aa36c87fc8816f2097efa345) C:\Windows\system32\drivers\compbatt.sys
23:08:05.0974 4940 Compbatt - ok
23:08:05.0977 4940 COMSysApp - ok
23:08:05.0997 4940 cpuz135 - ok
23:08:06.0009 4940 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
23:08:06.0010 4940 crcdisk - ok
23:08:06.0071 4940 Creative ALchemy AL1 Licensing Service (86a591677c54ff0c12290b3292202530) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
23:08:06.0072 4940 Creative ALchemy AL1 Licensing Service - ok
23:08:06.0115 4940 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
23:08:06.0115 4940 Creative ALchemy AL6 Licensing Service - ok
23:08:06.0222 4940 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
23:08:06.0223 4940 Creative Audio Engine Licensing Service - ok
23:08:06.0254 4940 Creative Media Toolbox 6 Licensing Service (d03466c36ef0e5c7694ff38b45271d9d) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
23:08:06.0255 4940 Creative Media Toolbox 6 Licensing Service - ok
23:08:06.0304 4940 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
23:08:06.0305 4940 CryptSvc - ok
23:08:06.0483 4940 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
23:08:06.0485 4940 CTAudSvcService - ok
23:08:06.0564 4940 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
23:08:06.0565 4940 DAUpdaterSvc - ok
23:08:06.0627 4940 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
23:08:06.0631 4940 DcomLaunch - ok
23:08:06.0698 4940 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
23:08:06.0699 4940 DfsC - ok
23:08:06.0847 4940 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
23:08:06.0863 4940 DFSR - ok
23:08:06.0937 4940 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
23:08:06.0939 4940 Dhcp - ok
23:08:06.0955 4940 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
23:08:06.0955 4940 disk - ok
23:08:07.0018 4940 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
23:08:07.0019 4940 Dnscache - ok
23:08:07.0442 4940 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
23:08:07.0443 4940 DockLoginService - ok
23:08:07.0513 4940 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
23:08:07.0515 4940 dot3svc - ok
23:08:07.0554 4940 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
23:08:07.0555 4940 Dot4 - ok
23:08:07.0595 4940 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:08:07.0595 4940 Dot4Print - ok
23:08:07.0615 4940 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
23:08:07.0615 4940 dot4usb - ok
23:08:07.0650 4940 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
23:08:07.0651 4940 DPS - ok
23:08:07.0672 4940 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
23:08:07.0672 4940 drmkaud - ok
23:08:07.0894 4940 dsl-db (0bb913f9f02677bd4ae96d4967cacfee) C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
23:08:07.0919 4940 dsl-db - ok
23:08:07.0950 4940 dsl-fs-sync (cdef1d195ea938ccc49b8f288404dae5) C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
23:08:07.0952 4940 dsl-fs-sync - ok
23:08:08.0122 4940 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
23:08:08.0126 4940 DXGKrnl - ok
23:08:08.0170 4940 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
23:08:08.0172 4940 e1express - ok
23:08:08.0201 4940 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
23:08:08.0202 4940 E1G60 - ok
23:08:08.0231 4940 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
23:08:08.0232 4940 EapHost - ok
23:08:08.0257 4940 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
23:08:08.0258 4940 Ecache - ok
23:08:08.0302 4940 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
23:08:08.0304 4940 ehRecvr - ok
23:08:08.0315 4940 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
23:08:08.0316 4940 ehSched - ok
23:08:08.0335 4940 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
23:08:08.0335 4940 ehstart - ok
23:08:08.0367 4940 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
23:08:08.0369 4940 elxstor - ok
23:08:08.0416 4940 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
23:08:08.0418 4940 EMDMgmt - ok
23:08:08.0427 4940 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
23:08:08.0427 4940 ErrDev - ok
23:08:08.0462 4940 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
23:08:08.0464 4940 EventSystem - ok
23:08:08.0490 4940 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
23:08:08.0491 4940 exfat - ok
23:08:08.0517 4940 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
23:08:08.0518 4940 fastfat - ok
23:08:08.0534 4940 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
23:08:08.0535 4940 fdc - ok
23:08:08.0540 4940 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
23:08:08.0541 4940 fdPHost - ok
23:08:08.0546 4940 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
23:08:08.0547 4940 FDResPub - ok
23:08:08.0551 4940 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
23:08:08.0552 4940 FileInfo - ok
23:08:08.0577 4940 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
23:08:08.0578 4940 Filetrace - ok
23:08:08.0604 4940 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:08:08.0605 4940 flpydisk - ok
23:08:08.0623 4940 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
23:08:08.0624 4940 FltMgr - ok
23:08:08.0710 4940 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
23:08:08.0716 4940 FontCache - ok
23:08:08.0751 4940 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:08:08.0752 4940 FontCache3.0.0.0 - ok
23:08:08.0788 4940 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
23:08:08.0789 4940 Fs_Rec - ok
23:08:08.0897 4940 Futuremark SystemInfo Service (a33bcf3fab19db7d0b501036722f311b) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
23:08:08.0898 4940 Futuremark SystemInfo Service - ok
23:08:08.0943 4940 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
23:08:08.0944 4940 gagp30kx - ok
23:08:08.0990 4940 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
23:08:08.0994 4940 gpsvc - ok
23:08:09.0058 4940 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:08:09.0059 4940 gusvc - ok
23:08:09.0102 4940 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
23:08:09.0104 4940 HdAudAddService - ok
23:08:09.0202 4940 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:08:09.0207 4940 HDAudBus - ok
23:08:09.0231 4940 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
23:08:09.0232 4940 HidBth - ok
23:08:09.0251 4940 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
23:08:09.0251 4940 HidIr - ok
23:08:09.0272 4940 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
23:08:09.0272 4940 hidserv - ok
23:08:09.0287 4940 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
23:08:09.0288 4940 HidUsb - ok
23:08:09.0314 4940 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
23:08:09.0315 4940 hkmsvc - ok
23:08:09.0390 4940 hnmsvc (26018afa49f03032ccd3c26eaa384a4c) c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
23:08:09.0394 4940 hnmsvc - ok
23:08:09.0419 4940 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
23:08:09.0420 4940 HpCISSs - ok
23:08:09.0509 4940 hpqcxs08 (e4e285a3766b4a57401feeaf66cb07b5) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
23:08:09.0510 4940 hpqcxs08 - ok
23:08:09.0543 4940 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
23:08:09.0544 4940 hpqddsvc - ok
23:08:09.0588 4940 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
23:08:09.0591 4940 HTTP - ok
23:08:09.0613 4940 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
23:08:09.0614 4940 i2omp - ok
23:08:09.0644 4940 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
23:08:09.0644 4940 i8042prt - ok
23:08:09.0675 4940 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
23:08:09.0677 4940 iaStorV - ok
23:08:09.0747 4940 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:08:09.0748 4940 IDriverT - ok
23:08:09.0842 4940 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:08:09.0846 4940 idsvc - ok
23:08:09.0921 4940 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
23:08:09.0922 4940 iirsp - ok
23:08:09.0968 4940 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
23:08:09.0970 4940 IKEEXT - ok
23:08:10.0012 4940 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
23:08:10.0012 4940 intelide - ok
23:08:10.0030 4940 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
23:08:10.0031 4940 intelppm - ok
23:08:10.0053 4940 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
23:08:10.0054 4940 IPBusEnum - ok
23:08:10.0090 4940 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:08:10.0091 4940 IpFilterDriver - ok
23:08:10.0126 4940 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
23:08:10.0128 4940 iphlpsvc - ok
23:08:10.0130 4940 IpInIp - ok
23:08:10.0163 4940 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
23:08:10.0164 4940 IPMIDRV - ok
23:08:10.0195 4940 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
23:08:10.0195 4940 IPNAT - ok
23:08:10.0206 4940 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
23:08:10.0207 4940 IRENUM - ok
23:08:10.0250 4940 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
23:08:10.0250 4940 isapnp - ok
23:08:10.0289 4940 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
23:08:10.0290 4940 iScsiPrt - ok
23:08:10.0313 4940 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
23:08:10.0313 4940 iteatapi - ok
23:08:10.0322 4940 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
23:08:10.0322 4940 iteraid - ok
23:08:10.0343 4940 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
23:08:10.0344 4940 kbdclass - ok
23:08:10.0354 4940 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
23:08:10.0354 4940 kbdhid - ok
23:08:10.0377 4940 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:08:10.0378 4940 KeyIso - ok
23:08:10.0455 4940 KeyScrambler (e3cf421210ebddacb4590ae67a0226dc) C:\Windows\system32\drivers\keyscrambler.sys
23:08:10.0456 4940 KeyScrambler - ok
23:08:10.0566 4940 Killer Port Manager (80ad1003289de3d14d333501bcf72949) C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe
23:08:10.0568 4940 Killer Port Manager - ok
23:08:10.0626 4940 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
23:08:10.0629 4940 KSecDD - ok
23:08:10.0643 4940 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
23:08:10.0644 4940 ksthunk - ok
23:08:10.0676 4940 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
23:08:10.0679 4940 KtmRm - ok
23:08:10.0746 4940 LADF_DHP2 (86dcbf8a41c78561a1da07ab5e7b1ccc) C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
23:08:10.0747 4940 LADF_DHP2 - ok
23:08:10.0768 4940 LADF_SBVM (175c04c7813ce64616b5cb046e5e1383) C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
23:08:10.0770 4940 LADF_SBVM - ok
23:08:10.0805 4940 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
23:08:10.0807 4940 LanmanServer - ok
23:08:10.0837 4940 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
23:08:10.0839 4940 LanmanWorkstation - ok
23:08:10.0847 4940 Lbd - ok
23:08:10.0873 4940 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
23:08:10.0873 4940 LGBusEnum - ok
23:08:10.0895 4940 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
23:08:10.0895 4940 LGVirHid - ok
23:08:10.0918 4940 lirsgt (b658b7076b1acaa5876524595630f183) C:\Windows\system32\DRIVERS\lirsgt.sys
23:08:10.0919 4940 lirsgt - ok
23:08:10.0931 4940 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
23:08:10.0931 4940 lltdio - ok
23:08:10.0958 4940 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
23:08:10.0960 4940 lltdsvc - ok
23:08:10.0995 4940 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
23:08:10.0996 4940 lmhosts - ok
23:08:11.0061 4940 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
23:08:11.0062 4940 LSI_FC - ok
23:08:11.0077 4940 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
23:08:11.0078 4940 LSI_SAS - ok
23:08:11.0095 4940 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
23:08:11.0095 4940 LSI_SCSI - ok
23:08:11.0113 4940 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
23:08:11.0114 4940 luafv - ok
23:08:11.0187 4940 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:08:11.0189 4940 McMPFSvc - ok
23:08:11.0192 4940 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:08:11.0193 4940 mcmscsvc - ok
23:08:11.0201 4940 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:08:11.0202 4940 McNaiAnn - ok
23:08:11.0216 4940 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:08:11.0217 4940 McNASvc - ok
23:08:11.0286 4940 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe
23:08:11.0289 4940 McODS - ok
23:08:11.0293 4940 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:08:11.0295 4940 McProxy - ok
23:08:11.0352 4940 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
23:08:11.0353 4940 McShield - ok
23:08:11.0381 4940 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
23:08:11.0382 4940 Mcx2Svc - ok
23:08:11.0420 4940 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
23:08:11.0420 4940 megasas - ok
23:08:11.0444 4940 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
23:08:11.0447 4940 MegaSR - ok
23:08:11.0480 4940 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\Windows\system32\4011.tmp
23:08:11.0481 4940 MEMSWEEP2 - ok
23:08:11.0512 4940 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
23:08:11.0513 4940 mfeapfk - ok
23:08:11.0541 4940 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
23:08:11.0542 4940 mfeavfk - ok
23:08:11.0549 4940 mfeavfk01 - ok
23:08:11.0562 4940 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
23:08:11.0563 4940 mfefire - ok
23:08:11.0592 4940 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
23:08:11.0595 4940 mfefirek - ok
23:08:11.0621 4940 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
23:08:11.0624 4940 mfehidk - ok
23:08:11.0638 4940 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
23:08:11.0639 4940 mfenlfk - ok
23:08:11.0654 4940 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
23:08:11.0655 4940 mferkdet - ok
23:08:11.0714 4940 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
23:08:11.0715 4940 mfevtp - ok
23:08:11.0728 4940 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
23:08:11.0729 4940 mfewfpk - ok
23:08:11.0865 4940 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
23:08:11.0866 4940 Microsoft Office Groove Audit Service - ok
23:08:11.0890 4940 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
23:08:11.0891 4940 MMCSS - ok
23:08:11.0910 4940 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
23:08:11.0910 4940 Modem - ok
23:08:11.0939 4940 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
23:08:11.0940 4940 monitor - ok
23:08:11.0951 4940 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
23:08:11.0952 4940 mouclass - ok
23:08:11.0976 4940 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
23:08:11.0976 4940 mouhid - ok
23:08:11.0994 4940 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
23:08:11.0995 4940 MountMgr - ok
23:08:12.0053 4940 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:08:12.0054 4940 MozillaMaintenance - ok
23:08:12.0099 4940 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
23:08:12.0100 4940 mpio - ok
23:08:12.0128 4940 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
23:08:12.0129 4940 mpsdrv - ok
23:08:12.0166 4940 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
23:08:12.0169 4940 MpsSvc - ok
23:08:12.0195 4940 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
23:08:12.0196 4940 Mraid35x - ok
23:08:12.0235 4940 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
23:08:12.0236 4940 MRxDAV - ok
23:08:12.0271 4940 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:08:12.0272 4940 mrxsmb - ok
23:08:12.0330 4940 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:08:12.0332 4940 mrxsmb10 - ok
23:08:12.0337 4940 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:08:12.0338 4940 mrxsmb20 - ok
23:08:12.0386 4940 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
23:08:12.0387 4940 msahci - ok
23:08:12.0414 4940 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
23:08:12.0415 4940 msdsm - ok
23:08:12.0441 4940 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
23:08:12.0442 4940 MSDTC - ok
23:08:12.0448 4940 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
23:08:12.0448 4940 Msfs - ok
23:08:12.0457 4940 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
23:08:12.0458 4940 msisadrv - ok
23:08:12.0482 4940 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
23:08:12.0483 4940 MSiSCSI - ok
23:08:12.0485 4940 msiserver - ok
23:08:12.0570 4940 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:08:12.0572 4940 MSK80Service - ok
23:08:12.0581 4940 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
23:08:12.0582 4940 MSKSSRV - ok
23:08:12.0599 4940 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
23:08:12.0599 4940 MSPCLOCK - ok
23:08:12.0619 4940 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
23:08:12.0620 4940 MSPQM - ok
23:08:12.0646 4940 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
23:08:12.0648 4940 MsRPC - ok
23:08:12.0661 4940 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
23:08:12.0662 4940 mssmbios - ok
23:08:12.0664 4940 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
23:08:12.0664 4940 MSTEE - ok
23:08:12.0671 4940 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
23:08:12.0672 4940 Mup - ok
23:08:12.0689 4940 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
23:08:12.0692 4940 napagent - ok
23:08:12.0731 4940 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
23:08:12.0732 4940 NativeWifiP - ok
23:08:12.0784 4940 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
23:08:12.0788 4940 NDIS - ok
23:08:12.0802 4940 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
23:08:12.0802 4940 NdisTapi - ok
23:08:12.0827 4940 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
23:08:12.0827 4940 Ndisuio - ok
23:08:12.0865 4940 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
23:08:12.0866 4940 NdisWan - ok
23:08:12.0884 4940 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
23:08:12.0885 4940 NDProxy - ok
23:08:12.0913 4940 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
23:08:12.0913 4940 NetBIOS - ok
23:08:12.0940 4940 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
23:08:12.0942 4940 netbt - ok
23:08:13.0009 4940 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:08:13.0010 4940 Netlogon - ok
23:08:13.0040 4940 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
23:08:13.0043 4940 Netman - ok
23:08:13.0119 4940 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:08:13.0120 4940 NetMsmqActivator - ok
23:08:13.0124 4940 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:08:13.0125 4940 NetPipeActivator - ok
23:08:13.0193 4940 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
23:08:13.0195 4940 netprofm - ok
23:08:13.0198 4940 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:08:13.0199 4940 NetTcpActivator - ok
23:08:13.0202 4940 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:08:13.0203 4940 NetTcpPortSharing - ok
23:08:13.0218 4940 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
23:08:13.0219 4940 nfrd960 - ok
23:08:13.0236 4940 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
23:08:13.0238 4940 NlaSvc - ok
23:08:13.0255 4940 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
23:08:13.0256 4940 Npfs - ok
23:08:13.0280 4940 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
23:08:13.0281 4940 nsi - ok
23:08:13.0291 4940 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
23:08:13.0292 4940 nsiproxy - ok
23:08:13.0362 4940 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
23:08:13.0369 4940 Ntfs - ok
23:08:13.0435 4940 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
23:08:13.0435 4940 Null - ok
23:08:13.0483 4940 Nv834x64 (fa79df37eb2e347b30a103b3ca197796) C:\Windows\system32\DRIVERS\nv834x64.sys
23:08:13.0484 4940 Nv834x64 - ok
23:08:13.0516 4940 NvEdge64 (ef5ed75eee4852efc87035a4c4fec29e) C:\Windows\system32\DRIVERS\NvEdge64.sys
23:08:13.0517 4940 NvEdge64 - ok
23:08:13.0539 4940 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
23:08:13.0540 4940 nvraid - ok
23:08:13.0560 4940 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
23:08:13.0560 4940 nvstor - ok
23:08:13.0578 4940 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
23:08:13.0578 4940 nv_agp - ok
23:08:13.0580 4940 NwlnkFlt - ok
23:08:13.0583 4940 NwlnkFwd - ok
23:08:13.0677 4940 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:08:13.0679 4940 odserv - ok
23:08:13.0720 4940 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
23:08:13.0721 4940 ohci1394 - ok
23:08:13.0755 4940 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:08:13.0756 4940 ose - ok
23:08:13.0796 4940 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:08:13.0801 4940 p2pimsvc - ok
23:08:13.0806 4940 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:08:13.0811 4940 p2psvc - ok
23:08:13.0848 4940 Packet (43e24699a18126f11e3d9bf6db85518b) C:\Windows\system32\DRIVERS\packet.sys
23:08:13.0848 4940 Packet - ok
23:08:13.0863 4940 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
23:08:13.0864 4940 Parport - ok
23:08:13.0911 4940 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
23:08:13.0912 4940 partmgr - ok
23:08:13.0932 4940 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
23:08:13.0933 4940 PcaSvc - ok
23:08:13.0945 4940 PCD5SRVC{048DBD20-445E8C82-05040104} - ok
23:08:13.0977 4940 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
23:08:13.0978 4940 pci - ok
23:08:14.0022 4940 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
23:08:14.0023 4940 pciide - ok
23:08:14.0035 4940 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
23:08:14.0037 4940 pcmcia - ok
23:08:14.0071 4940 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
23:08:14.0072 4940 pcouffin - ok
23:08:14.0102 4940 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
23:08:14.0106 4940 PEAUTH - ok
23:08:14.0252 4940 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
23:08:14.0253 4940 PerfHost - ok
23:08:14.0318 4940 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
23:08:14.0325 4940 pla - ok
23:08:14.0363 4940 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
23:08:14.0366 4940 PlugPlay - ok
23:08:14.0378 4940 PnkBstrA - ok
23:08:14.0381 4940 PnkBstrB - ok
23:08:14.0418 4940 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:08:14.0423 4940 PNRPAutoReg - ok
23:08:14.0428 4940 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:08:14.0433 4940 PNRPsvc - ok
23:08:14.0462 4940 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
23:08:14.0465 4940 PolicyAgent - ok
23:08:14.0515 4940 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
23:08:14.0516 4940 PptpMiniport - ok
23:08:14.0536 4940 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
23:08:14.0537 4940 Processor - ok
23:08:14.0566 4940 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
23:08:14.0568 4940 ProfSvc - ok
23:08:14.0593 4940 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:08:14.0594 4940 ProtectedStorage - ok
23:08:14.0636 4940 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
23:08:14.0637 4940 PSched - ok
23:08:14.0658 4940 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
23:08:14.0659 4940 PxHlpa64 - ok
23:08:14.0705 4940 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
23:08:14.0711 4940 ql2300 - ok
23:08:14.0731 4940 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
23:08:14.0732 4940 ql40xx - ok
23:08:14.0772 4940 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
23:08:14.0774 4940 QWAVE - ok
23:08:14.0779 4940 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
23:08:14.0780 4940 QWAVEdrv - ok
23:08:15.0211 4940 R300 (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
23:08:15.0260 4940 R300 - ok
23:08:15.0314 4940 RadeonPro Support Service (6c8f17953c07f88364307fc7811c5184) C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
23:08:15.0315 4940 RadeonPro Support Service - ok
23:08:15.0391 4940 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
23:08:15.0392 4940 RasAcd - ok
23:08:15.0424 4940 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
23:08:15.0426 4940 RasAuto - ok
23:08:15.0458 4940 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:08:15.0459 4940 Rasl2tp - ok
23:08:15.0480 4940 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
23:08:15.0483 4940 RasMan - ok
23:08:15.0508 4940 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
23:08:15.0509 4940 RasPppoe - ok
23:08:15.0540 4940 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
23:08:15.0541 4940 RasSstp - ok
23:08:15.0577 4940 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
23:08:15.0579 4940 rdbss - ok
23:08:15.0582 4940 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:08:15.0582 4940 RDPCDD - ok
23:08:15.0602 4940 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
23:08:15.0604 4940 rdpdr - ok
23:08:15.0607 4940 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
23:08:15.0608 4940 RDPENCDD - ok
23:08:15.0644 4940 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
23:08:15.0646 4940 RDPWD - ok
23:08:15.0657 4940 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
23:08:15.0658 4940 RemoteAccess - ok
23:08:15.0684 4940 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
23:08:15.0686 4940 RemoteRegistry - ok
23:08:15.0695 4940 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
23:08:15.0696 4940 RpcLocator - ok
23:08:15.0742 4940 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
23:08:15.0747 4940 RpcSs - ok
23:08:15.0757 4940 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
23:08:15.0758 4940 rspndr - ok
23:08:15.0798 4940 RTL8169 (c4dd02a9d97c5531e145f9e4420636f8) C:\Windows\system32\DRIVERS\Rtlh64.sys
23:08:15.0799 4940 RTL8169 - ok
23:08:15.0826 4940 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:08:15.0827 4940 SamSs - ok
23:08:15.0850 4940 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
23:08:15.0851 4940 sbp2port - ok
23:08:15.0902 4940 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
23:08:15.0904 4940 SCardSvr - ok
23:08:16.0039 4940 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
23:08:16.0044 4940 Schedule - ok
23:08:16.0052 4940 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
23:08:16.0053 4940 SCPolicySvc - ok
23:08:16.0070 4940 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
23:08:16.0072 4940 SDRSVC - ok
23:08:16.0157 4940 SDScannerService (43d29ecb8137eeae30b0970bbc7a5500) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
23:08:16.0162 4940 SDScannerService - ok
23:08:16.0215 4940 SDUpdateService (6b859b122e85c2c833e6d8c5dc4b07f3) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
23:08:16.0222 4940 SDUpdateService - ok
23:08:16.0246 4940 SDWSCService (59dce6783f9ed27eb72c81466e363bf8) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
23:08:16.0247 4940 SDWSCService - ok
23:08:16.0514 4940 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:08:16.0515 4940 SeaPort - ok
23:08:16.0596 4940 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:08:16.0597 4940 secdrv - ok
23:08:16.0604 4940 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
23:08:16.0606 4940 seclogon - ok
23:08:16.0612 4940 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
23:08:16.0613 4940 SENS - ok
23:08:16.0635 4940 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
23:08:16.0635 4940 Serenum - ok
23:08:16.0656 4940 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
23:08:16.0657 4940 Serial - ok
23:08:16.0674 4940 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
23:08:16.0675 4940 sermouse - ok
23:08:16.0706 4940 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
23:08:16.0708 4940 SessionEnv - ok
23:08:16.0722 4940 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
23:08:16.0723 4940 sffdisk - ok
23:08:16.0734 4940 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
23:08:16.0734 4940 sffp_mmc - ok
23:08:16.0752 4940 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
23:08:16.0752 4940 sffp_sd - ok
23:08:16.0765 4940 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
23:08:16.0766 4940 sfloppy - ok
23:08:16.0799 4940 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
23:08:16.0802 4940 SharedAccess - ok
23:08:17.0109 4940 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
23:08:17.0111 4940 ShellHWDetection - ok
23:08:17.0119 4940 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
23:08:17.0120 4940 SiSRaid2 - ok
23:08:17.0207 4940 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
23:08:17.0208 4940 SiSRaid4 - ok
23:08:17.0313 4940 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
23:08:17.0326 4940 slsvc - ok
23:08:17.0371 4940 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
23:08:17.0372 4940 SLUINotify - ok
23:08:17.0410 4940 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
23:08:17.0411 4940 Smb - ok
23:08:17.0435 4940 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
23:08:17.0436 4940 SNMPTRAP - ok
23:08:17.0462 4940 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
23:08:17.0462 4940 spldr - ok
23:08:17.0584 4940 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
23:08:17.0586 4940 Spooler - ok
23:08:17.0653 4940 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
23:08:17.0655 4940 srv - ok
23:08:17.0707 4940 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
23:08:17.0708 4940 srv2 - ok
23:08:17.0722 4940 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
23:08:17.0723 4940 srvnet - ok
23:08:17.0734 4940 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
23:08:17.0736 4940 SSDPSRV - ok
23:08:17.0752 4940 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
23:08:17.0754 4940 SstpSvc - ok
23:08:17.0787 4940 Steam Client Service - ok
23:08:17.0821 4940 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
23:08:17.0825 4940 stisvc - ok
23:08:17.0872 4940 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
23:08:17.0873 4940 stllssvr - ok
23:08:17.0901 4940 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
23:08:17.0902 4940 swenum - ok
23:08:17.0938 4940 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
23:08:17.0941 4940 swprv - ok
23:08:17.0979 4940 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
23:08:17.0979 4940 Symc8xx - ok
23:08:18.0024 4940 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
23:08:18.0025 4940 Sym_hi - ok
23:08:18.0047 4940 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
23:08:18.0048 4940 Sym_u3 - ok
23:08:18.0103 4940 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
23:08:18.0108 4940 SysMain - ok
23:08:18.0158 4940 t3 (6b153e518dbe6ef59191152e1ecf7ed4) C:\Windows\system32\drivers\t3.sys
23:08:18.0161 4940 t3 - ok
23:08:18.0186 4940 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
23:08:18.0188 4940 TabletInputService - ok
23:08:18.0221 4940 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
23:08:18.0223 4940 TapiSrv - ok
23:08:18.0237 4940 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
23:08:18.0238 4940 TBS - ok
23:08:18.0327 4940 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
23:08:18.0333 4940 Tcpip - ok
23:08:18.0433 4940 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
23:08:18.0440 4940 Tcpip6 - ok
23:08:18.0477 4940 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
23:08:18.0478 4940 tcpipreg - ok
23:08:18.0493 4940 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
23:08:18.0493 4940 TDPIPE - ok
23:08:18.0513 4940 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
23:08:18.0513 4940 TDTCP - ok
23:08:18.0550 4940 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
23:08:18.0551 4940 tdx - ok
23:08:18.0581 4940 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
23:08:18.0582 4940 TermDD - ok
23:08:18.0623 4940 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
23:08:18.0627 4940 TermService - ok
23:08:18.0679 4940 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
23:08:18.0681 4940 Themes - ok
23:08:18.0697 4940 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
23:08:18.0698 4940 THREADORDER - ok
23:08:18.0717 4940 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
23:08:18.0719 4940 TrkWks - ok
23:08:18.0743 4940 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
23:08:18.0744 4940 TrustedInstaller - ok
23:08:18.0773 4940 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:08:18.0773 4940 tssecsrv - ok
23:08:18.0808 4940 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
23:08:18.0809 4940 tunmp - ok
23:08:18.0831 4940 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
23:08:18.0831 4940 tunnel - ok
23:08:18.0855 4940 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
23:08:18.0855 4940 uagp35 - ok
23:08:18.0884 4940 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
23:08:18.0886 4940 udfs - ok
23:08:18.0926 4940 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
23:08:18.0927 4940 UI0Detect - ok
23:08:18.0954 4940 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
23:08:18.0955 4940 uliagpkx - ok
23:08:18.0996 4940 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
23:08:18.0997 4940 uliahci - ok
23:08:19.0005 4940 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
23:08:19.0006 4940 UlSata - ok
23:08:19.0061 4940 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
23:08:19.0062 4940 ulsata2 - ok
23:08:19.0075 4940 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
23:08:19.0075 4940 umbus - ok
23:08:19.0098 4940 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
23:08:19.0101 4940 upnphost - ok
23:08:19.0178 4940 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
23:08:19.0179 4940 usbaudio - ok
23:08:19.0207 4940 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
23:08:19.0208 4940 usbccgp - ok
23:08:19.0215 4940 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
23:08:19.0216 4940 usbcir - ok
23:08:19.0241 4940 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
23:08:19.0241 4940 usbehci - ok
23:08:19.0259 4940 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
23:08:19.0261 4940 usbhub - ok
23:08:19.0272 4940 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
23:08:19.0272 4940 usbohci - ok
23:08:19.0301 4940 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
23:08:19.0301 4940 usbprint - ok
23:08:19.0322 4940 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
23:08:19.0322 4940 usbscan - ok
23:08:19.0353 4940 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:08:19.0353 4940 USBSTOR - ok
23:08:19.0373 4940 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
23:08:19.0374 4940 usbuhci - ok
23:08:19.0438 4940 uvnc_service - ok
23:08:19.0463 4940 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
23:08:19.0465 4940 UxSms - ok
23:08:19.0500 4940 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
23:08:19.0504 4940 vds - ok
23:08:19.0533 4940 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
23:08:19.0534 4940 vga - ok
23:08:19.0559 4940 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
23:08:19.0560 4940 VgaSave - ok
23:08:19.0582 4940 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
23:08:19.0583 4940 viaide - ok
23:08:19.0641 4940 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
23:08:19.0642 4940 Viewpoint Manager Service - ok
23:08:19.0659 4940 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
23:08:19.0659 4940 volmgr - ok
23:08:19.0692 4940 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
23:08:19.0694 4940 volmgrx - ok
23:08:19.0711 4940 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
23:08:19.0713 4940 volsnap - ok
23:08:19.0727 4940 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
23:08:19.0729 4940 vsmraid - ok
23:08:19.0793 4940 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
23:08:19.0801 4940 VSS - ok
23:08:19.0904 4940 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
23:08:19.0907 4940 W32Time - ok
23:08:19.0942 4940 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
23:08:19.0942 4940 WacomPen - ok
23:08:20.0039 4940 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
23:08:20.0040 4940 Wanarp - ok
23:08:20.0043 4940 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
23:08:20.0043 4940 Wanarpv6 - ok
23:08:20.0065 4940 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
23:08:20.0069 4940 wcncsvc - ok
23:08:20.0077 4940 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
23:08:20.0078 4940 WcsPlugInService - ok
23:08:20.0107 4940 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
23:08:20.0108 4940 Wd - ok
23:08:20.0160 4940 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
23:08:20.0164 4940 Wdf01000 - ok
23:08:20.0178 4940 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
23:08:20.0180 4940 WdiServiceHost - ok
23:08:20.0182 4940 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
23:08:20.0183 4940 WdiSystemHost - ok
23:08:20.0200 4940 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
23:08:20.0202 4940 WebClient - ok
23:08:20.0256 4940 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
23:08:20.0258 4940 Wecsvc - ok
23:08:20.0267 4940 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
23:08:20.0268 4940 wercplsupport - ok
23:08:20.0280 4940 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
23:08:20.0282 4940 WerSvc - ok
23:08:20.0300 4940 WinDefend - ok
23:08:20.0307 4940 WinHttpAutoProxySvc - ok
23:08:20.0355 4940 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
23:08:20.0356 4940 Winmgmt - ok
23:08:20.0434 4940 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
23:08:20.0445 4940 WinRM - ok
23:08:20.0531 4940 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
23:08:20.0535 4940 Wlansvc - ok
23:08:20.0658 4940 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:08:20.0669 4940 wlidsvc - ok
23:08:20.0734 4940 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:08:20.0735 4940 WmiAcpi - ok
23:08:20.0751 4940 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
23:08:20.0752 4940 wmiApSrv - ok
23:08:20.0755 4940 WMPNetworkSvc - ok
23:08:20.0781 4940 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
23:08:20.0783 4940 WPCSvc - ok
23:08:20.0817 4940 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
23:08:20.0819 4940 WPDBusEnum - ok
23:08:20.0957 4940 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:08:20.0962 4940 WPFFontCache_v0400 - ok
23:08:21.0037 4940 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
23:08:21.0038 4940 ws2ifsl - ok
23:08:21.0062 4940 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
23:08:21.0064 4940 wscsvc - ok
23:08:21.0067 4940 WSearch - ok
23:08:21.0186 4940 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:08:21.0198 4940 wuauserv - ok
23:08:21.0250 4940 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:08:21.0251 4940 WUDFRd - ok
23:08:21.0268 4940 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
23:08:21.0269 4940 wudfsvc - ok
23:08:21.0320 4940 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
23:08:21.0321 4940 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
23:08:21.0337 4940 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:08:21.0497 4940 \Device\Harddisk0\DR0 - ok
23:08:21.0520 4940 Boot (0x1200) (cceb893eb3eb9db5df2ea93f194b7d6e) \Device\Harddisk0\DR0\Partition0
23:08:21.0521 4940 \Device\Harddisk0\DR0\Partition0 - ok
23:08:21.0523 4940 Boot (0x1200) (8c23d99943e029e378ca68361bf044ae) \Device\Harddisk0\DR0\Partition1
23:08:21.0523 4940 \Device\Harddisk0\DR0\Partition1 - ok
23:08:21.0524 4940
Here is the second part of my TDSSKiller log:
============================================================
23:08:21.0524 4940 Scan finished
23:08:21.0524 4940 ============================================================
23:08:21.0533 4932 Detected object count: 0
23:08:21.0533 4932 Actual detected object count: 0
23:10:49.0918 6608 Deinitialize success
-------------------------------------------------------------------------
Here is my OTL.txt log:
OTL logfile created on: 7/26/2012 11:14:51 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Matthew\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.99 Gb Total Physical Memory | 6.53 Gb Available Physical Memory | 81.70% Memory free
16.18 Gb Paging File | 13.46 Gb Available in Paging File | 83.21% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688.57 Gb Total Space | 194.30 Gb Free Space | 28.22% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 1.04 Gb Free Space | 10.45% Space Free | Partition Type: NTFS
Computer Name: SNIPER4 | User Name: Matthew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Matthew\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe (Mr. John aka japamd)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Alienware\AlienFX\AlienFXHook32Mngr.exe (Alienware)
PRC - C:\Program Files\Alienware\AlienFX\AlienwareAlienFXController.exe (Alienware Corporation)
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
PRC - C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe ()
PRC - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Windows\SysWOW64\OemSpiE.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()
MOD - C:\Program Files\Alienware\AlienFX\Alienlabs.CommandCenter.Tools.dll ()
MOD - C:\Program Files\Alienware\AlienFX\AlienLabsTools.dll ()
MOD - C:\Program Files (x86)\Common Files\Dell\apache\ioncube_loader_win_5.2.dll ()
MOD - C:\Program Files (x86)\Common Files\Dell\apache\libmysql.dll ()
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (Killer Port Manager) -- C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe ()
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (Pml Driver HPZ12) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (Net Driver HPZ12) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (RadeonPro Support Service) -- C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe (Mr. John aka japamd)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL1 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe (Creative Labs)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (hnmsvc) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
SRV - (dsl-fs-sync) -- C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
SRV - (AMD_RAIDXpert) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
SRV - (uvnc_service) -- C:\ProgramData\UltraVNC\winvnc.exe (UltraVNC)
SRV - (Apache2.2) -- C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (dsl-db) -- C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe ()
SRV - (Viewpoint Manager Service) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (KeyScrambler) -- C:\Windows\SysNative\drivers\keyscrambler.sys (QFX Software Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\DRIVERS\ladfSBVMamd64.sys (Logitech)
DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\DRIVERS\ladfDHP2amd64.sys (Logitech)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\4011.tmp (Sophos Plc)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\DRIVERS\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (Nv834x64) -- C:\Windows\SysNative\DRIVERS\nv834x64.sys (Bigfoot Networks, Inc.)
DRV:64bit: - (NvEdge64) -- C:\Windows\SysNative\DRIVERS\NvEdge64.sys (Bigfoot Networks, Inc.)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (t3) -- C:\Windows\SysNative\drivers\t3.sys (Creative Technology Ltd.)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys (SingleClick Systems)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (AMD, Inc.)
DRV - ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl (CyberLink Corp.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shawneelink.net
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\..\SearchScopes,DefaultScope = {0156A926-A582-4313-8DDC-55084C5AE244}
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\..\SearchScopes\{0156A926-A582-4313-8DDC-55084C5AE244}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shawneelink.net/
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\..\SearchScopes\{0156A926-A582-4313-8DDC-55084C5AE244}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/26 14:20:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 17:28:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 22:03:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 17:28:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 22:03:46 | 000,000,000 | ---D | M]
[2009/05/19 20:44:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Extensions
[2012/07/26 08:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\z7yr9m7x.default\extensions
[2010/06/24 22:18:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\z7yr9m7x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/07/24 08:04:38 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\z7yr9m7x.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/07/26 08:30:52 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\z7yr9m7x.default\extensions\keyscrambler@qfx.software.corporation
[2012/03/18 15:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/26 14:20:13 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2012/07/03 12:27:03 | 000,340,684 | ---- | M] () (No name found) -- C:\USERS\MATTHEW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z7YR9M7X.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012/01/21 22:01:12 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\MATTHEW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z7YR9M7X.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012/07/18 09:22:51 | 000,016,192 | ---- | M] () (No name found) -- C:\USERS\MATTHEW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z7YR9M7X.DEFAULT\EXTENSIONS\{DD3D7613-0246-469D-BC65-2A3CC1668ADC}.XPI
[1623/04/03 16:46:44 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\MATTHEW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z7YR9M7X.DEFAULT\EXTENSIONS\LNMDHUSBUH@LNMDHUSBUH.ORG.XPI
[2012/07/18 17:28:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/03/03 18:56:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2012/06/24 22:24:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/24 22:24:23 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/07/25 08:32:05 | 000,443,885 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 192.168.254.2 mykillernic
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 15247 more lines...
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120626123001.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120626123001.dll (McAfee, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\AlienFX\AlienwareAlienFXController.exe (Alienware Corporation)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3991885356-2454324123-696889439-1000..\Run: [Citrix] C:\Users\Matthew\AppData\Local\DataSafeOnline\Citrix\fvuldh.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3991885356-2454324123-696889439-1000..\Run: [XPS Thermal Monitor] C:\Program Files\Dell\XPS Thermal Monitor\ThermalApp.exe (Dell)
O4 - HKU\S-1-5-21-3991885356-2454324123-696889439-1001..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-3991885356-2454324123-696889439-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3991885356-2454324123-696889439-1001..\Run: [XPS Thermal Monitor] C:\Program Files\Dell\XPS Thermal Monitor\ThermalApp.exe (Dell)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()
O4 - HKU\S-1-5-21-3991885356-2454324123-696889439-1001..\RunOnce: [CTAutoUpdate] C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk = C:\Program Files (x86)\Logitech\G35\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E682FBAB-81CA-4273-A76D-AE65C47E9500}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E682FBAB-81CA-4273-A76D-AE65C47E9500}: Domain = shawneelink.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF9C67AB-5215-40DD-8C79-6340E99DF643}: Domain = shawneelink.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF9C67AB-5215-40DD-8C79-6340E99DF643}: NameServer = 216.240.66.19
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/26 23:00:04 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matthew\Desktop\TDSSKiller.exe
[2012/07/26 22:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/07/26 16:28:23 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.exe
[2012/07/26 12:21:18 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Matthew\Desktop\aswMBR.exe
[2012/07/26 08:30:55 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\QFX Software
[2012/07/26 08:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2012/07/26 08:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2012/07/26 08:30:39 | 000,222,904 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2012/07/26 08:30:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyScrambler
[2012/07/25 23:12:25 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012/07/25 09:18:36 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Documents\Anti-Malware
[2012/07/23 08:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/07/23 08:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/07/21 16:01:30 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\Ad-Aware Antivirus
[2012/07/18 17:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/07/18 17:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/18 10:59:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/18 10:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/07/18 08:46:28 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Documents\ProcAlyzer Dumps
[2012/07/18 08:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/07/18 08:41:24 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012/07/18 08:31:22 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\Safer Networking
[2012/07/18 08:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2012/07/18 08:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2012/07/17 12:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoVirusThanks
[2012/07/17 12:30:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NoVirusThanks
[2012/07/11 15:39:50 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\XRay Engine
[2012/07/10 19:10:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/10 19:10:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/10 19:10:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/10 19:10:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/10 19:10:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/10 19:10:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/10 19:10:47 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/10 19:10:47 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/10 19:10:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/10 19:10:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/10 19:10:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/10 19:10:46 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/10 19:10:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/10 16:16:11 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/09 10:08:12 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\clear sky backup
[2012/07/06 15:09:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-STCS
[2012/06/28 21:32:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\stalker-shoc
[2009/11/25 21:03:31 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Matthew\AppData\Roaming\pcouffin.sys
[2009/07/24 21:38:55 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Matthew\AppData\Roaming\DataSafeDotNet.exe
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/26 22:54:01 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/26 22:54:01 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/26 22:45:16 | 000,000,632 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/07/26 22:44:53 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/26 22:44:53 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/26 22:44:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/26 16:28:31 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.exe
[2012/07/26 16:28:14 | 002,117,108 | ---- | M] () -- C:\Users\Matthew\Desktop\tdsskiller.zip
[2012/07/26 14:00:26 | 000,000,512 | ---- | M] () -- C:\Users\Matthew\Desktop\MBR.dat
[2012/07/26 12:22:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Matthew\Desktop\aswMBR.exe
[2012/07/25 23:12:25 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012/07/25 08:32:05 | 000,443,885 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/24 17:41:46 | 000,001,018 | ---- | M] () -- C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk
[2012/07/24 13:22:36 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matthew\Desktop\TDSSKiller.exe
[2012/07/23 14:34:35 | 000,271,076 | ---- | M] () -- C:\Users\Matthew\Desktop\log3.jpg
[2012/07/23 14:34:15 | 000,272,516 | ---- | M] () -- C:\Users\Matthew\Desktop\log2.jpg
[2012/07/23 14:33:48 | 000,222,268 | ---- | M] () -- C:\Users\Matthew\Desktop\log1.jpg
[2012/07/23 08:32:58 | 001,376,832 | ---- | M] () -- C:\Users\Matthew\Desktop\sar_15_sfx.exe
[2012/07/21 21:09:10 | 000,005,985 | ---- | M] () -- C:\Users\Matthew\Desktop\Attach.zip
[2012/07/18 14:13:15 | 000,000,630 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/07/18 07:53:36 | 000,443,582 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120725-083204.backup
[2012/07/18 07:53:36 | 000,443,582 | R--- | M] () -- C:\Users\Matthew\Desktop\hosts
[2012/07/17 23:55:56 | 000,443,526 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120718-075336.backup
[2012/07/15 00:36:59 | 000,026,624 | ---- | M] () -- C:\Users\Matthew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/13 14:18:37 | 000,001,356 | ---- | M] () -- C:\Users\Matthew\AppData\Local\d3d9caps.dat
[2012/07/11 08:01:16 | 000,382,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/09 10:03:13 | 003,185,764 | ---- | M] () -- C:\Users\Matthew\Desktop\factioncommander_2.0final.7z
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/28 16:46:05 | 000,270,176 | ---- | M] () -- C:\Users\Matthew\Desktop\Mini062812-01.dmp
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/07/26 16:27:32 | 002,117,108 | ---- | C] () -- C:\Users\Matthew\Desktop\tdsskiller.zip
[2012/07/26 14:00:26 | 000,000,512 | ---- | C] () -- C:\Users\Matthew\Desktop\MBR.dat
[2012/07/24 17:41:46 | 000,001,018 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk
[2012/07/23 14:34:35 | 000,271,076 | ---- | C] () -- C:\Users\Matthew\Desktop\log3.jpg
[2012/07/23 14:34:15 | 000,272,516 | ---- | C] () -- C:\Users\Matthew\Desktop\log2.jpg
[2012/07/23 14:33:47 | 000,222,268 | ---- | C] () -- C:\Users\Matthew\Desktop\log1.jpg
[2012/07/23 08:32:55 | 001,376,832 | ---- | C] () -- C:\Users\Matthew\Desktop\sar_15_sfx.exe
[2012/07/22 15:56:37 | 000,443,582 | R--- | C] () -- C:\Users\Matthew\Desktop\hosts
[2012/07/21 21:09:10 | 000,005,985 | ---- | C] () -- C:\Users\Matthew\Desktop\Attach.zip
[2012/07/18 08:41:45 | 000,000,630 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/07/18 08:41:42 | 000,000,632 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/07/18 08:41:31 | 000,002,026 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/07/09 10:03:03 | 003,185,764 | ---- | C] () -- C:\Users\Matthew\Desktop\factioncommander_2.0final.7z
[2012/06/28 17:05:28 | 000,270,176 | ---- | C] () -- C:\Users\Matthew\Desktop\Mini062812-01.dmp
[2012/04/08 22:01:43 | 000,103,784 | ---- | C] () -- C:\Users\Matthew\GoToAssistDownloadHelper.exe
[2012/02/14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/24 00:48:28 | 000,000,160 | ---- | C] () -- C:\Users\Matthew\AppData\Local\Bandwidth.xml
[2010/12/24 00:33:30 | 000,002,651 | ---- | C] () -- C:\Users\Matthew\AppData\Local\KillerWallConfig.xml
[2010/12/24 00:26:52 | 000,000,002 | ---- | C] () -- C:\Users\Matthew\AppData\Local\menu.old
[2010/12/22 23:53:52 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010/10/21 16:23:01 | 000,000,732 | ---- | C] () -- C:\Users\Matthew\AppData\Local\d3d9caps64.dat
[2009/12/08 20:51:57 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2009/11/25 21:04:54 | 000,001,044 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\vso_ts_preview.xml
[2009/11/25 21:03:31 | 000,099,384 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\inst.exe
[2009/11/25 21:03:31 | 000,007,859 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\pcouffin.cat
[2009/11/25 21:03:31 | 000,001,167 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\pcouffin.inf
[2009/10/03 22:22:28 | 000,000,095 | ---- | C] () -- C:\Users\Matthew\AppData\Local\fusioncache.dat
[2009/05/20 09:28:34 | 000,026,624 | ---- | C] () -- C:\Users\Matthew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/19 17:31:15 | 000,001,356 | ---- | C] () -- C:\Users\Matthew\AppData\Local\d3d9caps.dat
[2009/05/19 16:47:07 | 000,000,586 | ---- | C] () -- C:\Users\Matthew\AppData\Local\menu.new
[2009/05/19 16:47:07 | 000,000,586 | ---- | C] () -- C:\Users\Matthew\AppData\Local\menu.bfm
========== LOP Check ==========
[2009/05/21 21:42:06 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\acccore
[2012/07/21 16:01:42 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Ad-Aware Antivirus
[2010/11/16 10:49:08 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Auslogics
[2012/03/12 19:26:32 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\BigHugeEngine
[2012/05/10 10:29:28 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Bioshock
[2012/05/18 11:56:55 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Bioshock2
[2010/03/15 17:50:45 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2010/03/08 12:35:10 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010/03/20 16:32:10 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Command and Conquer 4
[2010/08/25 17:06:10 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\FaceGen
[2011/07/09 11:46:52 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\fltk.org
[2011/01/23 15:45:36 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Image Zone Express
[2012/06/23 14:52:38 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Leadertech
[2012/02/27 23:17:23 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Notepad++
[2009/05/22 17:47:53 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Opera
[2011/11/06 18:50:26 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Origin
[2010/10/31 22:16:51 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\PCDr
[2010/07/11 21:33:13 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Printer Info Cache
[2012/07/26 08:30:55 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\QFX Software
[2011/11/17 23:05:58 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\RadeonPro
[2009/12/08 20:52:16 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Red Alert 3
[2012/07/18 08:31:22 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Safer Networking
[2011/01/08 00:08:13 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\SPORE
[2011/11/12 22:13:30 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\SystemRequirementsLab
[2012/03/15 21:50:00 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\TaxCut
[2011/10/23 00:39:29 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Tropico 3
[2009/11/25 21:23:12 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Vso
[2011/03/04 17:15:54 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Windows Live Writer
[2012/07/11 15:39:50 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\XRay Engine
[2012/07/26 22:45:16 | 000,000,632 | ---- | M] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
[2012/07/18 14:13:15 | 000,000,630 | ---- | M] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/07/26 17:09:15 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
And here is my Extras.txt log. Unfortunately, it is also too big, so I will have to split it up too. This means that my response will be fours posts long. I'm sorry for the inconvenience :(.
OTL Extras logfile created on: 7/26/2012 11:14:51 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Matthew\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.99 Gb Total Physical Memory | 6.53 Gb Available Physical Memory | 81.70% Memory free
16.18 Gb Paging File | 13.46 Gb Available in Paging File | 83.21% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688.57 Gb Total Space | 194.30 Gb Free Space | 28.22% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 1.04 Gb Free Space | 10.45% Space Free | Partition Type: NTFS
Computer Name: SNIPER4 | User Name: Matthew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3991885356-2454324123-696889439-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = F9 06 67 25 A0 E1 C9 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{153D2ED5-856B-4BA6-85AC-AAF7914E530E}" = lport=5900 | protocol=6 | dir=in | name=ultravnc server |
"{1C6D49B7-80BD-4CF1-8090-9AEC6983A5B9}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
"{3135BCE8-CF9C-426D-82EA-D6364EE171AA}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
"{6876842D-1300-4250-A7AC-774FBF34B538}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7184787F-FE15-45FE-9FF7-19C9930C62BE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7AD3D5A0-968F-403B-8E1B-F83DA596A687}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{87B5DB2D-A0CE-4B6C-8A80-A7603923300E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A652B244-A94E-421E-898C-DA57EB8A2E9B}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
"{C227F0C5-698A-486F-97A2-9BBAE4427F7B}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
"{C2F377B9-6C96-48A4-8D65-B0C13AEE6270}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |
"{C4F724FC-CE0E-4122-909C-5C972C2FA301}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{D888150C-CCBD-4B75-9C97-15937F38DC87}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{043181EB-E19A-4065-8408-EEDC3CC5F4EC}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{07A720CE-6ACD-42B3-86F7-6FBE1ED7560C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hydrophobia\hydropc.exe |
"{0802B67B-EE64-4476-9BEC-0ACBDD7400DD}" = protocol=17 | dir=in | app=c:\programdata\ultravnc\winvnc.exe |
"{091F5DC2-AAA5-44D5-8FEF-6B464DF1646C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{0A1B1DCC-48D8-4EAF-832A-8AA19B039A33}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0A2F29B1-FD85-4476-AD34-D01E16721E2B}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{0E09D916-E3C6-4E1D-A0EE-873232D8C6BB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
"{0EFB086D-BA76-499F-A0BD-3A8E5BB31F56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra black plague\redist\penumbra.exe |
"{0FC2733A-A978-42A7-8F1C-9C33069A0844}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x2 - the threat\x2_the_threat_quickstart.pdf |
"{1576A48C-A859-416E-8692-0F2D905D9A08}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{19AB83C7-E50B-41C3-A0F1-92098EEAC03D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause\jcsetup.exe |
"{1B609D14-A9A1-4302-AAED-B0523842120B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\mass effect™ 2\masseffect2launcher.exe |
"{1D520427-95CF-42DB-A61E-B18B626F692A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\mass effect 3\binaries\win32\masseffect3.exe |
"{1F4B7F7D-8005-4BBA-99D9-9EB68DE032BE}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{200960EA-4969-48A1-93C9-1B77A9CC2093}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{212EBFA6-B172-4878-A44D-287334B82CCA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x beyond the frontier\runme.exe |
"{21368EA7-5E03-4614-A0A5-6E9938ECE549}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\config.exe |
"{21815B48-EB62-416A-B7CB-7E9AD146D564}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{2212AE71-FFBC-42F4-A6AC-D681A964263D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{235A34A2-BDB3-4DAF-82DE-3BD32F88436D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{251C629C-91AE-4792-AA90-B338D2550E7D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause\justcause.exe |
"{26AD3E84-AFC6-4895-B0EA-E0B8E9A2758A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{29FC5EFB-9370-4E83-86DF-25AE2E611723}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\overlord2.exe |
"{2A4BCBD8-6913-435A-9BB4-826D2B824A57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{2A55033A-D115-49EB-8FD1-9E809C76391B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2A79C876-C7F7-46BB-963E-61F4E67644DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker clear sky\bin\xrengine.exe |
"{2ACE8C89-88B1-408E-8FFD-BE40C77AAE2C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\farcry2.exe |
"{2D84AA9D-2A03-43F3-8DB6-F09A76D69478}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x2 - the threat\x2.exe |
"{2FD33258-E2AA-4660-BF3D-71695B7D87D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra overture\redist\penumbra.exe |
"{30D18855-3708-4399-9AD2-7D5A7248EAE0}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword_pitboss.exe |
"{31CCC08B-04CF-4408-B725-45773DA90D95}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\commandos 3 destination berlin\commandos3.exe |
"{33E29B95-DA0A-4EE4-998B-FAAE6642194A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{35726664-E62A-44FB-A43E-66B158DEEB3A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{35ABDD1A-B270-4018-8889-1FA1B03CA159}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra black plague\redist\requiem.exe |
"{38C3E06D-C799-4353-A0CF-3DE7BD8DFFED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{3A6DA6C5-015C-4C90-8F71-B3B3CCB4EA33}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\mass effect™ 2\masseffect2launcher.exe |
"{3B039064-0F54-4007-818D-E66981CB0D8D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{3B4F6F5E-4F7C-4085-A0F3-258A9566F6EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{3CED96D8-EB57-4286-8488-1B0944961D9C}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword.exe |
"{3E53F8CD-2F1F-4488-BF9B-9A6A4B7D3C1C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\commandos 3 destination berlin\readme.rtf |
"{3F5ADAC0-6691-4BDA-ACC4-64487763C85B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{3FC2DA1B-3899-4E71-97FE-3A8C9C46CB90}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{40A91704-060E-480B-9CD0-79A4149667AA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{4446E70F-3CC0-45D9-AD93-4997CD13B371}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{46B4922F-7EC1-4DEE-9D69-764F8BE941F0}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{49793684-6B76-4988-BAC2-70657739D3C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\safecracker 2\safecracker.exe |
"{4C2CCE21-CBAA-4EF6-BF32-DDC2150B8857}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{4DE76915-CC1F-4C60-8031-0B0821266D0B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the guild 2 renaissance\guildii.exe |
"{4DF33D24-BC5F-43FB-90E4-FD7D5F2D14A2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2editor.exe |
"{4ECCCC8F-FC2B-42BA-84AD-16E6543558DA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
"{4F7B2FA9-CF6A-4ADD-A4CC-65D15CCCC616}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
"{4FBE0E88-1944-4F10-96B0-1614E6148D48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause\justcause.exe |
"{505408DA-83B0-4345-90BB-616DC584F59E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2editor.exe |
"{525E5CEB-70C5-4CCC-8A25-5237C18BF47D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{54298CC2-F8B9-4D25-9927-7CF68736260D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-tension\runme.exe |
"{54362126-DD65-447D-900F-E46FD0601671}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\overlord2.exe |
"{570E0B1E-A2D2-4983-825B-71E3D00AD1EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe |
"{573DD775-5FC4-47C3-974C-6AB5CF973D29}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\safecracker 2\safecracker.exe |
"{58A78B15-F9CA-4403-9146-707B1D2477E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x beyond the frontier\runme.exe |
"{5B21B7DC-B484-47E7-BC46-3E7E432EEF07}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{5D075AAF-C1ED-4E85-855C-0D38E256832F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row 2\sr2_pc.exe |
"{5D33C509-3FAB-4BD1-9338-DCD624CE0416}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{5D518D19-8B73-49E4-9DB5-A161DFF97F78}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe |
"{5D57AF3D-B856-40BB-8AD2-FCA4964EAACE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{5DDB1031-7C4B-4328-8409-980C5E8FF0DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\config.exe |
"{5F5D9204-8DAC-45BC-8287-24316ED78AF6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
"{5F63DCF3-59FE-414A-876F-5B2EC907B8A5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\mass effect 3\binaries\win32\masseffect3.exe |
"{60082CC4-F299-4E9B-8AFA-080CE4F2050A}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{60819481-19ED-41F1-82C0-6655F3F5D918}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{60BB1266-59C3-4FA9-B115-65CE4B0553B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause\jcsetup.exe |
"{61DC42A4-8539-463E-8D6D-013B758B0EBF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{620D2F13-134C-4DC0-9439-466C400046BC}" = protocol=6 | dir=in | app=c:\programdata\ultravnc\winvnc.exe |
"{63941359-6C92-4988-8CA3-078E4D61F508}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 gold\civilization4.exe |
"{66551CD1-955A-4680-99E2-AF3B0830603F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{666C99B9-E4D1-4127-A065-93FFCA5ED5A4}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{66FB4278-5936-4879-8878-04F819D67D23}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 gold\civilization4.exe |
"{69A5956D-8591-437C-B48D-467118869042}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{69AA30D8-9E96-414E-B0A2-CED326B907AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x2 - the threat\x2_the_threat_quickstart.pdf |
"{6A8229BB-3F63-46EA-B45A-31F52B65E152}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the guild 2 renaissance\guildii.exe |
"{6AE39493-902A-4012-B5F5-3272A37A90CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-tension\runme.exe |
"{6B96D800-3EA2-4A44-A836-DA2DD765FE9C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic the hedgehog 4 ep 1\soniclauncher.exe |
"{6D6CA097-C53E-4438-8CBF-C1398A1BEAD0}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{6DCCCA9E-8659-4663-A1CC-44B307BD3121}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{6DE3A16C-3308-4312-B418-A7A9493414A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe |
"{7163CE87-2D0B-4ED0-865E-8D8E0DB80AB9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\config.exe |
"{71895B39-2873-4201-8AFA-036FD2B5854B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{72B16F25-6FED-44E2-AF5A-4E0459F2B221}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{73090404-D747-46AB-AEDF-C0647D3E5022}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{76986AB8-BD14-4842-A8BA-A61F20C6AECB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{7D737596-1416-4765-9A73-588495183CC5}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{7E6A069F-7F66-4D49-A92A-198C2E06EC5D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{81D34A3D-5B90-408F-AFF2-CC9AF2860625}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe |
"{84D24AF1-2B61-4BBD-B4A1-E257301962E2}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 gold\warlords\civ4warlords.exe |
"{855F1CF6-022E-4DA2-8AE5-C724A4ECE342}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{85CB8D54-D9E0-4AA3-9A88-2282DA6A9BA9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{86720B4F-A47B-4153-A0CC-36AF22614A81}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\overlord.exe |
"{878D63B3-261E-4DD8-B081-BAEB55ABF67F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{87F43DE7-EFA2-4543-A4AF-9A0392862019}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ufo afterlight\ufo.exe |
"{894F548C-CBC9-4629-8F72-7F219868F681}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
"{89D0B329-D2DE-47F9-B5B9-81A5F972EB72}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{8AE87047-38CD-45CA-826A-09B26F8DF07A}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{8B3112C3-473D-4D38-9F8E-6D71232B248F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra black plague\redist\requiem.exe |
"{8E49B857-DAC6-4919-BFF0-92E68FE4F970}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 gold\warlords\civ4warlords.exe |
"{8EF62B15-5A66-4DA5-B313-A5AC0AAA6C1E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{8FE03F39-A3B9-4ECA-815A-1EAF523BCF9A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{908E2241-DBC2-422F-AFC4-5D06D73C5BEB}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{93A71369-7FDD-4B4C-934C-64053DF26E07}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{94E04930-1B49-4F70-81C5-E7FDACA0E0EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra overture\redist\penumbra.exe |
"{951ED9F1-942B-4943-BDEC-27C3131A4364}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker clear sky\bin\xrengine.exe |
"{95F1BF59-26E2-4D77-81F5-6907BF27202D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe |
"{9AD643C3-B100-4CD5-B42A-F8CA947AA6E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\commandos 3 destination berlin\commandos3.exe |
"{9C89B6EA-FF1E-4575-BED6-EDD5C851FF2C}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword_pitboss.exe |
"{9CABA4A7-4818-4F28-9284-02B584F3AEC0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{9D16E598-C61D-4935-A9EF-14BE544B67C1}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword.exe |
"{9D175703-1B06-4DEA-A1DF-2EFE8871085C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{9E093071-9885-490C-93D6-3BEF40629813}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{9EDEDE4C-D5FB-4B29-A7F3-0037BB8378ED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{A522FDA2-9FB8-4A29-ACAB-763CD460CF3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A71B1135-A4D7-40C1-B09E-67760F41C929}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ufo afterlight\ufo.exe |
"{A94E6B4A-082D-4C7A-A14B-8BB3A34B7999}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{AA86F3CF-947D-473B-84F1-D24E3D539677}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{AC706F52-8DB0-4D96-9A00-54CE174BD6BF}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{AC9F2CD1-2ADF-4F33-8B40-D84D0DB319E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{ACFB2BC3-A578-433F-9A8F-A699E1E0BA38}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{B1089DD6-9BCC-41C5-AE8D-12C35E8A64E3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B33F3D0B-A846-4E46-B8D3-19356651EA27}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{B5438268-02FF-4C8E-849E-B24AE615960B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B58083A9-C35F-47DE-8411-55B2815F1FD5}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
"{B6B09834-69BE-4145-B4D4-1161B5C03FA8}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{B7B4A35A-C9C1-4C37-BCA1-182B73516F79}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{B9A5C77B-1BF3-4F05-9B2D-E1BA26A92537}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\config.exe |
"{B9F638DA-4875-4D50-8B8F-0C163CA8A130}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{BC7857AC-FC36-42A0-95BE-E3C4714580A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
"{BFB7AD97-70FD-4133-82CE-1600E6B19E15}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hydrophobia\hydropc.exe |
"{BFE8741C-E9E8-4F6F-B0E2-FB3B0586FA30}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x2 - the threat\x2_the_threat_manual_steam_english.pdf |
"{C56EE67E-4CEB-4C31-9B4F-A989614A3DC0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\farcry2.exe |
"{C5E1125E-56F9-49FE-B509-42F464B8A1ED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{C602F14B-74B5-4107-AE7A-F1B4823BEE5B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
"{C6FD2EA9-EB4E-4AAC-AF52-36AF8030C063}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{C7AA3194-CAFC-42C9-9A17-99931D9F2669}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\commandos 3 destination berlin\readme.rtf |
"{C94621E4-0BDB-4E24-BC3C-7314A76CEEBF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{C9F3B4F7-9119-40CC-9509-601557659D4A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{CC2A8DB9-960B-4F06-AD22-F279720315B7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{CC37371E-8EA3-4AC1-9A6E-2E3037B04088}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CDE91E28-01E1-4881-A33F-6BAA87317CFC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CF3A38F8-708F-474A-81EB-2B09269C216B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{D0BCE8E4-BF5A-4971-8433-6FB8991EEB75}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row 2\sr2_pc.exe |
"{D5B1CBCD-162E-472B-930B-A9E0ADDD3CFD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{D69C30CF-808C-42A8-B4FC-AF5A48006C2E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{D72AAB73-9985-4550-BBBF-1B31B1BE8B63}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{D8D38C20-D1EA-49F3-BB5B-2EE0CAF1E18F}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{DA501DC4-5579-4686-9FAB-69ECA722278A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic the hedgehog 4 ep 1\soniclauncher.exe |
"{DB87F75A-CE3E-46EA-977C-8CE6ACAD7B21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\overlord.exe |
"{DC169730-F508-4E5F-8A6D-09A4FCA5A49B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DE0261FF-D7F8-4E6A-B34F-85C7C6530B92}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{E2EA6F6E-FB85-4BC6-8D27-D594F5EA406D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{E3155D1A-822E-4E73-9DEE-EB6FEAD73B0C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{E457875B-49B7-43E8-8DC8-01844593DC5A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
"{E5F424B7-83FD-4CEE-9197-F93BE0F7E5F4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{E63A1CDA-0349-47F4-B503-F79C59CB139C}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{E77CA230-5738-4A1F-B4A7-03AC179CCEA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
"{E7BE1BC0-40A9-4E45-A08C-BC4824379878}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{E95D13DB-C16B-4BC5-BE80-03225E06098A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x2 - the threat\x2_the_threat_manual_steam_english.pdf |
"{ED33E67C-D9B9-4A39-9101-4BEBD85C8922}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe |
"{EDE0BFD9-FE04-439B-885E-7A241320B244}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe |
"{EE7FED98-76F3-4D04-9ABF-634315D4674F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe |
"{EEBD683D-5929-4F44-925A-B4E782E4017D}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{FA78F57D-513D-456D-9DDE-1295F15734AF}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{FB78BF0E-F313-4CFC-9E8F-A29508E3B458}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra black plague\redist\penumbra.exe |
"{FF46E34D-B845-4888-B154-875D28913FE2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x2 - the threat\x2.exe |
"TCP Query User{90D096DF-2775-419D-8489-0CF9222FF727}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{B68B20A1-CCC8-490D-B833-90301FABAF92}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe |
"TCP Query User{F891F19C-5B63-4CAD-9A1E-0068D065C6AE}C:\westwood\sun\game.exe" = protocol=6 | dir=in | app=c:\westwood\sun\game.exe |
"UDP Query User{1B621B42-06F2-47EF-927D-855F3077E401}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe |
"UDP Query User{6FEE6CBB-1D3E-4852-8197-98EBAB39AE0F}C:\westwood\sun\game.exe" = protocol=17 | dir=in | app=c:\westwood\sun\game.exe |
"UDP Query User{96246119-9175-41D1-8CF8-67AC4BAE13E0}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{17E02F38-FF2D-4c3d-83DF-ECE2A1D20A5E}" = AIO_CDB_ToolboxIni64
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35
"{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{551F4187-F029-4240-DEF9-836B5E43CB29}" = AMD Fuel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8A4C2871-D235-4379-96A5-EE228D7F251F}" = AlienFX for XPS
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE882A12-5A45-3DFF-9FD0-306DE65EB8A5}" = AMD Catalyst Install Manager
"{C0B50C99-24B0-4728-A82E-8A69DCC31A7E}" = XPS Thermal Monitor
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05156799-4EC3-4885-864E-E190A429B307}" = FaceGen Modeller 3.4 Free
"{05696DBC-59F4-C274-F175-1E7546F05995}" = Application Profiles
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{09F25F86-F957-4051-8AB2-0E0D948BBB5D}" = 1310
"{0A3A9522-EFA2-4C56-9138-101692C2A130}" = System Requirements Lab
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1486B3B8-DCD0-BD86-698E-B15237058FDF}" = Catalyst Control Center InstallProxy
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{166E180E-9A3F-41AE-8B40-22D8FFF4AF87}" = McAfee Virtual Technician
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21F3F7EC-CD32-D678-63AD-305F556D7BC9}" = Application Profiles
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.22
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
"{3F534669-6391-DB54-A396-6525C93D5541}" = Catalyst Control Center Graphics Previews Common
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{468A184E-7752-20FF-B56A-DB3AF97229B5}" = ccc-core-static
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{55502C49-F061-428C-BF26-06ECDFB3AC29}" = Sid Meier's Civilization 4 Gold
"{563F3279-A139-4C1C-B4E5-8889B136C135}" = H&R Block Illinois 2011
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
"{58E1B8A4-157D-488F-ADCA-3B87598C912F}" = H&R Block Illinois 2010
"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{611BD998-34B9-4DDA-00AE-0CB4632E86FA}" = SimCity 4 Rush Hour
"{616A9B24-448B-4DF3-926A-C4141FCD692C}_is1" = Hijack Hunter 1.8.4.1
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67F3E5DD-0A56-7560-58FF-AD82748CA40B}" = Catalyst Control Center Core Implementation
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
"{68C063CF-FF7D-49F3-AE93-ED0DA0EAE214}" = Vz In Home Agent
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C35AC15-0E72-2311-B719-944389FC4A81}" = CCC Help Korean
"{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
"{6D4553DF-2095-4D10-92C0-17934733B51D}" = 1310_Help
"{6D7E031C-4C05-4265-854A-FE9FDEA9984D}" = 1310Trb
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{704E5C65-6E2C-B256-ECDB-17FFE89ADFD6}" = Catalyst Control Center Graphics Full Existing
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75D84EF7-0D8C-4E70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
"{7A308DBD-CFF1-461E-98BE-3A6EE3B4333B}" = Gothic III - Forsaken Gods
"{7A437F7B-5F32-C7BA-6A08-AD574333A458}" = CCC Help English
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7FC07A07-0345-4B08-BBFE-43885A58253C}" = Killer Driver
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}" = AMD Fusion for Gaming 1.0
"{842B5C79-5C3F-521B-C0B3-5EF038E4B4DA}" = Catalyst Control Center InstallProxy
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931CFA8E-3CE1-4A96-97D7-32B21A7A8DAA}_is1" = Command & Conquer Windows 95 Edition Stand Alone v1.06b r2
"{936460AE-5876-B81E-7535-7EE23A3BB308}" = Catalyst Control Center Graphics Light
"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97EA42A5-3FAB-4948-B74D-F3C44B13F5CE}" = Crysis WARHEAD(R) Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9E2F7730-15E7-66DC-2B26-F4DA0AE4E7EE}" = Catalyst Control Center Graphics Full New
"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
"{A33A89D0-2F48-FD1C-A243-9073EE0592E0}" = Catalyst Control Center InstallProxy
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B41069C7-7E24-473F-B400-BF48B82D9948}" = AMD OverDrive
"{B42F73D4-AFDA-4761-B3F4-23A872D11339}" = Morrowind
"{B4A3E0ED-2950-5760-F46A-73E931281808}" = CCC Help Chinese Traditional
"{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = AMD VISION Engine Control Center
"{B67DE614-BDB8-4CB1-B3C3-8BD5EED1FDE1}" = System Requirements Lab CYRI
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B702F355-FE10-D065-C6DD-3706595EB1CD}" = Application Profiles
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
"{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
"{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles
"{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}" = H&R Block Deluxe + Efile + State 2011
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C754789A-6224-2B6A-F41B-227B6E78BC60}" = CCC Help Japanese
"{C93170A0-CBF9-481F-B972-B4FA5AEE0E06}" = Sound Blaster X-Fi
"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
"{CB0B4F17-16F3-454D-B5AD-E84F1549A361}" = Gothic III - Forsaken Gods Patch 1.08.9 Patch
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{Clear Sky Complete v1.1.3}}_is1" = Clear Sky Complete
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
"{D5193DED-6DEA-D4AE-BAB5-430A4189E0A8}" = Catalyst Control Center Graphics Previews Vista
"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
"{DCB10921-908F-4F15-91C8-3FDB58DCD62D}" = FaceGen Exchange v0.3b
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
"{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F8C7A1B9-CE14-468A-B55F-946D258792C2}" = Catalyst Control Center - Branding
"{FA1504C4-5E2F-C0A8-5E64-69846CDECF0D}" = CCC Help Chinese Standard
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF70923C-8A51-47F4-A7E9-893C6D54EB68}" = TES Construction Set
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_7" = AIM 7
"ALchemy" = Creative ALchemy
"Applian FLV Player2.0.25" = Applian FLV Player
"AudioCS" = Creative Audio Control Panel
"Call of Pripyat Complete_is1" = Call of Pripyat Complete v1.0.2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis WARHEAD(R) Patch" = Crysis WARHEAD(R) Patch
"Dell Video Chat" = Dell Video Chat
"Diagnostics 4_5" = Creative Diagnostics
"EA Installer.1850990614" = EA Installer
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Fallout Collection" = Fallout Collection
"Find My Credit Card_is1" = Find My Credit Card v2.3
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"HijackThis" = HijackThis 2.0.2
"Host OpenAL" = Host OpenAL
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{8A4C2871-D235-4379-96A5-EE228D7F251F}" = AlienFX for XPS
"InstallShield_{C0B50C99-24B0-4728-A82E-8A69DCC31A7E}" = XPS Thermal Monitor
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Moo0 FileShredder" = Moo0 FileShredder 1.16
"Morrowind AnimKit" = Morrowind AnimKit 2.1 (remove only)
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"Notepad++" = Notepad++
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"OpenAL" = OpenAL
"Origin" = Origin
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"RadeonPro_is1" = RadeonPro 1.0 (Build 1.1.0.6)
"Red Alert 2" = Command & Conquer Red Alert 2
"Renegade" = Command & Conquer Renegade
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SpywareBlaster_is1" = SpywareBlaster 4.6
"Steam App 105600" = Terraria
"Steam App 11450" = Overlord
"Steam App 12710" = Overlord: Raising Hell
"Steam App 12810" = Overlord II
"Steam App 17410" = Mirror's Edge
"Steam App 17460" = Mass Effect
"Steam App 19900" = Far Cry 2
"Steam App 202480" = Creation Kit
"Steam App 202530" = SONIC THE HEDGEHOG 4 Episode I
"Steam App 20510" = S.T.A.L.K.E.R.: Clear Sky
"Steam App 220" = Half-Life 2
"Steam App 22120" = Penumbra: Black Plague
"Steam App 22140" = Penumbra: Requiem
"Steam App 22180" = Penumbra: Overture
"Steam App 22380" = Fallout: New Vegas
"Steam App 2800" = X2: The Threat
"Steam App 2840" = X: Beyond the Frontier
"Steam App 2850" = X-Tension
"Steam App 3260" = Safecracker: The Ultimate Puzzle Adventure
"Steam App 35700" = Trine
"Steam App 380" = Half-Life 2: Episode One
"Steam App 39680" = The Guild II: Renaissance
"Steam App 400" = Portal
"Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 48000" = LIMBO
"Steam App 55230" = Saints Row: The Third
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 620" = Portal 2
"Steam App 6840" = Commandos 3: Destination Berlin
"Steam App 6860" = Hitman: Blood Money
"Steam App 6880" = Just Cause
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7500" = UFO: Afterlight
"Steam App 7670" = BioShock
"Steam App 8190" = Just Cause 2
"Steam App 8850" = BioShock 2
"Steam App 92000" = Hydrophobia: Prophecy
"Steam App 9480" = Saints Row 2
"SystemRequirementsLab" = System Requirements Lab
"TibEd2" = TibEd 2
"TibEdNSIS" = TibEd 1.7
"Tiberian Sun" = Command & Conquer Tiberian Sun
"Tropico3" = Tropico 3: Absolute Power
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WaveStudio 7" = Creative WaveStudio 7
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WOLAPI" = Westwood Shared Internet Components
"Wrye Bash" = Wrye Bash
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yuri's Revenge" = Command && Conquer Red Alert 2 - Yuri's Revenge
Here is the rest of my extras.txt. Once again, I'm sorry it is so long. I'm pretty sure that I marked "minimal output." Perhaps they are so long because of all of my games? Thanks in advance.
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/25/2012 5:35:47 PM | Computer Name = Sniper4 | Source = Application Error | ID = 1000
Description = Faulting application SDImmunize.exe, version 2.0.9.130, time stamp
0x4ff41d9a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x38782820, process id 0xc38, application start time
0x01cd6aad727bb07c.
Error - 7/25/2012 5:35:48 PM | Computer Name = Sniper4 | Source = Application Error | ID = 1000
Description = Faulting application SDImmunize.exe, version 2.0.9.130, time stamp
0x4ff41d9a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x38782820, process id 0xc38, application start time
0x01cd6aad727bb07c.
Error - 7/25/2012 5:35:49 PM | Computer Name = Sniper4 | Source = Application Error | ID = 1000
Description = Faulting application SDImmunize.exe, version 2.0.9.130, time stamp
0x4ff41d9a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x38782820, process id 0xc38, application start time
0x01cd6aad727bb07c.
Error - 7/25/2012 5:35:54 PM | Computer Name = Sniper4 | Source = Application Error | ID = 1000
Description = Faulting application SDImmunize.exe, version 2.0.9.130, time stamp
0x4ff41d9a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x38782820, process id 0xc38, application start time
0x01cd6aad727bb07c.
Error - 7/25/2012 11:30:07 PM | Computer Name = Sniper4 | Source = WinMgmt | ID = 10
Description =
Error - 7/26/2012 12:14:26 AM | Computer Name = Sniper4 | Source = WinMgmt | ID = 10
Description =
Error - 7/26/2012 9:05:03 AM | Computer Name = Sniper4 | Source = WinMgmt | ID = 10
Description =
Error - 7/26/2012 9:33:10 AM | Computer Name = Sniper4 | Source = WinMgmt | ID = 10
Description =
Error - 7/26/2012 3:52:40 PM | Computer Name = Sniper4 | Source = WinMgmt | ID = 10
Description =
Error - 7/26/2012 11:45:08 PM | Computer Name = Sniper4 | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 8/25/2009 5:53:56 PM | Computer Name = Sniper4 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 7/26/2012 11:45:09 PM | Computer Name = Sniper4 | Source = Service Control Manager | ID = 7000
Description =
Error - 7/26/2012 11:45:09 PM | Computer Name = Sniper4 | Source = Service Control Manager | ID = 7000
Description =
Error - 7/26/2012 11:45:09 PM | Computer Name = Sniper4 | Source = Service Control Manager | ID = 7023
Description =
Error - 7/26/2012 11:45:09 PM | Computer Name = Sniper4 | Source = Service Control Manager | ID = 7023
Description =
Error - 7/26/2012 11:45:13 PM | Computer Name = Sniper4 | Source = Service Control Manager | ID = 7026
Description =
Error - 7/26/2012 11:45:39 PM | Computer Name = Sniper4 | Source = Service Control Manager | ID = 7000
Description =
Error - 7/26/2012 11:46:18 PM | Computer Name = Sniper4 | Source = Service Control Manager | ID = 7023
Description =
Error - 7/26/2012 11:46:29 PM | Computer Name = Sniper4 | Source = Service Control Manager | ID = 7023
Description =
Error - 7/26/2012 11:59:46 PM | Computer Name = Sniper4 | Source = Service Control Manager | ID = 7031
Description =
Error - 7/26/2012 11:59:50 PM | Computer Name = Sniper4 | Source = Service Control Manager | ID = 7031
Description =
< End of report >
Good Morning,
C:\Program Files\HitmanPro <-- This program is legit but we have seen it bork a few systems so I recommend to uninstall it but this is up to you.
Looks like you have some infected backup copies of your hosts file, lets do this.
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
[2012/07/18 07:53:36 | 000,443,582 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120725-083204.backup
[2012/07/17 23:55:56 | 000,443,526 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120718-075336.backup
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
So post the log from the fix, then run OTL again and post a new log please
Let me know how things are running now ?
Thank you for finding the infected hosts files :). Unfortunately, my search results are still being hijacked. If it helps, I found that it affects Firefox and Internet Explorer differently.
Firefox: It will redirect my browser on my second attempt at clicking on a search result. If I tell it to open my search results in a new tab, it will only try the redirect on the second result. If I leave the search engine's site or restart Firefox, then the hijacker seems to "refresh" itself and it will try to redirect on my second attempt at clicking on a search result.
Internet Explorer: There seems to be no pattern with how it redirects. It will try to redirect my browser at nearly every attempt at clicking on a search result. It never tries to redirect on my first attempt to access a search result, though.
I hope that helps. Here is the log from the OTL fix on the infected hosts backups:
All processes killed
========== PROCESSES ==========
========== OTL ==========
C:\Windows\SysNative\drivers\etc\hosts.20120725-083204.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20120718-075336.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Matthew\Desktop\cmd.bat deleted successfully.
C:\Users\Matthew\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 102248 bytes
->Temporary Internet Files folder emptied: 682816 bytes
->Java cache emptied: 13425631 bytes
->Flash cache emptied: 405 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Matthew
->Temp folder emptied: 75173427 bytes
->Temporary Internet Files folder emptied: 66578849 bytes
->Java cache emptied: 6031025 bytes
->FireFox cache emptied: 262348617 bytes
->Opera cache emptied: 12501 bytes
->Flash cache emptied: 60052 bytes
User: Public
User: RA Media Server
->Temp folder emptied: 8842865 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 24576 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36425 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 99175 bytes
RecycleBin emptied: 165746504 bytes
Total Files Cleaned = 572.00 mb
OTL by OldTimer - Version 3.2.55.0 log created on 07272012_085109
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\4011.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\4E4E.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\9924.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\F23F.tmp scheduled to be moved on reboot.
PendingFileRenameOperations files...
[2012/07/27 08:51:14 | 000,000,098 | ---- | M] () C:\Windows\System32\drivers\etc\Hosts : MD5=F9C056369E96130CEAD3623A430D925F
[2010/05/26 10:39:08 | 000,006,144 | ---- | M] (Sophos Plc) C:\Windows\SysNative\4011.tmp : MD5=D70476AD02D6FD75282B196D3B58831D
[2010/05/26 10:39:08 | 000,006,144 | ---- | M] (Sophos Plc) C:\Windows\SysNative\4E4E.tmp : MD5=D70476AD02D6FD75282B196D3B58831D
[2010/05/26 10:39:08 | 000,006,144 | ---- | M] (Sophos Plc) C:\Windows\SysNative\9924.tmp : MD5=D70476AD02D6FD75282B196D3B58831D
[2010/05/26 10:39:08 | 000,006,144 | ---- | M] (Sophos Plc) C:\Windows\SysNative\F23F.tmp : MD5=D70476AD02D6FD75282B196D3B58831D
Registry entries deleted on Reboot...
---------------------------------------------------------------------
Here is my new OTL.txt log. It didn't create an extras.txt this time.
OTL logfile created on: 7/27/2012 9:39:02 AM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Matthew\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.99 Gb Total Physical Memory | 6.49 Gb Available Physical Memory | 81.27% Memory free
16.17 Gb Paging File | 13.38 Gb Available in Paging File | 82.76% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688.57 Gb Total Space | 193.12 Gb Free Space | 28.05% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 1.04 Gb Free Space | 10.45% Space Free | Partition Type: NTFS
Computer Name: SNIPER4 | User Name: Matthew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Matthew\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe (Mr. John aka japamd)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Alienware\AlienFX\AlienFXHook32Mngr.exe (Alienware)
PRC - C:\Program Files\Alienware\AlienFX\AlienwareAlienFXController.exe (Alienware Corporation)
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
PRC - C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe ()
PRC - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Windows\SysWOW64\OemSpiE.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()
MOD - C:\Program Files\Alienware\AlienFX\Alienlabs.CommandCenter.Tools.dll ()
MOD - C:\Program Files\Alienware\AlienFX\AlienLabsTools.dll ()
MOD - C:\Program Files (x86)\Common Files\Dell\apache\ioncube_loader_win_5.2.dll ()
MOD - C:\Program Files (x86)\Common Files\Dell\apache\libmysql.dll ()
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (Killer Port Manager) -- C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe ()
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (Pml Driver HPZ12) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (Net Driver HPZ12) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (RadeonPro Support Service) -- C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe (Mr. John aka japamd)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL1 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe (Creative Labs)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (hnmsvc) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
SRV - (dsl-fs-sync) -- C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
SRV - (AMD_RAIDXpert) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
SRV - (uvnc_service) -- C:\ProgramData\UltraVNC\winvnc.exe (UltraVNC)
SRV - (Apache2.2) -- C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (dsl-db) -- C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe ()
SRV - (Viewpoint Manager Service) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (KeyScrambler) -- C:\Windows\SysNative\drivers\keyscrambler.sys (QFX Software Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\DRIVERS\ladfSBVMamd64.sys (Logitech)
DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\DRIVERS\ladfDHP2amd64.sys (Logitech)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\4011.tmp (Sophos Plc)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\DRIVERS\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (Nv834x64) -- C:\Windows\SysNative\DRIVERS\nv834x64.sys (Bigfoot Networks, Inc.)
DRV:64bit: - (NvEdge64) -- C:\Windows\SysNative\DRIVERS\NvEdge64.sys (Bigfoot Networks, Inc.)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (t3) -- C:\Windows\SysNative\drivers\t3.sys (Creative Technology Ltd.)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys (SingleClick Systems)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (AMD, Inc.)
DRV - ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl (CyberLink Corp.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shawneelink.net
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\..\SearchScopes,DefaultScope = {0156A926-A582-4313-8DDC-55084C5AE244}
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\..\SearchScopes\{0156A926-A582-4313-8DDC-55084C5AE244}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shawneelink.net/
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\..\SearchScopes\{0156A926-A582-4313-8DDC-55084C5AE244}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/26 14:20:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 17:28:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 22:03:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 17:28:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 22:03:46 | 000,000,000 | ---D | M]
[2009/05/19 20:44:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Extensions
[2012/07/26 08:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\z7yr9m7x.default\extensions
[2010/06/24 22:18:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\z7yr9m7x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/07/24 08:04:38 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\z7yr9m7x.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/07/26 08:30:52 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\z7yr9m7x.default\extensions\keyscrambler@qfx.software.corporation
[2012/03/18 15:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/26 14:20:13 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2012/07/03 12:27:03 | 000,340,684 | ---- | M] () (No name found) -- C:\USERS\MATTHEW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z7YR9M7X.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012/01/21 22:01:12 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\MATTHEW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z7YR9M7X.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012/07/18 09:22:51 | 000,016,192 | ---- | M] () (No name found) -- C:\USERS\MATTHEW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z7YR9M7X.DEFAULT\EXTENSIONS\{DD3D7613-0246-469D-BC65-2A3CC1668ADC}.XPI
[1623/04/03 16:46:44 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\MATTHEW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z7YR9M7X.DEFAULT\EXTENSIONS\LNMDHUSBUH@LNMDHUSBUH.ORG.XPI
[2012/07/18 17:28:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/03/03 18:56:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2012/06/24 22:24:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/24 22:24:23 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/07/27 08:51:14 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120626123001.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120626123001.dll (McAfee, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3991885356-2454324123-696889439-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\AlienFX\AlienwareAlienFXController.exe (Alienware Corporation)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3991885356-2454324123-696889439-1000..\Run: [Citrix] C:\Users\Matthew\AppData\Local\DataSafeOnline\Citrix\fvuldh.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3991885356-2454324123-696889439-1000..\Run: [XPS Thermal Monitor] C:\Program Files\Dell\XPS Thermal Monitor\ThermalApp.exe (Dell)
O4 - HKU\S-1-5-21-3991885356-2454324123-696889439-1001..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-3991885356-2454324123-696889439-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3991885356-2454324123-696889439-1001..\Run: [XPS Thermal Monitor] C:\Program Files\Dell\XPS Thermal Monitor\ThermalApp.exe (Dell)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()
O4 - HKU\S-1-5-21-3991885356-2454324123-696889439-1001..\RunOnce: [CTAutoUpdate] C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk = C:\Program Files (x86)\Logitech\G35\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3991885356-2454324123-696889439-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E682FBAB-81CA-4273-A76D-AE65C47E9500}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E682FBAB-81CA-4273-A76D-AE65C47E9500}: Domain = shawneelink.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF9C67AB-5215-40DD-8C79-6340E99DF643}: Domain = shawneelink.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF9C67AB-5215-40DD-8C79-6340E99DF643}: NameServer = 216.240.66.19
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/27 09:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/07/27 08:51:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/27 08:45:08 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\old logs
[2012/07/26 23:00:04 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matthew\Desktop\TDSSKiller.exe
[2012/07/26 16:28:23 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.exe
[2012/07/26 12:21:18 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Matthew\Desktop\aswMBR.exe
[2012/07/26 08:30:55 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\QFX Software
[2012/07/26 08:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2012/07/26 08:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2012/07/26 08:30:39 | 000,222,904 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2012/07/26 08:30:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyScrambler
[2012/07/25 23:12:25 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012/07/25 09:18:36 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Documents\Anti-Malware
[2012/07/23 08:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/07/23 08:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/07/21 16:01:30 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\Ad-Aware Antivirus
[2012/07/18 17:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/18 10:59:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/18 10:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/07/18 08:46:28 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Documents\ProcAlyzer Dumps
[2012/07/18 08:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/07/18 08:41:24 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012/07/18 08:31:22 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\Safer Networking
[2012/07/18 08:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2012/07/18 08:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2012/07/17 12:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoVirusThanks
[2012/07/17 12:30:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NoVirusThanks
[2012/07/11 15:39:50 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\XRay Engine
[2012/07/10 19:10:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/10 19:10:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/10 19:10:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/10 19:10:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/10 19:10:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/10 19:10:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/10 19:10:47 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/10 19:10:47 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/10 19:10:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/10 19:10:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/10 19:10:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/10 19:10:46 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/10 19:10:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/10 16:16:11 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/09 10:08:12 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\clear sky backup
[2012/07/06 15:09:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-STCS
[2012/06/28 21:32:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\stalker-shoc
[2009/11/25 21:03:31 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Matthew\AppData\Roaming\pcouffin.sys
[2009/07/24 21:38:55 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Matthew\AppData\Roaming\DataSafeDotNet.exe
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/27 09:13:38 | 000,000,632 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/07/27 09:12:56 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/27 09:12:56 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/27 09:12:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/27 08:51:14 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/26 22:54:01 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/26 22:54:01 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/26 16:28:31 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.exe
[2012/07/26 16:28:14 | 002,117,108 | ---- | M] () -- C:\Users\Matthew\Desktop\tdsskiller.zip
[2012/07/26 14:00:26 | 000,000,512 | ---- | M] () -- C:\Users\Matthew\Desktop\MBR.dat
[2012/07/26 12:22:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Matthew\Desktop\aswMBR.exe
[2012/07/25 23:12:25 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012/07/24 17:41:46 | 000,001,018 | ---- | M] () -- C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk
[2012/07/24 13:22:36 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matthew\Desktop\TDSSKiller.exe
[2012/07/23 08:32:58 | 001,376,832 | ---- | M] () -- C:\Users\Matthew\Desktop\sar_15_sfx.exe
[2012/07/21 21:09:10 | 000,005,985 | ---- | M] () -- C:\Users\Matthew\Desktop\Attach.zip
[2012/07/18 14:13:15 | 000,000,630 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/07/15 00:36:59 | 000,026,624 | ---- | M] () -- C:\Users\Matthew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/13 14:18:37 | 000,001,356 | ---- | M] () -- C:\Users\Matthew\AppData\Local\d3d9caps.dat
[2012/07/11 08:01:16 | 000,382,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/09 10:03:13 | 003,185,764 | ---- | M] () -- C:\Users\Matthew\Desktop\factioncommander_2.0final.7z
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/28 16:46:05 | 000,270,176 | ---- | M] () -- C:\Users\Matthew\Desktop\Mini062812-01.dmp
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/07/26 16:27:32 | 002,117,108 | ---- | C] () -- C:\Users\Matthew\Desktop\tdsskiller.zip
[2012/07/26 14:00:26 | 000,000,512 | ---- | C] () -- C:\Users\Matthew\Desktop\MBR.dat
[2012/07/24 17:41:46 | 000,001,018 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk
[2012/07/23 08:32:55 | 001,376,832 | ---- | C] () -- C:\Users\Matthew\Desktop\sar_15_sfx.exe
[2012/07/21 21:09:10 | 000,005,985 | ---- | C] () -- C:\Users\Matthew\Desktop\Attach.zip
[2012/07/18 08:41:45 | 000,000,630 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/07/18 08:41:42 | 000,000,632 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/07/18 08:41:31 | 000,002,026 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/07/09 10:03:03 | 003,185,764 | ---- | C] () -- C:\Users\Matthew\Desktop\factioncommander_2.0final.7z
[2012/06/28 17:05:28 | 000,270,176 | ---- | C] () -- C:\Users\Matthew\Desktop\Mini062812-01.dmp
[2012/04/08 22:01:43 | 000,103,784 | ---- | C] () -- C:\Users\Matthew\GoToAssistDownloadHelper.exe
[2012/02/14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/24 00:48:28 | 000,000,160 | ---- | C] () -- C:\Users\Matthew\AppData\Local\Bandwidth.xml
[2010/12/24 00:33:30 | 000,002,651 | ---- | C] () -- C:\Users\Matthew\AppData\Local\KillerWallConfig.xml
[2010/12/24 00:26:52 | 000,000,002 | ---- | C] () -- C:\Users\Matthew\AppData\Local\menu.old
[2010/12/22 23:53:52 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010/10/21 16:23:01 | 000,000,732 | ---- | C] () -- C:\Users\Matthew\AppData\Local\d3d9caps64.dat
[2009/12/08 20:51:57 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2009/11/25 21:04:54 | 000,001,044 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\vso_ts_preview.xml
[2009/11/25 21:03:31 | 000,099,384 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\inst.exe
[2009/11/25 21:03:31 | 000,007,859 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\pcouffin.cat
[2009/11/25 21:03:31 | 000,001,167 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\pcouffin.inf
[2009/10/03 22:22:28 | 000,000,095 | ---- | C] () -- C:\Users\Matthew\AppData\Local\fusioncache.dat
[2009/05/20 09:28:34 | 000,026,624 | ---- | C] () -- C:\Users\Matthew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/19 17:31:15 | 000,001,356 | ---- | C] () -- C:\Users\Matthew\AppData\Local\d3d9caps.dat
[2009/05/19 16:47:07 | 000,000,586 | ---- | C] () -- C:\Users\Matthew\AppData\Local\menu.new
[2009/05/19 16:47:07 | 000,000,586 | ---- | C] () -- C:\Users\Matthew\AppData\Local\menu.bfm
========== Alternate Data Streams ==========
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
Lets try a few more things, there will be no extras log on the second run of OTL
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1 (http://jpshortstuff.247fixes.com/GooredFix.exe)
Download Mirror #2 (http://downloads.securitycadets.com/GooredFix.exe)
Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
GooredFix didn't find anything. ComboFix removed a few items, but I'm still being redirected at search engines.
Here is my GooredFix log:
GooredFix by jpshortstuff (03.07.10.1)
Log created at 12:23 on 27/07/2012 (Matthew)
Firefox version 14.0.1 (en-US)
========== GooredScan ==========
========== GooredLog ==========
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:43 20/05/2009]
C:\Users\Matthew\Application Data\Mozilla\Firefox\Profiles\z7yr9m7x.default\extensions\
keyscrambler@qfx.software.corporation [13:30 26/07/2012]
{20a82645-c095-46ed-80e3-08825760534b} [03:18 25/06/2010]
{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [13:04 24/07/2012]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [00:09 20/05/2009]
"{D19CA586-DD6C-4a0a-96F8-14644F340D60}"="C:\Program Files (x86)\Common Files\McAfee\SystemCore" [13:00 01/09/2010]
-=E.O.F=-
----------------------------------------------------------------------
Here is my ComboFix log:
ComboFix 12-07-27.03 - Matthew 07/27/2012 15:33:58.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8180.6205 [GMT -5:00]
Running from: c:\users\Matthew\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Spybot - Search and Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Matthew\AppData\Local\DataSafeOnline\Citrix\fvuldh.dll
c:\users\Matthew\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 20:43 . 2012-07-27 20:43 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2012-07-27 20:43 . 2012-07-27 20:43 -------- d-----w- c:\users\Matthew\AppData\Local\temp
2012-07-27 20:43 . 2012-07-27 20:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 20:43 . 2012-07-27 20:43 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-27 19:21 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE257739-D8EC-4DC0-88EB-59839413F92E}\mpengine.dll
2012-07-27 13:51 . 2012-07-27 13:51 -------- d-----w- C:\_OTL
2012-07-26 13:30 . 2012-07-26 13:30 -------- d-----w- c:\users\Matthew\AppData\Roaming\QFX Software
2012-07-26 13:30 . 2012-07-26 13:30 -------- d-----w- c:\programdata\QFX Software
2012-07-26 13:30 . 2012-07-26 13:30 -------- d-----w- c:\program files (x86)\KeyScrambler
2012-07-26 13:30 . 2011-12-15 00:46 222904 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2012-07-26 04:12 . 2012-07-26 04:12 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-07-23 17:38 . 2010-05-26 15:39 6144 ----a-w- c:\windows\system32\4011.tmp
2012-07-23 17:36 . 2010-05-26 15:39 6144 ----a-w- c:\windows\system32\F23F.tmp
2012-07-23 13:35 . 2010-05-26 15:39 6144 ----a-w- c:\windows\system32\9924.tmp
2012-07-23 13:33 . 2010-05-26 15:39 6144 ----a-w- c:\windows\system32\4E4E.tmp
2012-07-23 13:33 . 2012-07-23 13:33 -------- d-----w- c:\program files (x86)\Sophos
2012-07-21 21:01 . 2012-07-21 21:01 -------- d-----w- c:\users\Matthew\AppData\Roaming\Ad-Aware Antivirus
2012-07-18 22:13 . 2012-07-18 22:15 -------- d-----w- c:\programdata\HitmanPro
2012-07-18 15:59 . 2012-07-18 18:15 -------- d-----w- c:\programdata\MFAData
2012-07-18 15:59 . 2012-07-18 15:59 -------- d--h--w- c:\programdata\Common Files
2012-07-18 13:41 . 2009-01-25 18:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2012-07-18 13:31 . 2012-07-18 13:31 -------- d-----w- c:\users\Matthew\AppData\Roaming\Safer Networking
2012-07-18 13:30 . 2012-07-18 13:30 -------- d-----w- c:\program files (x86)\Safer Networking
2012-07-17 17:30 . 2012-07-17 17:30 -------- d-----w- c:\program files (x86)\NoVirusThanks
2012-07-11 20:39 . 2012-07-11 20:39 -------- d-----w- c:\users\Matthew\AppData\Roaming\XRay Engine
2012-07-10 21:16 . 2012-06-05 16:22 974848 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 03:54 . 2012-03-29 12:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 03:54 . 2011-05-31 13:00 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 00:12 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-07-03 18:46 . 2009-09-04 00:37 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-23 23:25 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 23:26 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 23:26 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 23:26 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 23:25 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-23 23:25 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-23 23:25 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-23 23:26 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 23:25 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-23 23:25 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 20:19 . 2012-06-23 23:25 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:19 . 2012-06-23 23:25 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 20:15 . 2012-06-23 23:25 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 20:12 . 2012-06-23 23:25 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-05-31 17:25 . 2010-03-09 04:49 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-01 14:29 . 2012-06-13 19:17 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XPS Thermal Monitor"="c:\program files\Dell\XPS Thermal Monitor\ThermalApp.exe" [2008-12-09 303104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"SPIRunE"="SPIRunE.dll" [2007-05-09 18432]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech blank Product Registration.lnk - c:\program files (x86)\Logitech\G35\eReg.exe [2008-2-13 493832]
.
c:\users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2012-07-18 17:41]
.
2012-07-18 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2012-07-18 17:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlienFX Controller"="c:\program files\Alienware\AlienFX\AlienwareAlienFXController.exe" [2008-10-29 79872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" [2009-02-17 361]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title = ShawneeLink
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MI1933~1\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\BfLLR.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FF9C67AB-5215-40DD-8C79-6340E99DF643}: NameServer = 216.240.66.19
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\z7yr9m7x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Citrix - c:\users\Matthew\AppData\Local\DataSafeOnline\Citrix\fvuldh.dll
Notify-SDWinLogon - SDWinLogon.dll
HKLM-Run-(Default) - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4011.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3991885356-2454324123-696889439-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:08,96,0f,24,78,e7,56,44,a0,07,fa,c7,5f,10,59,5d,bc,c6,6a,d6,13,2b,c2,
8f,aa,3e,ff,a4,66,76,11,5e,a9,a3,5e,90,04,9d,0c,f1,15,17,a5,a5,c9,53,de,43,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-3991885356-2454324123-696889439-1000\Software\SecuROM\License information*]
"datasecu"=hex:3c,f8,a4,de,0e,8b,9a,71,a5,43,ff,8f,55,6b,02,c7,ae,d9,3a,f8,79,
37,19,a1,b7,6d,c0,11,8d,d7,36,30,4c,1d,bf,21,bd,63,3d,38,78,ee,7a,52,48,ab,\
"rkeysecu"=hex:75,0a,ce,a6,a0,5f,8b,7b,42,5d,26,2b,f0,54,82,9c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2012-07-27 15:45:46
ComboFix-quarantined-files.txt 2012-07-27 20:45
.
Pre-Run: 209,071,542,272 bytes free
Post-Run: 208,851,456,000 bytes free
.
- - End Of File - - D5BBEBCA07E4C7B6B47EA290F2642202
Run this quick scan, I dont believe this is the problem so its just a doublecheck
Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
MBRCheck didn't detect anything, but ESET Online Detector found a redirector trojan.
Here is the log from MBRCheck:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: XPS 625
Logical Drives Mask: 0x0000003d
Kernel Drivers (total 150):
0x02A00000 \SystemRoot\system32\ntoskrnl.exe
0x02F18000 \SystemRoot\system32\hal.dll
0x0060C000 \SystemRoot\system32\kdcom.dll
0x00616000 \SystemRoot\system32\PSHED.dll
0x0062A000 \SystemRoot\system32\CLFS.SYS
0x00687000 \SystemRoot\system32\CI.dll
0x0080A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F2000 \SystemRoot\system32\drivers\acpi.sys
0x00948000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00951000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095B000 \SystemRoot\system32\drivers\pci.sys
0x0098B000 \SystemRoot\System32\drivers\partmgr.sys
0x009A0000 \SystemRoot\system32\drivers\volmgr.sys
0x00739000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B4000 \SystemRoot\system32\drivers\pciide.sys
0x009BB000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009CB000 \SystemRoot\System32\drivers\mountmgr.sys
0x009DE000 \SystemRoot\system32\drivers\atapi.sys
0x0079F000 \SystemRoot\system32\drivers\ataport.SYS
0x00A05000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A4C000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A60000 \SystemRoot\system32\drivers\mfehidk.sys
0x00AFC000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00B08000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C05000 \SystemRoot\system32\drivers\ndis.sys
0x00B8F000 \SystemRoot\system32\drivers\msrpc.sys
0x00E0A000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E63000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0100D000 \SystemRoot\system32\drivers\volsnap.sys
0x01051000 \SystemRoot\System32\Drivers\spldr.sys
0x01059000 \SystemRoot\System32\Drivers\mup.sys
0x0106B000 \SystemRoot\System32\drivers\ecache.sys
0x01097000 \SystemRoot\system32\drivers\disk.sys
0x010AB000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x010D7000 \SystemRoot\system32\drivers\crcdisk.sys
0x010E1000 \SystemRoot\system32\drivers\ahcix64s.sys
0x0112F000 \SystemRoot\system32\drivers\storport.sys
0x01000000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x011F2000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00FE3000 \SystemRoot\system32\DRIVERS\processr.sys
0x09003000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x0920D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x09CCB000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x09DAE000 \SystemRoot\System32\drivers\watchdog.sys
0x09058000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x09145000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x09DBE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x09DDA000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x09196000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x09DE5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x09200000 \SystemRoot\system32\DRIVERS\fdc.sys
0x091DC000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x091EE000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x00DC8000 \SystemRoot\system32\DRIVERS\nv834x64.sys
0x09DF6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x007C3000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x00DEA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x09E03000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x09E26000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x09E32000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x09E63000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x09E73000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x09E91000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x09EA9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x09EBC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x09ECA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x09F42000 \SystemRoot\system32\DRIVERS\swenum.sys
0x09F44000 \SystemRoot\system32\DRIVERS\ks.sys
0x09F78000 \SystemRoot\system32\DRIVERS\AmdLLD64.sys
0x09F8B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x09F96000 \SystemRoot\system32\drivers\LGBusEnum.sys
0x09F9A000 \SystemRoot\system32\DRIVERS\amdiox64.sys
0x09FAE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x09ED6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x09F1E000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x09F29000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x09FBE000 \SystemRoot\system32\drivers\AtihdLH6.sys
0x0C80B000 \SystemRoot\system32\drivers\portcls.sys
0x0C846000 \SystemRoot\system32\drivers\drmk.sys
0x0C869000 \SystemRoot\system32\drivers\ksthunk.sys
0x0C86F000 \SystemRoot\system32\drivers\t3.sys
0x0C90E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x0C918000 \SystemRoot\System32\Drivers\Null.SYS
0x0C92C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0C94A000 \SystemRoot\System32\drivers\vga.sys
0x0C958000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0C97D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0C986000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0C98F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0C99A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0C9AB000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x0CC05000 \SystemRoot\System32\drivers\tcpip.sys
0x0CD79000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0CDA5000 \SystemRoot\system32\drivers\mfewfpk.sys
0x0C9B4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0C9D1000 \SystemRoot\system32\DRIVERS\smb.sys
0x0CE03000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0CE47000 \SystemRoot\system32\drivers\afd.sys
0x0CEB2000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x0CEBD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0CEDB000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x0CEEC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0CEFB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0CF16000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0CF63000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0CF6F000 \SystemRoot\System32\Drivers\dfsc.sys
0x0CF8C000 \SystemRoot\system32\drivers\mfeavfk.sys
0x0CFC2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0CFCB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0CFDD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0D008000 \SystemRoot\system32\drivers\mfefirek.sys
0x0D07D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0D088000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0D0A4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0D0AF000 \SystemRoot\System32\drivers\keyscrambler.sys
0x0D0E8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0D0F6000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x0D100000 \SystemRoot\System32\Drivers\dump_ahcix64s.sys
0x000C0000 \SystemRoot\System32\win32k.sys
0x0D14E000 \SystemRoot\System32\drivers\Dxapi.sys
0x0D15A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004C0000 \SystemRoot\System32\TSDDD.dll
0x00600000 \SystemRoot\System32\cdd.dll
0x0D16D000 \SystemRoot\system32\drivers\luafv.sys
0x0FA06000 \SystemRoot\system32\drivers\spsys.sys
0x0FAA0000 \SystemRoot\system32\DRIVERS\packet.sys
0x0FAAD000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0FAC1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0FAD9000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0FAF9000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x0FB0F000 \SystemRoot\system32\drivers\HTTP.sys
0x0FBB2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0FBD0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0D18F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0118C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0D1B8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x10005000 \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
0x10036000 \SystemRoot\System32\Drivers\fastfat.SYS
0x1006B000 \SystemRoot\system32\drivers\peauth.sys
0x10121000 \SystemRoot\System32\Drivers\secdrv.SYS
0x1012C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x10155000 \SystemRoot\System32\drivers\tcpipreg.sys
0x10165000 \??\C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
0x101C6000 \SystemRoot\System32\DRIVERS\srv2.sys
0x11607000 \SystemRoot\System32\DRIVERS\srv.sys
0x1169A000 \SystemRoot\system32\drivers\mfeapfk.sys
0x116C0000 \SystemRoot\system32\drivers\cfwids.sys
0x116CF000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x777F0000 \Windows\System32\ntdll.dll
Processes (total 75):
0 System Idle Process
4 System
508 C:\Windows\System32\smss.exe
584 csrss.exe
672 C:\Windows\System32\wininit.exe
692 csrss.exe
728 C:\Windows\System32\services.exe
740 C:\Windows\System32\lsass.exe
748 C:\Windows\System32\lsm.exe
892 C:\Windows\System32\winlogon.exe
980 C:\Windows\System32\svchost.exe
272 C:\Windows\System32\svchost.exe
372 C:\Windows\System32\atiesrxx.exe
520 C:\Windows\System32\svchost.exe
556 C:\Windows\System32\svchost.exe
12 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\audiodg.exe
1048 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
1060 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\SLsvc.exe
1124 C:\Windows\System32\svchost.exe
1188 C:\Program Files\Dell\DellDock\DockLogin.exe
1244 C:\Windows\System32\svchost.exe
1388 WUDFHost.exe
1528 C:\Windows\System32\spoolsv.exe
1552 C:\Windows\System32\svchost.exe
1636 WUDFHost.exe
1704 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1744 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
1760 C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
1860 C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
1976 C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
2916 C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
2896 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
1912 C:\Windows\SysWOW64\PnkBstrA.exe
1932 C:\Windows\SysWOW64\PnkBstrB.exe
1804 C:\Windows\System32\svchost.exe
1788 C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
3372 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3396 C:\Windows\System32\taskeng.exe
3432 C:\Windows\System32\svchost.exe
3460 C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
3504 C:\Windows\System32\svchost.exe
3540 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3572 C:\Windows\System32\SearchIndexer.exe
3660 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
3732 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3768 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
4092 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
4876 C:\Windows\System32\atieclxx.exe
1884 C:\Windows\System32\dwm.exe
924 C:\Windows\explorer.exe
4820 C:\Windows\System32\taskeng.exe
5796 C:\Program Files\Alienware\AlienFX\AlienwareAlienFXController.exe
5804 C:\Program Files\Dell\XPS Thermal Monitor\ThermalApp.exe
5840 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
5888 C:\Windows\SysWOW64\svchost.exe
5904 C:\Windows\SysWOW64\rundll32.exe
5920 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
5940 C:\Program Files\McAfee.com\Agent\mcagent.exe
5980 C:\Program Files (x86)\Logitech\G35\G35.exe
5992 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4808 taskeng.exe
4604 C:\Windows\System32\SearchProtocolHost.exe
1292 C:\Program Files\Alienware\AlienFX\AlienFXHook32Mngr.exe
1356 C:\Program Files\Alienware\AlienFX\AlienFXHook64Mngr.exe
5092 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
5816 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
4828 C:\Windows\System32\svchost.exe
7164 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
6960 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
6224 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
6832 C:\Program Files\Common Files\McAfee\Core\mchost.exe
6168 C:\Windows\System32\SearchFilterHost.exe
6232 C:\Users\Matthew\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03f00000 (NTFS)
PhysicalDrive0 Model Number: HitachiHDS721075KLA3, Rev: GK8O
Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 RE: Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
-----------------------------------------------------------------------
Here is the log from ESET Online Scanner:
C:\Qoobox\Quarantine\C\Users\Matthew\AppData\Local\DataSafeOnline\Citrix\fvuldh.dll.vir a variant of Win32/Kryptik.AIZP trojan
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\z7yr9m7x.default\extensions\lnmdhusbuh@lnmdhusbuh.org.xpi JS/Redirector.NCA trojan
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Registry::
Registry::
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\z7yr9m7x.default\extensions\lnmdhusbuh@lnmdhusbuh.org"=-
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
After running Combofix with the script as specified, Internet Explorer is no longer being redirected. Firefox, however, is still being redirected at search engines.
Here is my Combofix log:
ComboFix 12-07-27.03 - Matthew 07/28/2012 16:22:55.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8180.6589 [GMT -5:00]
Running from: c:\users\Matthew\Desktop\ComboFix.exe
Command switches used :: c:\users\Matthew\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Spybot - Search and Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Matthew\AppData\Roaming\inst.exe
c:\users\Matthew\AppData\Roaming\vso_ts_preview.xml
c:\windows\SysWow64\rnaph.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 21:34 . 2012-07-28 21:34 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2012-07-28 21:34 . 2012-07-28 21:34 -------- d-----w- c:\users\Matthew\AppData\Local\temp
2012-07-28 21:34 . 2012-07-28 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-28 21:34 . 2012-07-28 21:34 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-28 04:24 . 2012-07-28 04:24 -------- d-----w- c:\program files (x86)\ESET
2012-07-27 19:21 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE257739-D8EC-4DC0-88EB-59839413F92E}\mpengine.dll
2012-07-27 13:51 . 2012-07-27 13:51 -------- d-----w- C:\_OTL
2012-07-26 13:30 . 2012-07-26 13:30 -------- d-----w- c:\users\Matthew\AppData\Roaming\QFX Software
2012-07-26 13:30 . 2012-07-26 13:30 -------- d-----w- c:\programdata\QFX Software
2012-07-26 13:30 . 2012-07-26 13:30 -------- d-----w- c:\program files (x86)\KeyScrambler
2012-07-26 13:30 . 2011-12-15 00:46 222904 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2012-07-26 04:12 . 2012-07-26 04:12 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-07-23 17:38 . 2010-05-26 15:39 6144 ----a-w- c:\windows\system32\4011.tmp
2012-07-23 17:36 . 2010-05-26 15:39 6144 ----a-w- c:\windows\system32\F23F.tmp
2012-07-23 13:35 . 2010-05-26 15:39 6144 ----a-w- c:\windows\system32\9924.tmp
2012-07-23 13:33 . 2010-05-26 15:39 6144 ----a-w- c:\windows\system32\4E4E.tmp
2012-07-23 13:33 . 2012-07-23 13:33 -------- d-----w- c:\program files (x86)\Sophos
2012-07-21 21:01 . 2012-07-21 21:01 -------- d-----w- c:\users\Matthew\AppData\Roaming\Ad-Aware Antivirus
2012-07-18 22:13 . 2012-07-18 22:15 -------- d-----w- c:\programdata\HitmanPro
2012-07-18 15:59 . 2012-07-18 18:15 -------- d-----w- c:\programdata\MFAData
2012-07-18 15:59 . 2012-07-18 15:59 -------- d--h--w- c:\programdata\Common Files
2012-07-18 13:41 . 2009-01-25 18:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2012-07-18 13:31 . 2012-07-18 13:31 -------- d-----w- c:\users\Matthew\AppData\Roaming\Safer Networking
2012-07-18 13:30 . 2012-07-18 13:30 -------- d-----w- c:\program files (x86)\Safer Networking
2012-07-17 17:30 . 2012-07-17 17:30 -------- d-----w- c:\program files (x86)\NoVirusThanks
2012-07-11 20:39 . 2012-07-11 20:39 -------- d-----w- c:\users\Matthew\AppData\Roaming\XRay Engine
2012-07-10 21:16 . 2012-06-05 16:22 974848 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 03:54 . 2012-03-29 12:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 03:54 . 2011-05-31 13:00 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 00:12 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-07-03 18:46 . 2009-09-04 00:37 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-23 23:25 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 23:26 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 23:26 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 23:26 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 23:25 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-23 23:25 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-23 23:25 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-23 23:26 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 23:25 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-23 23:25 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 20:19 . 2012-06-23 23:25 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:19 . 2012-06-23 23:25 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 20:15 . 2012-06-23 23:25 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 20:12 . 2012-06-23 23:25 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-05-31 17:25 . 2010-03-09 04:49 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-01 14:29 . 2012-06-13 19:17 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-27_20.43.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2012-07-27 20:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-07-28 21:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-07-28 21:03 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-07-27 20:19 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-07-28 21:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-07-27 20:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-07-28 21:05 92704 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-07-28 21:05 98934 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-05-19 21:41 . 2012-07-28 21:05 20908 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3991885356-2454324123-696889439-1000_UserData.bin
+ 2009-05-20 01:30 . 2012-07-28 18:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-05-20 01:30 . 2012-07-27 15:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-05-19 21:38 . 2012-07-28 21:03 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-19 21:38 . 2012-07-27 20:34 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-19 21:38 . 2012-07-27 20:34 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-19 21:38 . 2012-07-28 21:03 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-19 21:38 . 2012-07-28 21:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-19 21:38 . 2012-07-27 20:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-27 20:19 . 2012-07-27 20:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-28 21:03 . 2012-07-28 21:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-28 21:03 . 2012-07-28 21:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-27 20:19 . 2012-07-27 20:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-05-20 00:43 . 2012-07-27 20:19 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-05-20 00:43 . 2012-07-28 21:03 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-10-20 04:32 . 2012-07-28 20:12 374192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-10-20 04:32 . 2012-07-27 20:17 374192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-07-23 19:36 . 2012-07-27 20:09 4086392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-07-28 05:25 . 2012-07-28 20:12 4086392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-05-15 22:06 . 2012-07-28 05:25 4523168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3991885356-2454324123-696889439-1000-4096.dat
- 2011-05-15 22:06 . 2012-07-27 17:37 4523168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3991885356-2454324123-696889439-1000-4096.dat
+ 2011-03-03 22:13 . 2012-07-28 20:12 5720916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3991885356-2454324123-696889439-1000-12288.dat
- 2011-03-03 22:13 . 2012-07-27 17:37 5720916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3991885356-2454324123-696889439-1000-12288.dat
- 2010-10-20 04:32 . 2012-07-27 20:17 54924448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3991885356-2454324123-696889439-1000-8192.dat
+ 2010-10-20 04:32 . 2012-07-28 20:12 54924448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3991885356-2454324123-696889439-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XPS Thermal Monitor"="c:\program files\Dell\XPS Thermal Monitor\ThermalApp.exe" [2008-12-09 303104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"SPIRunE"="SPIRunE.dll" [2007-05-09 18432]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech blank Product Registration.lnk - c:\program files (x86)\Logitech\G35\eReg.exe [2008-2-13 493832]
.
c:\users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2012-07-18 17:41]
.
2012-07-18 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2012-07-18 17:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlienFX Controller"="c:\program files\Alienware\AlienFX\AlienwareAlienFXController.exe" [2008-10-29 79872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" [2009-02-17 361]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title = ShawneeLink
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MI1933~1\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\BfLLR.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FF9C67AB-5215-40DD-8C79-6340E99DF643}: NameServer = 216.240.66.19
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\z7yr9m7x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4011.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3991885356-2454324123-696889439-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:08,96,0f,24,78,e7,56,44,a0,07,fa,c7,5f,10,59,5d,bc,c6,6a,d6,13,2b,c2,
8f,aa,3e,ff,a4,66,76,11,5e,a9,a3,5e,90,04,9d,0c,f1,15,17,a5,a5,c9,53,de,43,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-3991885356-2454324123-696889439-1000\Software\SecuROM\License information*]
"datasecu"=hex:3c,f8,a4,de,0e,8b,9a,71,a5,43,ff,8f,55,6b,02,c7,ae,d9,3a,f8,79,
37,19,a1,b7,6d,c0,11,8d,d7,36,30,4c,1d,bf,21,bd,63,3d,38,78,ee,7a,52,48,ab,\
"rkeysecu"=hex:75,0a,ce,a6,a0,5f,8b,7b,42,5d,26,2b,f0,54,82,9c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2012-07-28 16:45:41
ComboFix-quarantined-files.txt 2012-07-28 21:45
ComboFix2.txt 2012-07-27 20:45
.
Pre-Run: 206,742,188,032 bytes free
Post-Run: 206,667,771,904 bytes free
.
- - End Of File - - B2002560CEDC4A1C4E2E4471C7EC0E28
Open Firefox and go to Tools > Options > Privacy Tab > Remove Individual Cookies> Remove all cookies
You need to enable windows to Show all Files and Folders
Instructions for your Operating System HERE (http://www.bleepingcomputer.com/tutorials/tutorial62.html)
Then go here
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\z7yr9m7x.default\extensions\lnmdhusbuh@lnmdhusbuh.org<--Delete this
Reboot and give Firefox another try
The hijacking has stopped on both Firefox and Internet Explorer :). Thank you so much for your help. I don't think I could have beaten this one without you.
I'll be standing by for further instructions and/or requests for final logs. :)
Good Morning,
Glad things are well for you again, nothing else to do, you look fine
Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.