Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Concerned I've been Hacked / Keylogged

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Concerned I've been Hacked / Keylogged

Unread postby faffy » September 5th, 2012, 2:48 pm

Hi all.

Firstly, I'm sorry I didn't respond to the other thread in time, I've been doing really long hours at work and just falling into bed when I get home. I tried to post a reply when I got home tonight but had just missed the 72 hour window :( If somebody could respond to me again I'll definitely get everything done in time (as it's weekend soon, hooray).

Basically, I'm a gamer and recently I received an authentic email from an online game (GW2) that somebody had been trying to log into my account from China (I live in the Netherlands).

I'm a bit concerned that maybe my PC's security has been compromised (I play a lot of online games) and that they have acquired my log-in details that way, so I've run Avira, HitmanPro, Spybot and nothing major was found that couldn't be "fixed", but I still want to be sure that my PC is ok before I change all my passwords to everything. Thanks in advance! Here's my logs:

DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Fa at 15:02:09 on 2012-09-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.6133.3618 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\osa.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\M-AudioTaskBarIcon64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\osaui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Vtune\TBPANEL.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Fa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Users\Fa\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
C:\Program Files (x86)\Belkin\Belkin Wireless USB Adapter Manager\WlanMonitor.exe
C:\Program Files (x86)\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\program files (x86)\avira\antivir desktop\avgnt.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.95\deploy\LoLLauncher.exe
C:\Windows\notepad.exe
C:\Users\Fa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.ask.com?o=15153&l=dis
uInternet Settings,ProxyServer = http=127.0.0.1:60788
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Google Update] "C:\Users\Fa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spotify Web Helper] "C:\Users\Fa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
uRun: [F.lux] "C:\Users\Fa\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [googletalk] C:\Users\Fa\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\Fa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\USBMAN~1.LNK - C:\Program Files (x86)\Belkin\Belkin Wireless USB Adapter Manager\WlanMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\TRENDnet\TEW-424UB\WlanCU.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{6CEDE28F-7660-42FD-B58F-845219B333F9} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{CBD387FD-1A93-406D-B306-1922AAC0BE91} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Fa\AppData\Roaming\Mozilla\Firefox\Profiles\32o1pgtr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.myfitnesspal.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60788
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Fa\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Fa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-30 8704]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-8-31 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-8-31 110032]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-8-15 86016]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-8-31 108392]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-8-21 366640]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2012-5-17 2079520]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-22 2348352]
R2 osubsvc;Microsoft Office 2010 Subscription Agent;C:\Program Files\Common Files\Microsoft Shared\OFFICE14\osa.exe [2011-11-16 607048]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-11-19 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S2 SwOffScheduler;Airytec Switch Off - Task Scheduler;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off\swoff.exe -service [?]
S2 SwOffWeb;Airytec Switch Off - Web Interface;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off\swoff.exe -service [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-3-23 79360]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]
S3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);C:\Windows\system32\DRIVERS\mausb.sys --> C:\Windows\system32\DRIVERS\mausb.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;C:\Windows\system32\DRIVERS\RTL8187B.sys --> C:\Windows\system32\DRIVERS\RTL8187B.sys [?]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-5-24 155320]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-3-26 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-31 20:24:51 -------- d-----w- C:\Program Files\HitmanPro
2012-08-31 20:24:28 -------- d-----w- C:\ProgramData\HitmanPro
2012-08-31 19:12:11 -------- d-----w- C:\Users\Fa\AppData\Roaming\Avira
2012-08-31 19:09:54 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-08-31 19:09:54 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-08-31 19:09:50 -------- d-----w- C:\ProgramData\Avira
2012-08-31 19:09:50 -------- d-----w- C:\Program Files (x86)\Avira
2012-08-31 18:56:15 388096 ----a-r- C:\Users\Fa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-31 18:56:14 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-08-31 18:50:48 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-31 18:50:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-31 18:43:27 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E808DB7C-E8B2-4AA0-BE4E-57920AED2C10}\mpengine.dll
2012-08-26 13:59:01 -------- d-----w- C:\Users\Fa\AppData\Roaming\Titanium
2012-08-21 15:37:17 -------- d-----w- C:\Program Files (x86)\Guild Wars 2
2012-08-16 17:34:48 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 20:12:04 788480 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 20:12:03 623616 ----a-w- C:\Windows\SysWow64\localspl.dll
2012-08-13 12:43:44 -------- d-----w- C:\Program Files (x86)\Wunderlist
2012-08-13 12:29:48 -------- d-----w- C:\Users\Fa\AppData\Local\assembly
2012-08-13 12:28:33 -------- d-----w- C:\Users\Fa\AppData\Local\TechSmith
.
==================== Find3M ====================
.
2012-07-21 20:59:16 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-06-28 03:28:35 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-28 03:21:17 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-28 03:20:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-28 03:16:25 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-28 03:12:35 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-28 00:27:12 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-28 00:19:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-28 00:18:16 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-28 00:12:08 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-28 00:07:44 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
.
============= FINISH: 15:02:50.44 ===============


Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 22/03/2010 14:11:02
System Uptime: 01/09/2012 13:07:17 (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P6T
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | LGA1366 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 65.306 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 68.845 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Multimedia Controller
Device ID: PCI\VEN_1131&DEV_7160&SUBSYS_00391822&REV_01\4&3009739E&0&0008
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_1131&DEV_7160&SUBSYS_00391822&REV_01\4&3009739E&0&0008
Service:
.
==== System Restore Points ===================
.
RP1644: 16/08/2012 19:24:10 - Windows Update
RP1646: 17/08/2012 17:06:29 - Scheduled Checkpoint
RP1648: 18/08/2012 14:44:23 - Scheduled Checkpoint
RP1649: 20/08/2012 21:01:02 - Sony PC Companion
RP1651: 21/08/2012 18:24:01 - Windows Update
RP1653: 22/08/2012 10:09:59 - Scheduled Checkpoint
RP1655: 24/08/2012 16:36:43 - Scheduled Checkpoint
RP1657: 25/08/2012 14:47:38 - Scheduled Checkpoint
RP1659: 26/08/2012 15:42:04 - Scheduled Checkpoint
RP1661: 28/08/2012 18:29:03 - Windows Update
RP1663: 29/08/2012 22:03:46 - Scheduled Checkpoint
RP1665: 31/08/2012 20:43:00 - Windows Update
RP1667: 31/08/2012 20:55:40 - Installed HiJackThis
RP1669: 01/09/2012 14:00:04 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.3
Apple Application Support
Apple Software Update
µTorrent
Avira Free Antivirus
Belkin Wireless Access Point Manager
Belkin Wireless USB Adapter Manager
Combined Community Codec Pack 2009-09-09
Creative Audio Control Panel
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Diablo III
DivX Setup
Dota 2
EPU-6 Engine
eReg
Express Gate
F.lux
Fast Track Pro
Fraps (remove only)
Futuremark SystemInfo
GOM Player + Ask Toolbar
GOM Player + Ask Toolbar Updater
Google Chrome
Google Talk (remove only)
Guild Wars 2
Hi-Rez Studios Authenticate and Update Service
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Iron Grip: Warlord
Java Auto Updater
Java(TM) 6 Update 31
JMicron JMB36X Driver
League of Legends
Logitech Vid
LOLReplay
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft Choice Guard
Microsoft Office File Validation Add-In
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox (3.6.20)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
PowerISO
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype™ 5.8
Smite Closed Beta
Snagit 10.0.2
Sony Ericsson Update Engine
Sony PC Companion 2.10.094
Sound Blaster Audigy
Spotify
Star Wars: The Old Republic
StarCraft II
Steam
TeamSpeak 3 Client
TRENDnet TEW-424UB Wireless USB 2.0 Adapter Vista Driver and Utility
TurboV
TweetDeck
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Visual C++ 9.0 CRT (x86) WinSXS MSM
Visual C++ 9.0 OpenMP (x86) WinSXS MSM
VLC media player 1.1.4
Vtune 7.3
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Wunderlist
.
==== Event Viewer Messages From Past Week ========
.
01/09/2012 13:08:31, Error: Service Control Manager [7000] - The TBPanel service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================
faffy
Active Member
 
Posts: 7
Joined: September 1st, 2012, 9:04 am
Advertisement
Register to Remove

Re: Concerned I've been Hacked / Keylogged

Unread postby askey127 » September 9th, 2012, 8:05 am

Hi faffy,
Since you are busy during the week, let's do a lot to get started.
-----------------------------------------------
Did you intentionally set this proxy server?
uInternet Settings,ProxyServer = http=127.0.0.1:60788
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program µTorrent in the removal instructions below, so we are not wasting our time.
If you have used this, and your computer is infected, you can be fairly confident this is a principal reason.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like µTorrent, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

µTorrent
GOM Player + Ask Toolbar
GOM Player + Ask Toolbar Updater
Java(TM) 6 Update 31

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://www.oracle.com/technetwork/java/javase/downloads/index.html, and install it to your computer.
Under Java Platform, Standard Edition, labeled Java SE 6 Update 35, click on the button labeled JRE Download. Do NOT choose the button labeled "JDK Download". If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license.
Select the link for your Platform, Windows x64 for 64-bit, and click it.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.

During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.
When it finishes, you can remove the Installer from your desktop.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator" to run it.
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.
---------------------------------------------------
So, In Your Reply, we will be looking for the following :
The contents of:
  • Answer to my question about the proxy server
  • log from TDSSKiller
  • OTL.txt
  • Extras.txt
Please feel free to use separate replies.
The Extras.txt file will only show up the very first time you run OTL.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Concerned I've been Hacked / Keylogged

Unread postby faffy » September 9th, 2012, 7:48 pm

Regarding the proxy, I'm really not sure if that was me or not. I'm not great at computers, and read something about installing a proxy so I could access a recipe website that was only accessible by UK citizens (I'm an expatriate). I couldn't get it to work, but don't think I ever uninstalled it because I didn't know how.... All I know is that I definitely didn't install it for / using uTorrent. But I know nothing about proxies so yeah... I'd rather be rid of it because I'm not using it anyway!

TDSSKiller Log (no threats found)

19:12:31.0287 3864 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:12:31.0521 3864 ============================================================
19:12:31.0521 3864 Current date / time: 2012/09/09 19:12:31.0521
19:12:31.0521 3864 SystemInfo:
19:12:31.0521 3864
19:12:31.0521 3864 OS Version: 6.0.6002 ServicePack: 2.0
19:12:31.0521 3864 Product type: Workstation
19:12:31.0521 3864 ComputerName: FREDDIE
19:12:31.0521 3864 UserName: Fa
19:12:31.0521 3864 Windows directory: C:\Windows
19:12:31.0521 3864 System windows directory: C:\Windows
19:12:31.0521 3864 Running under WOW64
19:12:31.0521 3864 Processor architecture: Intel x64
19:12:31.0521 3864 Number of processors: 8
19:12:31.0521 3864 Page size: 0x1000
19:12:31.0521 3864 Boot type: Normal boot
19:12:31.0521 3864 ============================================================
19:12:34.0616 3864 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:12:34.0625 3864 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:12:34.0637 3864 ============================================================
19:12:34.0637 3864 \Device\Harddisk0\DR0:
19:12:34.0641 3864 MBR partitions:
19:12:34.0641 3864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
19:12:34.0641 3864 \Device\Harddisk1\DR1:
19:12:34.0641 3864 MBR partitions:
19:12:34.0641 3864 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
19:12:34.0641 3864 ============================================================
19:12:34.0846 3864 C: <-> \Device\Harddisk1\DR1\Partition1
19:12:34.0955 3864 D: <-> \Device\Harddisk0\DR0\Partition1
19:12:34.0955 3864 ============================================================
19:12:34.0955 3864 Initialize success
19:12:34.0955 3864 ============================================================
01:33:05.0345 3904 ============================================================
01:33:05.0374 3904 Scan started
01:33:05.0374 3904 Mode: Manual;
01:33:05.0374 3904 ============================================================
01:33:08.0248 3904 ================ Scan system memory ========================
01:33:08.0248 3904 System memory - ok
01:33:08.0249 3904 ================ Scan services =============================
01:33:10.0266 3904 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
01:33:10.0387 3904 ACPI - ok
01:33:10.0448 3904 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
01:33:10.0449 3904 adfs - ok
01:33:10.0491 3904 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
01:33:10.0550 3904 adp94xx - ok
01:33:10.0582 3904 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
01:33:10.0590 3904 adpahci - ok
01:33:10.0607 3904 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
01:33:10.0613 3904 adpu160m - ok
01:33:10.0626 3904 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
01:33:10.0659 3904 adpu320 - ok
01:33:10.0713 3904 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:33:10.0714 3904 AeLookupSvc - ok
01:33:10.0908 3904 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
01:33:10.0955 3904 AFD - ok
01:33:11.0002 3904 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:33:11.0040 3904 agp440 - ok
01:33:11.0067 3904 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
01:33:11.0106 3904 aic78xx - ok
01:33:11.0148 3904 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
01:33:11.0154 3904 ALG - ok
01:33:11.0184 3904 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
01:33:11.0187 3904 aliide - ok
01:33:11.0205 3904 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
01:33:11.0209 3904 amdide - ok
01:33:11.0228 3904 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
01:33:11.0277 3904 AmdK8 - ok
01:33:12.0207 3904 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
01:33:12.0208 3904 AntiVirSchedulerService - ok
01:33:12.0239 3904 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
01:33:12.0241 3904 AntiVirService - ok
01:33:12.0280 3904 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
01:33:12.0282 3904 Appinfo - ok
01:33:12.0379 3904 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:33:12.0381 3904 Apple Mobile Device - ok
01:33:12.0398 3904 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
01:33:12.0437 3904 arc - ok
01:33:12.0471 3904 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
01:33:12.0478 3904 arcsas - ok
01:33:13.0223 3904 [ 8065A7659562005127673AC52898675F ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
01:33:13.0245 3904 AsIO - ok
01:33:13.0269 3904 [ EDABC3FA8F941D2047DA630E95E936C7 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
01:33:13.0271 3904 AsSysCtrlService - ok
01:33:13.0300 3904 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:33:13.0333 3904 AsyncMac - ok
01:33:13.0375 3904 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
01:33:13.0401 3904 atapi - ok
01:33:13.0458 3904 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:33:13.0464 3904 AudioEndpointBuilder - ok
01:33:13.0471 3904 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:33:13.0474 3904 AudioSrv - ok
01:33:13.0520 3904 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
01:33:13.0527 3904 avgntflt - ok
01:33:13.0559 3904 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
01:33:13.0562 3904 avipbb - ok
01:33:13.0596 3904 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
01:33:13.0602 3904 avkmgr - ok
01:33:13.0632 3904 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
01:33:13.0639 3904 BFE - ok
01:33:13.0694 3904 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
01:33:13.0796 3904 BITS - ok
01:33:13.0816 3904 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
01:33:13.0837 3904 blbdrive - ok
01:33:14.0156 3904 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:33:14.0244 3904 Bonjour Service - ok
01:33:14.0287 3904 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:33:14.0320 3904 bowser - ok
01:33:14.0368 3904 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
01:33:14.0398 3904 BrFiltLo - ok
01:33:14.0423 3904 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
01:33:14.0426 3904 BrFiltUp - ok
01:33:14.0458 3904 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
01:33:14.0459 3904 Browser - ok
01:33:14.0477 3904 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
01:33:14.0484 3904 Brserid - ok
01:33:14.0494 3904 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
01:33:14.0539 3904 BrSerWdm - ok
01:33:14.0565 3904 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
01:33:14.0589 3904 BrUsbMdm - ok
01:33:14.0618 3904 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
01:33:14.0645 3904 BrUsbSer - ok
01:33:14.0682 3904 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
01:33:14.0686 3904 BTHMODEM - ok
01:33:14.0722 3904 [ 2BD001601496AE87F7CB86F1FCD6F1EC ] Cardex C:\Windows\SysWOW64\drivers\TBPANELX64.SYS
01:33:14.0723 3904 Cardex - ok
01:33:14.0739 3904 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:33:14.0773 3904 cdfs - ok
01:33:14.0819 3904 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:33:14.0851 3904 cdrom - ok
01:33:14.0896 3904 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
01:33:14.0902 3904 CertPropSvc - ok
01:33:14.0930 3904 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
01:33:14.0965 3904 circlass - ok
01:33:15.0181 3904 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
01:33:15.0220 3904 CLFS - ok
01:33:15.0986 3904 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:33:16.0064 3904 clr_optimization_v2.0.50727_32 - ok
01:33:16.0164 3904 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:33:16.0170 3904 clr_optimization_v2.0.50727_64 - ok
01:33:16.0243 3904 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:33:16.0266 3904 clr_optimization_v4.0.30319_32 - ok
01:33:16.0301 3904 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:33:16.0304 3904 clr_optimization_v4.0.30319_64 - ok
01:33:16.0335 3904 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:33:16.0360 3904 cmdide - ok
01:33:16.0381 3904 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
01:33:16.0385 3904 Compbatt - ok
01:33:16.0388 3904 COMSysApp - ok
01:33:17.0187 3904 cpuz130 - ok
01:33:18.0214 3904 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
01:33:18.0275 3904 crcdisk - ok
01:33:18.0395 3904 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
01:33:18.0443 3904 Creative Audio Engine Licensing Service - ok
01:33:18.0498 3904 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:33:18.0500 3904 CryptSvc - ok
01:33:18.0648 3904 [ 69CDBA2B9C397E349A04FA70DD9170A2 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
01:33:18.0685 3904 CTAudSvcService - ok
01:33:18.0728 3904 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
01:33:18.0751 3904 DcomLaunch - ok
01:33:18.0771 3904 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:33:18.0773 3904 DfsC - ok
01:33:18.0852 3904 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
01:33:18.0882 3904 DFSR - ok
01:33:18.0927 3904 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
01:33:18.0931 3904 Dhcp - ok
01:33:18.0953 3904 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
01:33:18.0954 3904 disk - ok
01:33:19.0029 3904 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:33:19.0030 3904 Dnscache - ok
01:33:19.0054 3904 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
01:33:19.0061 3904 dot3svc - ok
01:33:19.0088 3904 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
01:33:19.0091 3904 DPS - ok
01:33:19.0108 3904 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:33:19.0110 3904 drmkaud - ok
01:33:19.0145 3904 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:33:19.0155 3904 DXGKrnl - ok
01:33:19.0176 3904 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
01:33:19.0182 3904 E1G60 - ok
01:33:19.0198 3904 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
01:33:19.0200 3904 EapHost - ok
01:33:19.0234 3904 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
01:33:19.0270 3904 Ecache - ok
01:33:19.0333 3904 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:33:19.0373 3904 ehRecvr - ok
01:33:19.0399 3904 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
01:33:19.0407 3904 ehSched - ok
01:33:19.0422 3904 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
01:33:19.0423 3904 ehstart - ok
01:33:19.0459 3904 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
01:33:19.0514 3904 elxstor - ok
01:33:19.0599 3904 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
01:33:19.0636 3904 EMDMgmt - ok
01:33:19.0662 3904 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:33:19.0665 3904 ErrDev - ok
01:33:19.0690 3904 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
01:33:19.0695 3904 EventSystem - ok
01:33:19.0721 3904 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
01:33:19.0727 3904 exfat - ok
01:33:19.0748 3904 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:33:19.0755 3904 fastfat - ok
01:33:19.0798 3904 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:33:19.0801 3904 fdc - ok
01:33:19.0823 3904 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
01:33:19.0824 3904 fdPHost - ok
01:33:19.0829 3904 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
01:33:19.0830 3904 FDResPub - ok
01:33:19.0838 3904 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:33:19.0879 3904 FileInfo - ok
01:33:19.0907 3904 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:33:19.0910 3904 Filetrace - ok
01:33:19.0915 3904 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:33:19.0918 3904 flpydisk - ok
01:33:19.0945 3904 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:33:19.0955 3904 FltMgr - ok
01:33:20.0065 3904 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
01:33:20.0077 3904 FontCache - ok
01:33:20.0213 3904 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:33:20.0294 3904 FontCache3.0.0.0 - ok
01:33:20.0337 3904 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:33:20.0338 3904 Fs_Rec - ok
01:33:20.0355 3904 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
01:33:20.0360 3904 gagp30kx - ok
01:33:20.0391 3904 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:33:20.0397 3904 GEARAspiWDM - ok
01:33:20.0462 3904 [ A4198F2BD8AA592CB90476277A81B5E1 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
01:33:20.0468 3904 ggflt - ok
01:33:20.0489 3904 [ D266350BDAAB9EB6C1AEC370EEAAFF3A ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
01:33:20.0489 3904 ggsemc - ok
01:33:20.0540 3904 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
01:33:20.0550 3904 gpsvc - ok
01:33:20.0582 3904 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:33:20.0616 3904 HdAudAddService - ok
01:33:20.0672 3904 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
01:33:20.0682 3904 HDAudBus - ok
01:33:20.0695 3904 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
01:33:20.0739 3904 HidBth - ok
01:33:20.0766 3904 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
01:33:20.0798 3904 HidIr - ok
01:33:20.0856 3904 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
01:33:20.0857 3904 hidserv - ok
01:33:20.0881 3904 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:33:20.0883 3904 HidUsb - ok
01:33:20.0940 3904 [ 8D1F00F4254C3EF428B715484940427C ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
01:33:20.0970 3904 HiPatchService - ok
01:33:21.0056 3904 [ 0926C3B5CBF64C88F432FF449B211807 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
01:33:21.0058 3904 HitmanProScheduler - ok
01:33:21.0083 3904 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
01:33:21.0085 3904 hkmsvc - ok
01:33:21.0105 3904 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
01:33:21.0132 3904 HpCISSs - ok
01:33:21.0175 3904 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:33:21.0259 3904 HTTP - ok
01:33:21.0288 3904 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
01:33:21.0319 3904 i2omp - ok
01:33:21.0350 3904 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
01:33:21.0354 3904 i8042prt - ok
01:33:21.0373 3904 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
01:33:21.0381 3904 iaStorV - ok
01:33:21.0452 3904 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:33:21.0522 3904 idsvc - ok
01:33:21.0550 3904 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
01:33:21.0554 3904 iirsp - ok
01:33:21.0581 3904 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
01:33:21.0587 3904 IKEEXT - ok
01:33:21.0638 3904 [ 46CB3ABE8150E7B181E86D4906DE17E8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:33:21.0658 3904 IntcAzAudAddService - ok
01:33:21.0686 3904 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
01:33:21.0712 3904 intelide - ok
01:33:21.0738 3904 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:33:21.0739 3904 intelppm - ok
01:33:21.0762 3904 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:33:21.0794 3904 IPBusEnum - ok
01:33:21.0829 3904 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:33:21.0833 3904 IpFilterDriver - ok
01:33:21.0866 3904 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:33:21.0875 3904 iphlpsvc - ok
01:33:21.0878 3904 IpInIp - ok
01:33:21.0890 3904 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
01:33:21.0896 3904 IPMIDRV - ok
01:33:21.0908 3904 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
01:33:21.0935 3904 IPNAT - ok
01:33:22.0004 3904 [ 4472C8825B5E41D8697D5962F47AB1C9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:33:22.0013 3904 iPod Service - ok
01:33:22.0029 3904 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:33:22.0061 3904 IRENUM - ok
01:33:22.0094 3904 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:33:22.0137 3904 isapnp - ok
01:33:22.0199 3904 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
01:33:22.0202 3904 iScsiPrt - ok
01:33:22.0217 3904 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
01:33:22.0222 3904 iteatapi - ok
01:33:22.0235 3904 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
01:33:22.0239 3904 iteraid - ok
01:33:22.0259 3904 [ DB85FE8D6CBAA2047CB4DA1B2C193D76 ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
01:33:22.0260 3904 JRAID - ok
01:33:22.0273 3904 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:33:22.0277 3904 kbdclass - ok
01:33:22.0299 3904 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:33:22.0302 3904 kbdhid - ok
01:33:22.0317 3904 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
01:33:22.0318 3904 KeyIso - ok
01:33:22.0339 3904 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:33:22.0345 3904 KSecDD - ok
01:33:22.0369 3904 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:33:22.0389 3904 ksthunk - ok
01:33:22.0507 3904 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
01:33:22.0533 3904 KtmRm - ok
01:33:22.0566 3904 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:33:22.0570 3904 LanmanServer - ok
01:33:22.0597 3904 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:33:22.0601 3904 LanmanWorkstation - ok
01:33:22.0750 3904 [ 7447F069CE66633DAFA0B2DEEE7AF5BA ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
01:33:22.0771 3904 LBTServ - ok
01:33:22.0813 3904 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
01:33:22.0813 3904 LGBusEnum - ok
01:33:22.0838 3904 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
01:33:22.0839 3904 LGVirHid - ok
01:33:22.0882 3904 [ 0A7D6ED578D85F0C35353424EE3F5245 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
01:33:22.0883 3904 LHidFilt - ok
01:33:22.0893 3904 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:33:22.0927 3904 lltdio - ok
01:33:23.0053 3904 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:33:23.0076 3904 lltdsvc - ok
01:33:23.0100 3904 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:33:23.0102 3904 lmhosts - ok
01:33:23.0116 3904 [ 6542E2E6DB58118FBB1B82A68CE3AFF9 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
01:33:23.0118 3904 LMouFilt - ok
01:33:23.0140 3904 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
01:33:23.0146 3904 LSI_FC - ok
01:33:23.0166 3904 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
01:33:23.0171 3904 LSI_SAS - ok
01:33:23.0180 3904 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
01:33:23.0186 3904 LSI_SCSI - ok
01:33:23.0203 3904 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
01:33:23.0237 3904 luafv - ok
01:33:23.0291 3904 [ DA3494DF01C62D821911ED91CE5E1642 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
01:33:23.0292 3904 LUsbFilt - ok
01:33:23.0318 3904 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
01:33:23.0319 3904 LVPr2M64 - ok
01:33:23.0321 3904 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
01:33:23.0321 3904 LVPr2Mon - ok
01:33:23.0344 3904 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
01:33:23.0364 3904 LVPrcS64 - ok
01:33:23.0413 3904 [ FC19046316B2899E794A0671B2817B4D ] MAUSBFTP C:\Windows\system32\DRIVERS\mausb.sys
01:33:23.0416 3904 MAUSBFTP - ok
01:33:23.0455 3904 [ 9C4FB231B6E02F84580DE2F00F3C5293 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
01:33:23.0456 3904 MBAMProtector - ok
01:33:23.0493 3904 [ 37036C07983EF1024B2FF3C28AAE5700 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:33:23.0497 3904 MBAMService - ok
01:33:23.0522 3904 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:33:23.0529 3904 Mcx2Svc - ok
01:33:23.0563 3904 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
01:33:23.0568 3904 megasas - ok
01:33:23.0660 3904 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
01:33:23.0721 3904 MegaSR - ok
01:33:23.0758 3904 Microsoft SharePoint Workspace Audit Service - ok
01:33:23.0785 3904 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
01:33:23.0800 3904 MMCSS - ok
01:33:23.0819 3904 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
01:33:23.0823 3904 Modem - ok
01:33:23.0840 3904 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:33:23.0841 3904 monitor - ok
01:33:23.0851 3904 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:33:23.0855 3904 mouclass - ok
01:33:23.0864 3904 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:33:23.0876 3904 mouhid - ok
01:33:23.0891 3904 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
01:33:23.0895 3904 MountMgr - ok
01:33:23.0910 3904 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
01:33:23.0917 3904 mpio - ok
01:33:23.0933 3904 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:33:23.0965 3904 mpsdrv - ok
01:33:24.0156 3904 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
01:33:24.0163 3904 MpsSvc - ok
01:33:24.0179 3904 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
01:33:24.0183 3904 Mraid35x - ok
01:33:24.0197 3904 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:33:24.0204 3904 MRxDAV - ok
01:33:24.0259 3904 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:33:24.0263 3904 mrxsmb - ok
01:33:24.0294 3904 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:33:24.0303 3904 mrxsmb10 - ok
01:33:24.0315 3904 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:33:24.0317 3904 mrxsmb20 - ok
01:33:24.0333 3904 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
01:33:24.0363 3904 msahci - ok
01:33:24.0392 3904 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:33:24.0398 3904 msdsm - ok
01:33:24.0421 3904 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
01:33:24.0452 3904 MSDTC - ok
01:33:24.0480 3904 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:33:24.0483 3904 Msfs - ok
01:33:24.0494 3904 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:33:24.0498 3904 msisadrv - ok
01:33:24.0524 3904 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:33:24.0529 3904 MSiSCSI - ok
01:33:24.0532 3904 msiserver - ok
01:33:24.0553 3904 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:33:24.0556 3904 MSKSSRV - ok
01:33:25.0187 3904 [ 47A616802531735DF88CD331739D6E97 ] msoidsvc C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
01:33:25.0206 3904 msoidsvc - ok
01:33:25.0212 3904 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:33:25.0214 3904 MSPCLOCK - ok
01:33:25.0229 3904 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:33:25.0231 3904 MSPQM - ok
01:33:25.0295 3904 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:33:25.0333 3904 MsRPC - ok
01:33:25.0360 3904 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
01:33:25.0366 3904 mssmbios - ok
01:33:25.0385 3904 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:33:25.0415 3904 MSTEE - ok
01:33:25.0462 3904 [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
01:33:25.0463 3904 MTsensor - ok
01:33:25.0471 3904 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
01:33:25.0477 3904 Mup - ok
01:33:25.0626 3904 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
01:33:25.0642 3904 napagent - ok
01:33:25.0686 3904 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:33:25.0715 3904 NativeWifiP - ok
01:33:25.0946 3904 [ B498A14133BD09AD0817590ACE4470AD ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
01:33:26.0014 3904 NBService - ok
01:33:26.0063 3904 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:33:26.0085 3904 NDIS - ok
01:33:26.0120 3904 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:33:26.0143 3904 NdisTapi - ok
01:33:26.0163 3904 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:33:26.0166 3904 Ndisuio - ok
01:33:26.0196 3904 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:33:26.0202 3904 NdisWan - ok
01:33:26.0216 3904 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:33:26.0244 3904 NDProxy - ok
01:33:26.0274 3904 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:33:26.0278 3904 NetBIOS - ok
01:33:26.0314 3904 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
01:33:26.0340 3904 netbt - ok
01:33:26.0361 3904 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
01:33:26.0362 3904 Netlogon - ok
01:33:26.0386 3904 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
01:33:26.0391 3904 Netman - ok
01:33:26.0406 3904 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
01:33:26.0411 3904 netprofm - ok
01:33:26.0435 3904 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:33:26.0468 3904 NetTcpPortSharing - ok
01:33:26.0507 3904 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
01:33:26.0512 3904 nfrd960 - ok
01:33:26.0674 3904 [ 85B9891151AD3C1BDBBF7D3F1082DC1A ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
01:33:26.0713 3904 NitroReaderDriverReadSpool2 - ok
01:33:26.0744 3904 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
01:33:26.0748 3904 NlaSvc - ok
01:33:27.0052 3904 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
01:33:27.0148 3904 NMIndexingService - ok
01:33:27.0238 3904 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:33:27.0307 3904 Npfs - ok
01:33:27.0322 3904 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
01:33:27.0324 3904 nsi - ok
01:33:27.0343 3904 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:33:27.0388 3904 nsiproxy - ok
01:33:27.0501 3904 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:33:27.0569 3904 Ntfs - ok
01:33:27.0600 3904 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
01:33:27.0603 3904 Null - ok
01:33:29.0639 3904 [ 0EB204639119370F5F8F2871FBF4E14B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:33:29.0895 3904 nvlddmkm - ok
01:33:30.0030 3904 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:33:30.0100 3904 nvraid - ok
01:33:30.0107 3904 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:33:30.0135 3904 nvstor - ok
01:33:30.0350 3904 [ 32FF8EE6DCEE5C0CB91FF892FB1CA364 ] nvsvc C:\Windows\system32\nvvsvc.exe
01:33:30.0380 3904 nvsvc - ok
01:33:30.0981 3904 [ BD012DC22C78BE1071BC21EB125D782F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
01:33:31.0019 3904 nvUpdatusService - ok
01:33:31.0048 3904 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:33:31.0081 3904 nv_agp - ok
01:33:31.0083 3904 NwlnkFlt - ok
01:33:31.0085 3904 NwlnkFwd - ok
01:33:31.0123 3904 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
01:33:31.0124 3904 ohci1394 - ok
01:33:31.0173 3904 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:33:31.0221 3904 ose64 - ok
01:33:32.0656 3904 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:33:32.0771 3904 osppsvc - ok
01:33:32.0997 3904 [ B902B01B7BC79FCF724D6E7447665270 ] osubsvc C:\Program Files\Common Files\Microsoft Shared\OFFICE14\osa.exe
01:33:33.0053 3904 osubsvc - ok
01:33:33.0098 3904 [ EDD1DCD36F6115ACC6935C3F88FF54D7 ] P17 C:\Windows\system32\drivers\P17.sys
01:33:33.0135 3904 P17 - ok
01:33:33.0189 3904 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
01:33:33.0205 3904 p2pimsvc - ok
01:33:33.0214 3904 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
01:33:33.0219 3904 p2psvc - ok
01:33:33.0244 3904 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
01:33:33.0274 3904 Parport - ok
01:33:33.0316 3904 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:33:33.0342 3904 partmgr - ok
01:33:33.0374 3904 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
01:33:33.0376 3904 PcaSvc - ok
01:33:33.0401 3904 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
01:33:33.0403 3904 pci - ok
01:33:33.0415 3904 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
01:33:33.0415 3904 pciide - ok
01:33:33.0436 3904 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
01:33:33.0444 3904 pcmcia - ok
01:33:33.0596 3904 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:33:33.0640 3904 PEAUTH - ok
01:33:33.0714 3904 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:33:33.0766 3904 PerfHost - ok
01:33:34.0116 3904 [ AE0B94363DA0F60D42B9D05B352F61ED ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS
01:33:34.0162 3904 PID_PEPI - ok
01:33:34.0208 3904 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
01:33:34.0228 3904 pla - ok
01:33:34.0266 3904 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:33:34.0271 3904 PlugPlay - ok
01:33:34.0288 3904 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
01:33:34.0293 3904 PNRPAutoReg - ok
01:33:34.0320 3904 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
01:33:34.0324 3904 PNRPsvc - ok
01:33:34.0340 3904 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:33:34.0372 3904 PolicyAgent - ok
01:33:34.0414 3904 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:33:34.0419 3904 PptpMiniport - ok
01:33:34.0445 3904 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
01:33:34.0450 3904 Processor - ok
01:33:34.0470 3904 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
01:33:34.0473 3904 ProfSvc - ok
01:33:34.0485 3904 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
01:33:34.0486 3904 ProtectedStorage - ok
01:33:34.0509 3904 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
01:33:34.0511 3904 PSched - ok
01:33:34.0594 3904 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
01:33:34.0655 3904 ql2300 - ok
01:33:34.0690 3904 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
01:33:34.0721 3904 ql40xx - ok
01:33:34.0766 3904 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
01:33:34.0802 3904 QWAVE - ok
01:33:34.0831 3904 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:33:34.0872 3904 QWAVEdrv - ok
01:33:34.0911 3904 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:33:34.0913 3904 RasAcd - ok
01:33:34.0936 3904 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
01:33:34.0942 3904 RasAuto - ok
01:33:34.0971 3904 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:33:35.0002 3904 Rasl2tp - ok
01:33:35.0033 3904 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
01:33:35.0038 3904 RasMan - ok
01:33:35.0068 3904 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:33:35.0072 3904 RasPppoe - ok
01:33:35.0083 3904 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:33:35.0087 3904 RasSstp - ok
01:33:35.0111 3904 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:33:35.0119 3904 rdbss - ok
01:33:35.0125 3904 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:33:35.0134 3904 RDPCDD - ok
01:33:35.0146 3904 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
01:33:35.0155 3904 rdpdr - ok
01:33:35.0157 3904 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:33:35.0160 3904 RDPENCDD - ok
01:33:35.0189 3904 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:33:35.0191 3904 RDPWD - ok
01:33:35.0216 3904 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:33:35.0222 3904 RemoteAccess - ok
01:33:35.0243 3904 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:33:35.0252 3904 RemoteRegistry - ok
01:33:35.0258 3904 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
01:33:35.0289 3904 RpcLocator - ok
01:33:35.0676 3904 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
01:33:35.0680 3904 RpcSs - ok
01:33:35.0776 3904 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:33:35.0811 3904 rspndr - ok
01:33:35.0840 3904 [ B263B3AEBCDE2210D1CC25756601B8EA ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
01:33:35.0844 3904 RTL8169 - ok
01:33:35.0883 3904 [ 739E2720AECC4C4AA41A35C9BDF10648 ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
01:33:35.0888 3904 RTL8187B - ok
01:33:35.0901 3904 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
01:33:35.0902 3904 SamSs - ok
01:33:35.0913 3904 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:33:35.0947 3904 sbp2port - ok
01:33:36.0027 3904 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:33:36.0047 3904 SCardSvr - ok
01:33:36.0081 3904 [ B2F50286DC82B93C013E3FC57BA1A956 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
01:33:36.0083 3904 SCDEmu - ok
01:33:36.0125 3904 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
01:33:36.0134 3904 Schedule - ok
01:33:36.0160 3904 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
01:33:36.0160 3904 SCPolicySvc - ok
01:33:36.0185 3904 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:33:36.0191 3904 SDRSVC - ok
01:33:36.0209 3904 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:33:36.0212 3904 secdrv - ok
01:33:36.0222 3904 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
01:33:36.0223 3904 seclogon - ok
01:33:36.0230 3904 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
01:33:36.0232 3904 SENS - ok
01:33:36.0250 3904 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
01:33:36.0253 3904 Serenum - ok
01:33:36.0266 3904 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
01:33:36.0299 3904 Serial - ok
01:33:36.0331 3904 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
01:33:36.0334 3904 sermouse - ok
01:33:36.0350 3904 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
01:33:36.0352 3904 SessionEnv - ok
01:33:36.0365 3904 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:33:36.0368 3904 sffdisk - ok
01:33:36.0379 3904 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:33:36.0382 3904 sffp_mmc - ok
01:33:36.0387 3904 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:33:36.0390 3904 sffp_sd - ok
01:33:36.0394 3904 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
01:33:36.0396 3904 sfloppy - ok
01:33:36.0421 3904 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:33:36.0430 3904 SharedAccess - ok
01:33:36.0462 3904 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:33:36.0467 3904 ShellHWDetection - ok
01:33:36.0487 3904 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
01:33:36.0492 3904 SiSRaid2 - ok
01:33:36.0501 3904 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
01:33:36.0506 3904 SiSRaid4 - ok
01:33:36.0739 3904 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
01:33:36.0822 3904 SkypeUpdate - ok
01:33:37.0220 3904 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
01:33:37.0244 3904 slsvc - ok
01:33:37.0269 3904 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
01:33:37.0323 3904 SLUINotify - ok
01:33:37.0362 3904 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:33:37.0391 3904 Smb - ok
01:33:37.0479 3904 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:33:37.0548 3904 SNMPTRAP - ok
01:33:37.0613 3904 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
01:33:37.0634 3904 Sony PC Companion - ok
01:33:37.0679 3904 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
01:33:37.0708 3904 spldr - ok
01:33:37.0753 3904 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
01:33:37.0757 3904 Spooler - ok
01:33:37.0787 3904 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
01:33:37.0792 3904 srv - ok
01:33:37.0818 3904 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:33:37.0820 3904 srv2 - ok
01:33:37.0831 3904 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:33:37.0834 3904 srvnet - ok
01:33:37.0859 3904 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:33:37.0862 3904 SSDPSRV - ok
01:33:37.0878 3904 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:33:37.0881 3904 SstpSvc - ok
01:33:37.0911 3904 Steam Client Service - ok
01:33:38.0151 3904 [ FC0A58529A02B1EED55DDC58696B7908 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:33:38.0190 3904 Stereo Service - ok
01:33:38.0300 3904 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
01:33:38.0327 3904 stisvc - ok
01:33:38.0375 3904 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
01:33:38.0410 3904 swenum - ok
01:33:38.0455 3904 SwOffScheduler - ok
01:33:38.0457 3904 SwOffWeb - ok
01:33:38.0489 3904 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
01:33:38.0496 3904 swprv - ok
01:33:38.0511 3904 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
01:33:38.0543 3904 Symc8xx - ok
01:33:38.0569 3904 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
01:33:38.0573 3904 Sym_hi - ok
01:33:38.0583 3904 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
01:33:38.0588 3904 Sym_u3 - ok
01:33:38.0896 3904 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
01:33:38.0944 3904 SysMain - ok
01:33:38.0983 3904 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:33:38.0985 3904 TabletInputService - ok
01:33:39.0016 3904 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:33:39.0021 3904 TapiSrv - ok
01:33:39.0023 3904 TBPanel - ok
01:33:39.0031 3904 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
01:33:39.0033 3904 TBS - ok
01:33:39.0190 3904 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:33:39.0213 3904 Tcpip - ok
01:33:39.0228 3904 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
01:33:39.0234 3904 Tcpip6 - ok
01:33:39.0254 3904 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:33:39.0258 3904 tcpipreg - ok
01:33:39.0341 3904 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:33:39.0442 3904 TDPIPE - ok
01:33:39.0484 3904 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:33:39.0487 3904 TDTCP - ok
01:33:39.0526 3904 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:33:39.0566 3904 tdx - ok
01:33:39.0664 3904 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
01:33:39.0702 3904 TermDD - ok
01:33:39.0924 3904 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
01:33:39.0943 3904 TermService - ok
01:33:39.0979 3904 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
01:33:39.0981 3904 Themes - ok
01:33:39.0991 3904 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
01:33:39.0992 3904 THREADORDER - ok
01:33:40.0104 3904 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
01:33:40.0148 3904 TrkWks - ok
01:33:40.0210 3904 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:33:40.0237 3904 TrustedInstaller - ok
01:33:40.0277 3904 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:33:40.0337 3904 tssecsrv - ok
01:33:40.0376 3904 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
01:33:40.0379 3904 tunmp - ok
01:33:40.0417 3904 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:33:40.0420 3904 tunnel - ok
01:33:40.0444 3904 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
01:33:40.0448 3904 uagp35 - ok
01:33:40.0604 3904 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:33:40.0665 3904 udfs - ok
01:33:40.0703 3904 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:33:40.0709 3904 UI0Detect - ok
01:33:40.0724 3904 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:33:40.0738 3904 uliagpkx - ok
01:33:40.0751 3904 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
01:33:40.0787 3904 uliahci - ok
01:33:40.0816 3904 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
01:33:40.0821 3904 UlSata - ok
01:33:40.0833 3904 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
01:33:40.0840 3904 ulsata2 - ok
01:33:40.0852 3904 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:33:40.0855 3904 umbus - ok
01:33:40.0872 3904 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
01:33:40.0877 3904 upnphost - ok
01:33:40.0901 3904 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
01:33:40.0905 3904 USBAAPL64 - ok
01:33:40.0937 3904 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
01:33:40.0942 3904 usbaudio - ok
01:33:40.0969 3904 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:33:40.0974 3904 usbccgp - ok
01:33:40.0994 3904 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:33:41.0000 3904 usbcir - ok
01:33:41.0024 3904 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:33:41.0027 3904 usbehci - ok
01:33:41.0135 3904 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:33:41.0149 3904 usbhub - ok
01:33:41.0198 3904 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
01:33:41.0227 3904 usbohci - ok
01:33:41.0250 3904 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
01:33:41.0253 3904 usbprint - ok
01:33:41.0281 3904 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:33:41.0313 3904 USBSTOR - ok
01:33:41.0350 3904 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
01:33:41.0412 3904 usbuhci - ok
01:33:41.0439 3904 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
01:33:41.0440 3904 UxSms - ok
01:33:41.0596 3904 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
01:33:41.0663 3904 vds - ok
01:33:41.0709 3904 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:33:41.0712 3904 vga - ok
01:33:41.0722 3904 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
01:33:41.0743 3904 VgaSave - ok
01:33:41.0761 3904 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
01:33:41.0765 3904 viaide - ok
01:33:41.0784 3904 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:33:41.0789 3904 volmgr - ok
01:33:41.0816 3904 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:33:41.0882 3904 volmgrx - ok
01:33:41.0958 3904 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:33:41.0980 3904 volsnap - ok
01:33:42.0025 3904 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
01:33:42.0060 3904 vsmraid - ok
01:33:42.0190 3904 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
01:33:42.0204 3904 VSS - ok
01:33:42.0237 3904 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
01:33:42.0242 3904 W32Time - ok
01:33:42.0258 3904 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
01:33:42.0262 3904 WacomPen - ok
01:33:42.0287 3904 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
01:33:42.0292 3904 Wanarp - ok
01:33:42.0294 3904 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:33:42.0295 3904 Wanarpv6 - ok
01:33:42.0310 3904 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:33:42.0324 3904 wcncsvc - ok
01:33:42.0338 3904 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:33:42.0343 3904 WcsPlugInService - ok
01:33:42.0373 3904 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
01:33:42.0396 3904 Wd - ok
01:33:42.0443 3904 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:33:42.0479 3904 Wdf01000 - ok
01:33:42.0513 3904 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:33:42.0515 3904 WdiServiceHost - ok
01:33:42.0517 3904 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:33:42.0519 3904 WdiSystemHost - ok
01:33:42.0529 3904 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
01:33:42.0533 3904 WebClient - ok
01:33:42.0560 3904 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:33:42.0568 3904 Wecsvc - ok
01:33:42.0571 3904 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:33:42.0577 3904 wercplsupport - ok
01:33:42.0583 3904 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
01:33:42.0616 3904 WerSvc - ok
01:33:42.0645 3904 WinDefend - ok
01:33:42.0648 3904 WinHttpAutoProxySvc - ok
01:33:43.0202 3904 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:33:43.0205 3904 Winmgmt - ok
01:33:43.0260 3904 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
01:33:43.0310 3904 WinRM - ok
01:33:43.0616 3904 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
01:33:43.0662 3904 Wlansvc - ok
01:33:43.0703 3904 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
01:33:43.0703 3904 WmiAcpi - ok
01:33:43.0734 3904 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:33:43.0786 3904 wmiApSrv - ok
01:33:43.0818 3904 WMPNetworkSvc - ok
01:33:43.0902 3904 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:33:43.0945 3904 WPCSvc - ok
01:33:43.0991 3904 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:33:44.0021 3904 WPDBusEnum - ok
01:33:44.0077 3904 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
01:33:44.0100 3904 WpdUsb - ok
01:33:44.0830 3904 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:33:44.0866 3904 WPFFontCache_v0400 - ok
01:33:44.0916 3904 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:33:44.0949 3904 ws2ifsl - ok
01:33:45.0034 3904 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
01:33:45.0093 3904 wscsvc - ok
01:33:45.0095 3904 WSearch - ok
01:33:45.0217 3904 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:33:45.0240 3904 wuauserv - ok
01:33:45.0274 3904 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:33:45.0279 3904 WUDFRd - ok
01:33:45.0302 3904 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:33:45.0304 3904 wudfsvc - ok
01:33:45.0310 3904 ================ Scan global ===============================
01:33:45.0331 3904 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
01:33:45.0362 3904 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
01:33:45.0382 3904 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
01:33:45.0419 3904 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
01:33:45.0454 3904 [Global] - ok
01:33:45.0454 3904 ================ Scan MBR ==================================
01:33:45.0466 3904 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
01:33:45.0633 3904 \Device\Harddisk0\DR0 - ok
01:33:45.0658 3904 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
01:33:47.0307 3904 \Device\Harddisk1\DR1 - ok
01:33:47.0307 3904 ================ Scan VBR ==================================
01:33:47.0310 3904 [ 9F0DF75F323DE1F8E31E09502F227A12 ] \Device\Harddisk0\DR0\Partition1
01:33:47.0341 3904 \Device\Harddisk0\DR0\Partition1 - ok
01:33:47.0369 3904 [ 7A7CA4FFCB6302277C717A6943705D55 ] \Device\Harddisk1\DR1\Partition1
01:33:47.0403 3904 \Device\Harddisk1\DR1\Partition1 - ok
01:33:47.0403 3904 ============================================================
01:33:47.0403 3904 Scan finished
01:33:47.0403 3904 ============================================================
01:33:47.0412 5300 Detected object count: 0
01:33:47.0412 5300 Actual detected object count: 0
01:35:36.0605 7008 Deinitialize success
faffy
Active Member
 
Posts: 7
Joined: September 1st, 2012, 9:04 am

Re: Concerned I've been Hacked / Keylogged

Unread postby faffy » September 9th, 2012, 7:49 pm

Extras.txt

OTL Extras logfile created on: 10/09/2012 01:39:10 - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Fa\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 4.16 Gb Available Physical Memory | 69.47% Memory free
12.18 Gb Paging File | 9.54 Gb Available in Paging File | 78.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 97.39 Gb Free Space | 20.91% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 46.55 Gb Free Space | 19.99% Space Free | Partition Type: NTFS
Drive F: | 477.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FREDDIE | User Name: Fa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = D7 E0 38 A0 01 20 CD 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AF5E647-7A38-494C-BC78-258606F25349}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1C582051-0129-450F-9F49-0B624AEB0F55}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2546F3D7-DE6B-42DD-9F3C-141FDC8914A0}" = rport=137 | protocol=17 | dir=out | app=system |
"{255DAA43-DCC9-4C9D-BA6E-3586E72DA013}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3B38AED0-4E21-4613-84FB-B42D0C681742}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{526F8D0E-0227-4579-B369-CEA1A9109E69}" = lport=139 | protocol=6 | dir=in | app=system |
"{5837FA39-1C14-406D-9B70-59B6EE3A6553}" = rport=445 | protocol=6 | dir=out | app=system |
"{598AE7DC-B38F-4126-84E0-11850EA1FE0E}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{6FB95B18-C9CB-4841-8795-10B319739998}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{74424CFC-0255-43F5-A969-9CF2E48289A9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{820E7868-F031-4249-9A59-FEB1A6E13BCC}" = lport=137 | protocol=17 | dir=in | app=system |
"{83F7FA6F-B7E6-457F-ADB3-C7030348130A}" = lport=445 | protocol=6 | dir=in | app=system |
"{927372C1-6F72-4E6E-AA22-94D31340D5E4}" = lport=138 | protocol=17 | dir=in | app=system |
"{994E6C1B-D53C-42C9-B32D-DE2B8F860948}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A190BBF2-53BE-48EC-AB2D-87BA10560817}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{A4DE248F-610E-4A44-A4DA-3348161112C8}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{B249C64F-E8CC-431C-B692-93B51F6009F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CE5CBD61-68F9-4121-AB98-9FF161EC53CD}" = rport=139 | protocol=6 | dir=out | app=system |
"{D845DF19-8FC5-4D62-B0EE-D17AE5E77E53}" = rport=138 | protocol=17 | dir=out | app=system |
"{D8F3D555-42CA-4FC8-9518-B98775935DB9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DF952C71-911A-4C38-AA5C-14B3C68C945A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E6570A5B-FB87-46B0-B63F-D5E39041E212}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FFB593CD-1B81-448C-8DE5-126D254A8825}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00515A28-999F-4D03-8188-E94F4CF84A2F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{01754602-2B96-4359-8E41-8F55CF2BE69A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{024D37AC-B3C7-454C-A892-B7CC2364B152}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{042EA9EB-F0D0-43C9-8000-40FDF6851C8B}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{0577387A-BDEE-4930-9BBA-2FC74F60B3F0}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{063A87F3-D6F9-4A13-9155-2F02C2832EC7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0762EA1A-0A11-43A8-A66A-7D1BED168840}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0891C716-E44F-4424-B324-AF07D51BD087}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0974970D-AF5A-41E3-9FA4-3E4B72AE5582}" = protocol=17 | dir=in | app=c:\users\fa\appdata\local\apps\2.0\eqddk25m.hcp\pn5412xq.1x8\curs..tion_eee711038731a406_0004.0000_1829574f2226d088\curseclient.exe |
"{0A16A18C-2515-45C3-A20F-2AC20B1FA043}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0B5A14AD-8668-4D92-A2C4-FD2ED7AF65EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0E7207C2-60B3-4551-8C29-E4DDD847D826}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{13DE9069-AA09-4BC0-AE2C-D6D0A23E036A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{151C8445-291F-4AF5-9917-495F5804546D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{15D1CA2A-D490-491B-8DC7-65FE83025E44}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{177EBBD7-C6AC-4836-843E-A5F2F0792F35}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{17BE6C91-B9C6-4BB3-BD2A-10D09C974AB3}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{17DAE964-C9ED-4139-87EA-E661C54D76BA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1885D901-0E32-4CF4-9F54-A906E6CAD220}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{189D3FE9-1C7D-48A9-B8DA-AE2AC943B5A5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{19B044EF-F66E-4008-A554-4D25F353172B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{19DFB378-D159-45F8-B02A-50058606A827}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1C501A90-908D-4C30-B437-27347BC2B4A3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{1C8CCFB0-0B81-450D-828A-C20BDD021D1F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1D830D41-0B06-479A-A170-868BBFC3460D}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{1DB698FF-0331-4179-A243-021B1950331A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{1FD51C2F-414E-4E0F-A2F2-85C3E49BC3C2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{210BA16E-A8E9-4C2B-9DAA-D766F7A80E74}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{21E03E13-A735-4E60-BFD7-86FB736F8123}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{2278EBEB-9AC7-4696-93B7-54CB952AF1D6}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{23F158DF-124C-41F0-9E82-A00961BEA037}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{24F60CAD-BF00-48C0-B097-B830AFD80106}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{274A20BC-8296-4EA1-BE5A-B2DECEF2053D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{27FCBF05-1108-442E-8844-AA970D517497}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2A5E499B-BD80-4338-9A9B-CCF06C2198A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2D02697B-3A7E-4B29-AE33-400D7096C960}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{2E98D5A0-DA05-4D74-BE79-4FE7333E5B0D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{31391812-ED13-40B6-A1BD-A5BCCF0A586B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{31B42771-B86C-4DFB-A2AA-D29A32877CCF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{333862F9-CE82-4076-A846-FB1CCF5A47C0}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{3452352C-01AE-4D2E-A7B2-40C378887FA3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{349E138B-A87B-46C9-A825-099BA0FD6675}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{34A98A43-AB7C-4194-863D-B2CCA3EF80D2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3513CF37-8EF4-45D4-AB99-207ADC0142DD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{359819F1-FF4E-4D6E-A9C0-38497A452073}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3760DB48-6F8B-4047-AA56-5AE5C6FDF392}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{3976D3A5-2E51-4351-AC7C-324C092BE25D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3B431B82-F198-42B4-8285-5500CA72F896}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{3BD1DEDF-9FF8-4A13-A431-51A21A72348E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3C70D7CC-6D17-4E3D-8CAB-85041F2CCE28}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3C83C76C-DD4D-4D3B-91E1-74100F873EDF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3CE37B03-5C5B-49B1-AB89-CD847728AC2D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3DB1034B-ACD8-4045-B084-37CA0A6CC4A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3E124372-ECC9-4E03-8324-ECB7DEE2473B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{40273E95-DB4D-46DC-86A0-AD16686613C6}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{4110CF52-E746-41F0-A818-2435400AA5B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{418580F0-A0E1-4796-906C-EF3254C4EA87}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4190301C-B877-4C2F-AA35-BE170B959559}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\iron grip warlord\igwarlord.exe |
"{424CDF27-156C-4718-A5BC-9FD36EBAD8DB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{44670089-9C30-47CC-83BF-8ACC555DD472}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{44F9F722-77E2-45E1-833C-6B673A37CED1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{46AAFECC-A193-4DF6-8342-156A598DF7D6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{47A7F3B4-E470-4D76-A535-46CD5C9AF34D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B0F9FB4-AF73-4C9E-B62A-498754800545}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B76D8F8-FC26-4E65-89EF-8F63D1CD1137}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{4E217654-D9AE-4D7D-BCB6-1B37442237F8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{54D0AA7C-B53A-432A-8C28-96046A7A23C5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{558FE07F-A69C-47CF-BD19-4187F0694C41}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{55933732-F545-4D54-A9E9-9AA5711DA438}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{57AE9FF0-1770-459E-BF69-AA7C30A50FEA}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{58216595-1529-4485-9C8D-7C6CA157BD1B}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{5A01680C-6B4E-40FF-87FA-A8FA6C85E28B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5E60EE19-977D-44AA-8CC9-6628E2A148DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5FA809A2-B7C4-4C0B-8467-DCB7C96EA5BB}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{5FBE3B94-8284-4B5F-B67A-CD1A6391E7DB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{617D9855-5FE4-4B10-A9B7-D3C42ADE4A20}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{636B150F-E521-492C-8828-6826CCFDAD19}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6576DE69-3E40-4713-9BE4-CEBD868374EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{65DC4CD7-AF8C-4FDA-9209-FE3B065FF927}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{671DCF7E-AA12-46DE-A82E-D0D031AF961E}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{6A524953-3985-4BB3-BB12-9575EFA67C36}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6ABBF4B1-A280-4AF8-B4FA-05EEB105B560}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{6BB00C7E-0D17-4468-845D-E2CD63F53E79}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6D0AB60A-4A18-41AE-B819-DC0F1A7412E0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{6D39AC55-0AA9-4949-B0BE-4F6926F535FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6E1421F5-06B8-425F-99CE-C0C573D5DFBC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6FF8C6B1-EAB6-401C-A4DE-7221FE0FAF4D}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{718E52A2-0B47-44E1-ACAD-73EBAE625DA9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7347D51B-D69B-43C7-8907-0BE6B7D6E67D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{784137F8-55F4-46D8-BEE6-165E27D50EA9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7A4147A6-4482-48DC-9034-3478002990F6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7AE2D7E5-6579-4C19-810E-A7CBB82E0F50}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7AEC52A2-CD15-405C-BFD5-F282A8BB2435}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{7DC44E97-E97B-410D-A17E-B776B89CC7E3}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{7FAE278B-B977-4111-A264-3586D219EC98}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{81862390-646F-4043-805B-5BEBD2217015}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{84032916-5959-4CB1-9D6D-B5B2163F3833}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{8457AEFC-06BD-4987-9440-0AC813A37B50}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{85F627F2-DE5C-4B44-BC6F-21754D1DEC85}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{866D2C26-3486-44A6-9E97-B3C6235133D8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{870413EF-F2BD-49BA-9657-8E65E086A2C0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{87F35D87-5D36-428F-929C-E6712A2CC6A9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8B1733DB-3BD1-45F4-A7CE-907C6E0C922B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8CBBA6F7-6073-4B46-872A-2BB0694C3B9D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{905BB2A5-9C9A-454E-A154-AA155A5B8CF6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{91F48A2F-DAD4-41CA-AB5A-18E9C200B89D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{92377D14-A5A3-435D-B68E-FFFBB6DDB779}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{92C81C82-6FCA-48F2-AF10-67EDC09CD6AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{93ECF4C1-3D33-452D-97A0-A17060E14024}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{9451BE0B-3BCA-46BE-A4C4-111B2B842965}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{95E2CBFF-C878-4C37-B905-B131BB9F9F95}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9897DCAA-4FFC-4622-9699-D1ABDC11880A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9B63CB37-B824-4BE4-921B-956BE5765CC1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9B7115C3-B560-49BB-9DCD-81CF45642619}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\iron grip warlord\dedicated server\igwarlord.exe |
"{9C569DF9-08C9-4204-9EE0-1CD95E14E7AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9CCE536B-773A-46D9-8865-43CC2DFA2C7E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9E44445F-6D5A-4541-80B5-9ED60CB1D5F8}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{9E83DDC2-9913-47ED-809A-BC36AC6DD7EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9FB4606D-74A5-44E9-9DE5-6EA8E004D0E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9FEE1B23-DA5D-46D7-A615-D39BE7711C24}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A07E6C63-1A2B-41BF-BCAA-DDF206A55DBA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A2CF09F8-12D8-44FE-845E-75A1AB17DBDC}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{A3AEC6FC-2894-489F-814F-FBEEF4BE9B99}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{A4279D9E-E909-4CD1-89B0-FBD3907DA8CB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A49E5C52-4B48-4DF0-81C8-0B51E9F8399A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A9F18D77-B491-4C57-A9C9-1E23CA047F0B}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{ABD9CB06-5A16-4C33-8958-BBD501FE9C04}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AC351F48-D436-4B2A-B87D-B3DEB505FA3A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ACB6A2E4-ED49-4B8C-93F1-9861A85183F6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{ACD56345-E5DE-4B82-8393-12B64DCEB289}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AEC94A67-37A8-4CE1-99F5-1EB76DA94930}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B11EC8E5-BB08-482E-BA63-73FD4352E61C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B356507A-E2F5-479E-9459-5F118E2B9582}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B48A01B9-84CB-4D91-B723-CA2E9376AE82}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B6D35ED0-6883-4BEF-8841-BAE35FD2E38D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B81EF561-43C5-44B3-83D9-287CA4562C04}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B9654727-B9CD-4D5B-B911-4E859B5DC161}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BA06BAF1-BE75-4585-9428-00099E22AFD7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BA94E854-1ACA-46FD-9581-01684051DCF0}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{BBB18404-F05F-4078-A88E-3E71F160FDEA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BE579870-4BC1-43A2-8960-5970EEB55FC3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BFC43D99-119C-4A4F-93D6-318A7BA294F8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C1FF57DE-4AEA-4D48-8CED-EEAC0093C626}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C300E8DA-788C-43CD-8700-8A0846821E96}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C331F14E-1836-4842-A893-9BE325098B08}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C5A0A4E5-9CEC-48DA-B12D-CCEB68DF9226}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C67F6EE7-3F02-4833-B6CB-2A0B8AA953FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C7166E36-FE3D-4FCA-A844-260B67F4377A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C8F32475-B1BC-41D5-8133-89985547A0DB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C955DAC3-CFF6-4618-B100-5E7BA29CCA49}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C98DA9CC-3C74-4A61-B402-0FEFCD371D02}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CA076DF2-4DB9-442F-97A2-980314917457}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CA377F79-C1BC-49AC-A8D0-EF74AF093E11}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CAE89902-BDDF-4C70-996D-A5C3BE991605}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{CBD07AC7-22E4-4998-907F-07B197C5EB93}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\iron grip warlord\igwarlord.exe |
"{CD7D57F0-604A-4EA2-A2AE-48C6C8B37F55}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D2640070-03A8-46A0-B763-6DD92183C5A8}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{D3BE7BC0-B0A2-4DA5-B260-22ACF2C3889C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D6E96E10-4034-43FE-AA4F-D139EAF69BC0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D7021A24-FC48-4DAC-B932-F0FB21B748D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D726C0EF-5835-434B-8D92-A9134A888794}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DAFCCC3E-7E77-493F-A1CB-B6B576A72463}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DB782EC7-BAAE-48BA-AA39-AC651C558D2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DC4EFFB9-55AB-4335-99B9-4A33592F39BB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DD6F4C9F-136B-40AD-A9F7-D1A6A0C852DC}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{E04532E6-10AF-4F01-9A89-084BDD119855}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E126918F-E731-4ECC-8086-4BB2B0177849}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E24FF136-7609-4B94-B6BA-F9B956265426}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E41DC564-3935-4603-8492-BDC40C20D20A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E4EA0430-9DA1-4820-8686-29AD22DCEDCD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{E4F56A0C-530F-47AC-9631-3301EF785940}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E50BA5F2-2F08-4BC0-A6ED-404E62F47C18}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\iron grip warlord\dedicated server\igwarlord.exe |
"{E573CE7F-3C63-41F9-B0DB-35457792FCF9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E59523CA-624F-4F42-8D0E-ADA67318D906}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{E635FA58-9C12-41F3-9DCA-6464A646E452}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{E6DA52DB-D766-44C5-8973-416485E71318}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EAF7178C-AEE2-473B-831F-E589D7F723FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EBE68CE2-3765-400B-9024-E40E860924CC}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{EBFDEA28-D76D-478F-A6AE-A8AFC466E268}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EC9F848C-33F9-48CB-AD7F-1822EF79FE87}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ED7FC7CF-42A9-4CD6-8EC2-7A80BC3A7C4A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EE179612-8BFE-43E1-85DB-7FC4E5A93B08}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{F0D0B746-94D0-44D1-A2AB-C8347C6D6FE3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F3130764-CD88-4EAF-9003-9FCF36DF806D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F36631A5-D92B-41FE-837A-ABF07A6FA08A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F6DF211F-5F85-4037-B9AC-0616F2F74C88}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F8DF7194-5745-4413-AB6C-36B1B19DCD7F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FB01B2C6-1787-422B-A494-7937DB79361B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FBD00CF2-47D0-413A-B599-E7DE5FE00C43}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FBD3A311-5E90-4CD1-9EAC-FA6527D1F9E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FD3406E1-E60B-4FA3-BE67-DDC91EC5BA02}" = protocol=6 | dir=in | app=c:\users\fa\appdata\local\apps\2.0\eqddk25m.hcp\pn5412xq.1x8\curs..tion_eee711038731a406_0004.0000_1829574f2226d088\curseclient.exe |
"{FDB885C1-8A8A-4088-8581-94958A814C7D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{05F6D1F4-6B13-4746-A8DD-75BDCE4EA817}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"TCP Query User{1622682B-1F91-4A5D-A6BD-CA0D9418645F}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"TCP Query User{1D4A66D7-A52E-4540-9D6B-1FF3B2726210}C:\users\fa\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\fa\appdata\local\temp\gw2.exe |
"TCP Query User{1F6E3E82-852C-4357-AE79-F18B091A7B81}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{304531A9-89B1-4893-9C75-B2D5B3BD0F8F}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{31D8B74A-2CF3-42C6-B16F-3E56F064A8D6}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{3C4F08FF-92AE-4E4F-8B7F-E7FEA2F28FF5}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{4584786A-646E-4B8F-8562-D9B777052F55}C:\users\fa\desktop\desk\winvnc.exe" = protocol=6 | dir=in | app=c:\users\fa\desktop\desk\winvnc.exe |
"TCP Query User{462FF7FB-FF0E-4D4A-9727-963EEDC39A91}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{463722A6-CB3E-45A1-A4F0-934F73B378FC}D:\mass effect 3\binaries\win32\masseffect3.exe" = protocol=6 | dir=in | app=d:\mass effect 3\binaries\win32\masseffect3.exe |
"TCP Query User{50FFB2C5-714B-46DC-8BB6-0246839D2587}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{834348FF-80C2-43E2-9766-0AE5F4F779E6}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"TCP Query User{909FAAFD-E99F-4369-8025-3B300B970E6D}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{911B7403-0D38-4A68-9047-D67AE75EC8B7}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{9DB08CF0-97EA-432E-A239-D5C138B1BE37}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{A0E666F2-D671-44B7-8193-5EAD0B6413FA}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{A4558F9C-B05A-4B49-B368-DCCFD724056F}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{A6205D11-048B-4973-9670-B6B43309352E}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{A7EA2808-A133-425B-9E0F-48F4DBE299B6}C:\users\fa\downloads\diablo-iii-setup-engb.exe" = protocol=6 | dir=in | app=c:\users\fa\downloads\diablo-iii-setup-engb.exe |
"TCP Query User{AC8EF66C-CF8E-4F33-B505-675B39A00226}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"TCP Query User{B0711D93-2B25-4E3C-A85C-69E1386A3FA3}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{BE9687CF-92E5-4138-8371-A208330D137E}C:\users\fa\desktop\desk\winvnc.exe" = protocol=6 | dir=in | app=c:\users\fa\desktop\desk\winvnc.exe |
"TCP Query User{C277B269-5909-412F-B272-EF12452B3EEF}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{C57BB59B-A0A6-4652-AF6C-3C7AA540BDC7}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"TCP Query User{D3127A92-B091-44D7-9340-89CDE1E68FA0}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{F4666E33-0550-4197-8DC4-054F00D25726}C:\users\fa\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\fa\appdata\roaming\spotify\spotify.exe |
"TCP Query User{FD37232D-2E61-40FC-ACC7-BC0FBF2C1631}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{09481F0F-ADFF-41E2-A929-D5AFF599F0C5}D:\mass effect 3\binaries\win32\masseffect3.exe" = protocol=17 | dir=in | app=d:\mass effect 3\binaries\win32\masseffect3.exe |
"UDP Query User{0EE9A7D8-3D3C-4D30-A4BC-7C8372F0C6EC}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{19527E29-7479-4AE7-AA5E-2AD466498526}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{1C938CFC-2E34-48D1-81B9-75BC6597839E}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"UDP Query User{2F56491C-8185-4C51-8EFA-23769A0A4D17}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{4AFDD906-8DE9-4D02-A3CE-F1B85CE85B8D}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{60EF7B19-BFC1-436E-A4FE-54EC85D1065E}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{7A863698-4434-4AF5-929C-139626087C82}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
"UDP Query User{7B2EE85F-C625-4E4C-BA2D-C051CB735158}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{7F9A11BB-49FB-4FAD-853D-DBF7328042F0}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |
"UDP Query User{8D6F7E31-5ACA-44EC-9E36-43A16E880754}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"UDP Query User{903A266A-FD3B-4F53-82A3-2A972FD9AC55}C:\users\fa\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\fa\appdata\roaming\spotify\spotify.exe |
"UDP Query User{9E0E7F6D-38A6-4CE9-8F4C-00DB8096A9D7}C:\users\fa\desktop\desk\winvnc.exe" = protocol=17 | dir=in | app=c:\users\fa\desktop\desk\winvnc.exe |
"UDP Query User{A02D7846-F344-453A-9ED2-E3D58633B55E}C:\users\fa\desktop\desk\winvnc.exe" = protocol=17 | dir=in | app=c:\users\fa\desktop\desk\winvnc.exe |
"UDP Query User{A5C64992-5D60-48F0-8C10-BF19211E8B58}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{AFCD82D8-8CE7-4EEE-BBCB-C4B9CF1B3EBA}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"UDP Query User{BD0A8FD2-1FF1-4FF2-9FD1-CC12C930ECC7}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{BD57F28D-5A17-417C-9979-748E02BB069D}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"UDP Query User{C20A0C78-FAC5-450B-AA21-E8CB7676BAF2}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"UDP Query User{D46945BF-C781-4A92-8FDF-6AD47303465C}C:\users\fa\downloads\diablo-iii-setup-engb.exe" = protocol=17 | dir=in | app=c:\users\fa\downloads\diablo-iii-setup-engb.exe |
"UDP Query User{DBAB0E2D-F276-4430-A372-DDB8A4CB9FEC}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{DC415F7B-9B2D-4962-93E3-EAB7A08B9FE2}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"UDP Query User{E0C73BA1-C0AB-442E-97AC-BDFFCB785BB1}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{E68A9B7C-5D31-45C1-8B78-C2C9AA9E8723}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{E9120977-2D68-442D-87E0-0BA15595D7CC}C:\users\fa\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\fa\appdata\local\temp\gw2.exe |
"UDP Query User{ECC1AA81-3B99-4A61-9910-2E0C74EA856D}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"UDP Query User{F8DD14B4-769A-4C6C-93C0-4F2AF1EC1131}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416035FF}" = Java(TM) 6 Update 35 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{46E637E2-AC34-4B45-B5DF-D20903A3DB61}" = Microsoft Online Services Sign-in Assistant
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6525B44C-36F1-433F-A465-710E9D544389}" = Nitro Reader 2
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSSUB_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSSUB_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSSUB_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSSUB_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSSUB_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSSUB_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSSUB_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSSUB_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSSUB_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSSUB_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSSUB_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSSUB_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSSUB_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSSUB_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSSUB_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSSUB_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSSUB_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSSUB_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0120-0409-1000-0000000FF1CE}" = Microsoft Office Office Subscription (English) 2010
"{91140000-011D-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus Subscription 2010
"{91140000-011D-0000-1000-0000000FF1CE}_Office14.PROPLUSSUB_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Airytec Switch Off" = Airytec Switch Off
"Defraggler" = Defraggler
"HitmanPro36" = HitmanPro 3.6
"Logitech Gaming Software" = Logitech Gaming Software 8.30
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Office14.PROPLUSSUB" = Microsoft Office Professional Plus 2010
"SP6" = Logitech SetPoint 6.1
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3031A053-DC97-4D03-9179-BF6F98F63FA2}" = Wunderlist
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite Closed Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D194E7-AEF9-4A9E-8620-8F3AE712E3F7}" = Snagit 10.0.2
"{966D16E5-742F-4F7D-A7EA-35875B43E777}" = Fast Track Pro
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0494B41-EBD7-4C0D-91B7-DC39741B27BB}" = Express Gate
"{A0B0BCE9-2994-36F2-BE66-D23C884372E8}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM
"{A2284436-0CA3-4880-B8D1-E79E64A46EB3}" = Belkin Wireless Access Point Manager
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA2EBBCC-4E3B-3442-865E-7BB3E9F45F0C}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AE35C8C9-9430-BB3F-2DE4-0092764BD67B}" = TweetDeck
"{B1BDEA80-95CE-4DFB-B9D3-DC800E7F87B4}" = TRENDnet TEW-424UB Wireless USB 2.0 Adapter Vista Driver and Utility
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C5828861-B97B-4037-995C-C65E9CC13A3B}" = Sound Blaster Audigy
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EB5BA578-FF7F-3863-8E53-7A003222B7FC}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{EB6C11E5-449C-3BA3-9086-80B18BCFF947}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudioCS" = Creative Audio Control Panel
"Avira AntiVir Desktop" = Avira Free Antivirus
"Belkin Wireless USB Adapter Manager" = Belkin Wireless USB Adapter Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX Setup
"Fraps" = Fraps (remove only)
"Guild Wars 2" = Guild Wars 2
"InstallShield_{B1BDEA80-95CE-4DFB-B9D3-DC800E7F87B4}" = TRENDnet TEW-424UB Wireless USB 2.0 Adapter Vista Driver and Utility
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Mozilla Firefox (3.6.20)" = Mozilla Firefox (3.6.20)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"RealPlayer 12.0" = RealPlayer
"Spotify" = Spotify
"StarCraft II" = StarCraft II
"Steam App 31700" = Iron Grip: Warlord
"Steam App 570" = Dota 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 1.1.4
"Vtune_is1" = Vtune 7.3
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3308803692-569414540-1019952755-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Flux" = F.lux
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 30/01/2012 13:44:19 | Computer Name = Freddie | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 30/01/2012 13:44:19 | Computer Name = Freddie | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 30/01/2012 13:44:22 | Computer Name = Freddie | Source = WinMgmt | ID = 10
Description =

Error - 30/01/2012 14:46:42 | Computer Name = Freddie | Source = Perflib | ID = 1008
Description =

Error - 30/01/2012 14:46:42 | Computer Name = Freddie | Source = Perflib | ID = 1010
Description =

Error - 30/01/2012 14:46:42 | Computer Name = Freddie | Source = Perflib | ID = 1008
Description =

Error - 30/01/2012 14:46:42 | Computer Name = Freddie | Source = Perflib | ID = 1008
Description =

Error - 30/01/2012 14:46:42 | Computer Name = Freddie | Source = Perflib | ID = 1008
Description =

Error - 30/01/2012 14:46:42 | Computer Name = Freddie | Source = Perflib | ID = 1008
Description =

Error - 30/01/2012 14:46:42 | Computer Name = Freddie | Source = Perflib | ID = 1008
Description =

[ Media Center Events ]
Error - 30/09/2010 21:43:24 | Computer Name = Freddie | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 07/10/2010 18:33:40 | Computer Name = Freddie | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 08/10/2010 21:04:48 | Computer Name = Freddie | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 06/11/2010 13:32:35 | Computer Name = Freddie | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 25/01/2011 12:29:14 | Computer Name = Freddie | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 04/02/2011 10:29:21 | Computer Name = Freddie | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 02/04/2011 09:52:01 | Computer Name = Freddie | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 28/04/2011 15:57:03 | Computer Name = Freddie | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 04/06/2011 20:50:35 | Computer Name = Freddie | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 16/06/2011 17:07:20 | Computer Name = Freddie | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 08/09/2012 05:51:02 | Computer Name = Freddie | Source = Service Control Manager | ID = 7000
Description =

Error - 09/09/2012 07:28:25 | Computer Name = Freddie | Source = Service Control Manager | ID = 7000
Description =

Error - 09/09/2012 07:31:38 | Computer Name = Freddie | Source = Service Control Manager | ID = 7009
Description =

Error - 09/09/2012 07:31:38 | Computer Name = Freddie | Source = Service Control Manager | ID = 7000
Description =

Error - 09/09/2012 07:34:11 | Computer Name = Freddie | Source = disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 09/09/2012 07:34:17 | Computer Name = Freddie | Source = disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 09/09/2012 10:17:52 | Computer Name = Freddie | Source = BROWSER | ID = 8032
Description =

Error - 09/09/2012 10:31:39 | Computer Name = Freddie | Source = EventLog | ID = 6008
Description = The previous system shutdown at 16:28:18 on 09/09/2012 was unexpected.

Error - 09/09/2012 10:33:23 | Computer Name = Freddie | Source = Service Control Manager | ID = 7000
Description =

Error - 09/09/2012 13:05:10 | Computer Name = Freddie | Source = Service Control Manager | ID = 7000
Description =


< End of report >
Last edited by faffy on September 9th, 2012, 7:53 pm, edited 1 time in total.
faffy
Active Member
 
Posts: 7
Joined: September 1st, 2012, 9:04 am

Re: Concerned I've been Hacked / Keylogged

Unread postby faffy » September 9th, 2012, 7:49 pm

OTL.txt

OTL logfile created on: 10/09/2012 01:39:10 - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Fa\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 4.16 Gb Available Physical Memory | 69.47% Memory free
12.18 Gb Paging File | 9.54 Gb Available in Paging File | 78.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 97.39 Gb Free Space | 20.91% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 46.55 Gb Free Space | 19.99% Space Free | Partition Type: NTFS
Drive F: | 477.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FREDDIE | User Name: Fa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/09 19:12:55 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Fa\Desktop\OTL.exe
PRC - [2012/09/09 13:29:47 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/08/31 21:13:52 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/08/31 21:13:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/08/31 21:13:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/08/27 21:00:31 | 001,193,176 | ---- | M] () -- C:\Users\Fa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/08/04 12:57:44 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/06/28 17:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2012/06/07 15:27:06 | 000,510,976 | ---- | M] (LOL Replay) -- C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
PRC - [2012/05/31 15:00:22 | 000,445,624 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2012/04/30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2012/03/01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/07/06 20:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/08/29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Fa\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/03/17 19:25:38 | 002,158,592 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
PRC - [2008/11/18 15:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/11/14 00:31:50 | 005,974,528 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
PRC - [2008/10/22 00:14:44 | 004,040,192 | ---- | M] () -- C:\Program Files\ASUS\TurboV\TurboV.exe
PRC - [2008/08/15 10:23:20 | 000,086,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
PRC - [2007/04/29 19:05:08 | 000,434,176 | ---- | M] () -- C:\Program Files (x86)\TRENDnet\TEW-424UB\WlanCU.exe
PRC - [2007/02/28 19:50:50 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SBAudigy\Volume Panel\VolPanlu.exe
PRC - [2001/09/28 19:18:18 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Belkin\Belkin Wireless USB Adapter Manager\WlanMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/09 13:29:43 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/09/09 13:29:28 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/09/09 13:29:27 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/09/09 13:29:27 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/09/09 13:29:27 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/08/30 04:58:45 | 000,442,392 | ---- | M] () -- C:\Users\Fa\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
MOD - [2012/08/30 04:58:44 | 012,237,336 | ---- | M] () -- C:\Users\Fa\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
MOD - [2012/08/30 04:58:42 | 003,997,720 | ---- | M] () -- C:\Users\Fa\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012/08/30 04:57:27 | 000,526,872 | ---- | M] () -- C:\Users\Fa\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll
MOD - [2012/08/30 04:57:26 | 000,104,984 | ---- | M] () -- C:\Users\Fa\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll
MOD - [2012/08/30 04:57:15 | 000,144,424 | ---- | M] () -- C:\Users\Fa\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012/08/30 04:57:13 | 000,266,792 | ---- | M] () -- C:\Users\Fa\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012/08/30 04:57:12 | 002,480,680 | ---- | M] () -- C:\Users\Fa\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2012/08/27 21:00:31 | 001,193,176 | ---- | M] () -- C:\Users\Fa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/07/05 15:51:10 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/07/05 15:50:39 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/07/05 15:50:24 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/07/05 15:50:12 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/07/05 15:49:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/07/05 15:48:42 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/07/05 15:48:27 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/07/05 15:48:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/07/05 13:01:02 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0b56e0ea0a4fca560a68607afae65ac9\System.Core.ni.dll
MOD - [2012/07/05 13:00:57 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/07/05 13:00:45 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/06/07 14:03:58 | 001,033,728 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\LOLUtils.dll
MOD - [2012/05/24 11:50:32 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012/04/30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2012/04/30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2012/03/20 15:17:16 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2012/03/16 12:51:02 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll
MOD - [2012/03/09 10:13:58 | 000,138,752 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll
MOD - [2012/02/13 09:53:50 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/09/14 15:01:00 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll
MOD - [2010/01/11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
MOD - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/08/29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Fa\Local Settings\Apps\F.lux\flux.exe
MOD - [2009/07/10 09:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/03/17 19:25:38 | 002,158,592 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2008/11/14 00:31:50 | 005,974,528 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
MOD - [2008/10/22 00:14:44 | 004,040,192 | ---- | M] () -- C:\Program Files\ASUS\TurboV\TurboV.exe
MOD - [2008/09/04 19:42:50 | 001,126,912 | ---- | M] () -- C:\Program Files\ASUS\TurboV\OcProfile.dll
MOD - [2008/08/21 17:19:50 | 000,126,976 | ---- | M] () -- C:\Program Files\ASUS\TurboV\TvOcLib.dll
MOD - [2008/04/15 12:07:34 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\AsSpindownTimeout.dll
MOD - [2007/04/29 19:05:08 | 000,434,176 | ---- | M] () -- C:\Program Files (x86)\TRENDnet\TEW-424UB\WlanCU.exe
MOD - [2006/01/10 10:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005/05/11 18:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\TurboV\pngio.dll
MOD - [2005/05/11 18:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\pngio.dll
MOD - [2001/09/28 19:18:18 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Belkin\Belkin Wireless USB Adapter Manager\WlanMonitor.exe
MOD - [1998/10/31 06:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBMANAGE.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/31 22:24:52 | 000,108,392 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2012/07/26 14:39:30 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2010/07/13 16:08:42 | 000,177,664 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffWeb)
SRV:64bit: - [2010/07/13 16:08:42 | 000,177,664 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffScheduler)
SRV:64bit: - [2010/05/06 11:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/01/21 04:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/09 13:29:47 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/31 21:13:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/08/31 21:13:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/12 15:16:56 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/03/01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/07/06 20:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/23 17:37:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/18 15:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/08/15 10:23:20 | 000,086,016 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe -- (AsSysCtrlService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/31 21:13:53 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/08/31 21:13:53 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/05/27 19:20:41 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012/05/27 19:20:41 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ggflt.sys -- (ggflt)
DRV:64bit: - [2012/02/29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/16 16:09:16 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/06 20:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/06/15 10:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/06/23 10:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/03/18 11:00:40 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2010/03/18 11:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 11:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/11/24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/10/16 08:44:56 | 001,309,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/10/01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 16:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/30 23:55:58 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2008/11/18 05:27:59 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2008/08/22 18:26:50 | 000,214,024 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mausb.sys -- (MAUSBFTP)
DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/07/23 20:26:08 | 000,340,000 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2006/11/01 09:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2007/03/16 12:11:20 | 000,015,648 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3308803692-569414540-1019952755-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com?o=15153&l=dis
IE - HKU\S-1-5-21-3308803692-569414540-1019952755-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3308803692-569414540-1019952755-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-3308803692-569414540-1019952755-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3308803692-569414540-1019952755-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_UK
IE - HKU\S-1-5-21-3308803692-569414540-1019952755-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3308803692-569414540-1019952755-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3308803692-569414540-1019952755-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60788


========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.myfitnesspal.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 60788
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fa\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fa\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Fa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/26 22:03:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/26 22:03:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/06 13:46:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/29 19:24:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/01 15:15:23 | 000,000,000 | ---D | M]

[2010/03/22 16:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fa\AppData\Roaming\Mozilla\Extensions
[2012/09/09 19:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fa\AppData\Roaming\Mozilla\Firefox\Profiles\32o1pgtr.default\extensions
[2011/01/04 12:19:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Fa\AppData\Roaming\Mozilla\Firefox\Profiles\32o1pgtr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/06 14:05:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Fa\AppData\Roaming\Mozilla\Firefox\Profiles\32o1pgtr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/22 20:20:02 | 000,002,429 | ---- | M] () -- C:\Users\Fa\AppData\Roaming\Mozilla\Firefox\Profiles\32o1pgtr.default\searchplugins\askcom.xml
[2011/01/28 18:08:34 | 000,012,703 | ---- | M] () -- C:\Users\Fa\AppData\Roaming\Mozilla\Firefox\Profiles\32o1pgtr.default\searchplugins\imdb.xml
[2012/05/07 12:46:33 | 000,004,873 | ---- | M] () -- C:\Users\Fa\AppData\Roaming\Mozilla\Firefox\Profiles\32o1pgtr.default\searchplugins\isohunt--bt-search.xml
[2010/06/27 10:52:21 | 000,001,597 | ---- | M] () -- C:\Users\Fa\AppData\Roaming\Mozilla\Firefox\Profiles\32o1pgtr.default\searchplugins\the-pirate-bay.xml
[2010/07/18 11:39:47 | 000,000,911 | ---- | M] () -- C:\Users\Fa\AppData\Roaming\Mozilla\Firefox\Profiles\32o1pgtr.default\searchplugins\thesauruscom.xml
[2010/03/23 22:01:44 | 000,001,546 | ---- | M] () -- C:\Users\Fa\AppData\Roaming\Mozilla\Firefox\Profiles\32o1pgtr.default\searchplugins\wowhead.xml
[2010/04/27 23:13:56 | 000,002,057 | ---- | M] () -- C:\Users\Fa\AppData\Roaming\Mozilla\Firefox\Profiles\32o1pgtr.default\searchplugins\youtube-video-search.xml
[2012/09/09 19:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/17 22:36:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012/02/26 20:56:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/24 19:23:02 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/07/24 19:23:02 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/07/24 19:23:02 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/07/24 19:23:02 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://100daysofslimmer.com/wp-admin/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://100daysofslimmer.com/wp-admin/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Fa\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Fa\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fa\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Fa\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Fa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Fa\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Fa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Anna Sui = C:\Users\Fa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjohejgigkmiclpgnilojffhiohcglib\3_0\
CHR - Extension: Google Search = C:\Users\Fa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: League of Legends Events = C:\Users\Fa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dilmjnllahlkpclmkcfmkgmplbdnekja\0.43_0\
CHR - Extension: DivX HiQ = C:\Users\Fa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: AdBlock = C:\Users\Fa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.42_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Fa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Fa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Gmail = C:\Users\Fa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-3308803692-569414540-1019952755-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-3308803692-569414540-1019952755-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TBIA] C:\Windows\SysNative\M-AudioTaskBarIcon64.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe ()
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3308803692-569414540-1019952755-1000..\Run: [F.lux] C:\Users\Fa\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-3308803692-569414540-1019952755-1000..\Run: [googletalk] C:\Users\Fa\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-3308803692-569414540-1019952755-1000..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-3308803692-569414540-1019952755-1000..\Run: [Spotify Web Helper] C:\Users\Fa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-3308803692-569414540-1019952755-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3308803692-569414540-1019952755-1000..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - HKU\S-1-5-21-3308803692-569414540-1019952755-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3308803692-569414540-1019952755-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Fa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-3308803692-569414540-1019952755-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CEDE28F-7660-42FD-B58F-845219B333F9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBD387FD-1A93-406D-B306-1922AAC0BE91}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Fa\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Fa\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/25 00:28:30 | 000,000,048 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d0e49a05-35b3-11df-ae41-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d0e49a05-35b3-11df-ae41-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Installer.exe -- [2008/06/25 00:28:30 | 001,264,912 | R--- | M] ()
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\OriginInstaller.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/09 19:13:01 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Fa\Desktop\OTL.exe
[2012/09/09 19:10:05 | 000,544,240 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\npdeployJava1.dll
[2012/09/09 19:10:05 | 000,525,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/09/09 19:10:05 | 000,191,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/09/09 19:10:05 | 000,172,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/09/09 19:10:05 | 000,172,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/09/09 19:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/09/09 19:08:59 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Fa\Desktop\tdsskiller.exe
[2012/09/06 11:12:30 | 000,029,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2012/09/06 11:12:30 | 000,017,936 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2012/09/06 11:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2012/09/06 11:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2012/09/06 11:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF
[2012/09/06 11:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF
[2012/09/06 11:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012/09/06 11:10:14 | 000,000,000 | ---D | C] -- C:\Users\Fa\AppData\Roaming\Winamp
[2012/09/06 11:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2012/09/06 11:10:14 | 000,000,000 | ---D | C] -- C:\Users\Fa\AppData\Roaming\OpenCandy
[2012/09/01 14:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/08/31 22:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/08/31 22:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/08/31 22:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/08/31 21:12:11 | 000,000,000 | ---D | C] -- C:\Users\Fa\AppData\Roaming\Avira
[2012/08/31 21:09:54 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/08/31 21:09:54 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/08/31 21:09:54 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/08/31 21:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/08/31 21:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/08/31 20:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/08/31 20:56:14 | 000,000,000 | ---D | C] -- C:\Users\Fa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/08/31 20:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/08/31 20:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/08/26 15:59:01 | 000,000,000 | ---D | C] -- C:\Users\Fa\AppData\Roaming\Titanium
[2012/08/21 17:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2012/08/21 17:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2012/08/21 17:35:34 | 000,000,000 | ---D | C] -- C:\Users\Fa\Documents\Guild Wars 2
[2012/08/16 19:35:17 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/16 19:35:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/16 19:35:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/16 19:35:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/16 19:35:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/16 19:35:15 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/16 19:35:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/16 19:35:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/16 19:35:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/16 19:35:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/16 19:35:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/16 19:35:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/16 19:35:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 22:12:04 | 000,788,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/15 22:12:03 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2012/08/15 22:11:55 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/13 14:45:41 | 000,000,000 | ---D | C] -- C:\Users\Fa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk
[2012/08/13 14:45:32 | 000,000,000 | ---D | C] -- C:\Users\Fa\AppData\Roaming\Google
[2012/08/13 14:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wunderlist
[2012/08/13 14:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wunderlist
[2012/08/13 14:30:03 | 000,000,000 | ---D | C] -- C:\Users\Fa\Documents\Snagit
[2012/08/13 14:29:48 | 000,000,000 | ---D | C] -- C:\Users\Fa\AppData\Local\assembly
[2012/08/13 14:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snagit 10
[2012/08/13 14:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2012/08/13 14:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2012/08/13 14:28:33 | 000,000,000 | ---D | C] -- C:\Users\Fa\AppData\Local\TechSmith
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Fa\AppData\Local\*.tmp files -> C:\Users\Fa\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/10 01:33:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3308803692-569414540-1019952755-1000UA.job
[2012/09/10 01:03:26 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/10 01:03:26 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 23:33:02 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3308803692-569414540-1019952755-1000Core.job
[2012/09/09 19:12:55 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Fa\Desktop\OTL.exe
[2012/09/09 19:09:36 | 000,191,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/09/09 19:09:36 | 000,172,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/09/09 19:09:36 | 000,172,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/09/09 19:09:35 | 000,544,240 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\npdeployJava1.dll
[2012/09/09 19:09:35 | 000,525,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/09/09 19:09:00 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Fa\Desktop\tdsskiller.exe
[2012/09/09 19:03:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/08 20:05:38 | 000,095,744 | ---- | M] () -- C:\Users\Fa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/08 20:03:33 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/08 20:03:33 | 000,608,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/08 20:03:33 | 000,108,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/07 20:22:38 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012/09/06 15:26:37 | 000,000,814 | ---- | M] () -- C:\Users\Fa\Desktop\Final Fantasy Soundtracks - Shortcut.lnk
[2012/09/06 11:10:37 | 000,000,842 | ---- | M] () -- C:\Users\Fa\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/09/06 11:10:37 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012/09/04 21:34:09 | 000,002,064 | ---- | M] () -- C:\Users\Fa\Desktop\Google Chrome.lnk
[2012/09/04 21:34:09 | 000,002,026 | ---- | M] () -- C:\Users\Fa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/01 14:56:48 | 000,002,553 | ---- | M] () -- C:\Users\Fa\Desktop\HiJackThis.lnk
[2012/09/01 14:50:26 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/31 22:24:52 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/08/31 22:17:02 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/31 21:13:53 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/08/31 21:13:53 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/08/24 14:57:42 | 000,051,212 | ---- | M] () -- C:\Users\Fa\Documents\pug.jpg
[2012/08/21 17:37:18 | 000,000,771 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012/08/17 16:17:57 | 002,978,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/16 21:17:55 | 000,501,382 | ---- | M] () -- C:\Users\Fa\Documents\kda jack.jpg
[2012/08/16 21:14:44 | 000,469,789 | ---- | M] () -- C:\Users\Fa\Documents\kda fa.jpg
[2012/08/16 21:14:43 | 000,436,635 | ---- | M] () -- C:\Users\Fa\Documents\kda stephen.jpg
[2012/08/13 14:43:48 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\Wunderlist.lnk
[2012/08/13 14:38:51 | 000,001,680 | ---- | M] () -- C:\Users\Fa\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Fa\AppData\Local\*.tmp files -> C:\Users\Fa\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/06 15:26:37 | 000,000,814 | ---- | C] () -- C:\Users\Fa\Desktop\Final Fantasy Soundtracks - Shortcut.lnk
[2012/09/06 11:12:18 | 000,001,884 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk
[2012/09/06 11:10:37 | 000,000,842 | ---- | C] () -- C:\Users\Fa\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/09/06 11:10:37 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012/08/31 22:24:52 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/08/31 21:10:14 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/31 20:56:14 | 000,002,553 | ---- | C] () -- C:\Users\Fa\Desktop\HiJackThis.lnk
[2012/08/24 14:57:41 | 000,051,212 | ---- | C] () -- C:\Users\Fa\Documents\pug.jpg
[2012/08/21 17:37:18 | 000,000,771 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012/08/16 21:17:33 | 000,501,382 | ---- | C] () -- C:\Users\Fa\Documents\kda jack.jpg
[2012/08/16 21:14:44 | 000,469,789 | ---- | C] () -- C:\Users\Fa\Documents\kda fa.jpg
[2012/08/16 21:14:21 | 000,436,635 | ---- | C] () -- C:\Users\Fa\Documents\kda stephen.jpg
[2012/08/13 14:43:48 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\Wunderlist.lnk
[2012/08/13 14:38:51 | 000,001,680 | ---- | C] () -- C:\Users\Fa\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2012/05/01 23:09:55 | 001,211,643 | ---- | C] () -- C:\Users\Fa\001.jpg
[2012/05/01 23:09:55 | 000,075,201 | ---- | C] () -- C:\Users\Fa\Stark.jpg
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/06/27 00:44:12 | 000,002,436 | ---- | C] () -- C:\Users\Fa\AppData\Roaming\6850.C56
[2010/11/05 18:00:09 | 000,024,226 | ---- | C] () -- C:\Users\Fa\AppData\Roaming\UserTile.png
[2010/10/17 12:25:21 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/27 23:18:40 | 000,167,536 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/03/26 00:55:56 | 000,095,744 | ---- | C] () -- C:\Users\Fa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/22 19:09:57 | 000,000,680 | ---- | C] () -- C:\Users\Fa\AppData\Local\d3d9caps.dat
[2010/03/22 15:14:20 | 000,000,732 | ---- | C] () -- C:\Users\Fa\AppData\Local\d3d9caps64.dat

========== LOP Check ==========

[2010/09/12 03:05:41 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\Airytec
[2011/03/05 23:13:33 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\Audacity
[2010/05/09 19:03:15 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\Leadertech
[2011/05/15 19:01:06 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\LolClient
[2012/05/24 09:57:41 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\LolClient2
[2012/09/06 11:10:17 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\OpenCandy
[2010/11/05 18:00:09 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\PeerNetworking
[2012/03/15 21:20:15 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\RayV
[2011/01/28 02:43:49 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\RIFT
[2012/09/09 16:27:51 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\Spotify
[2012/08/26 15:59:01 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\Titanium
[2012/06/18 01:04:24 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\TS3Client
[2010/09/27 23:17:40 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2012/02/26 18:22:27 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\Unity
[2010/04/30 12:37:55 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\WinAVI
[2012/09/09 19:02:08 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
faffy
Active Member
 
Posts: 7
Joined: September 1st, 2012, 9:04 am

Re: Concerned I've been Hacked / Keylogged

Unread postby askey127 » September 10th, 2012, 10:47 am

faffy,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    [2012/09/06 11:10:17 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\OpenCandy
    SRV:64bit: - [2012/08/31 22:24:52 | 000,108,392 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-3308803692-569414540-1019952755-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    IE - HKU\S-1-5-21-3308803692-569414540-1019952755-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3308803692-569414540-1019952755-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_UK
    IE - HKU\S-1-5-21-3308803692-569414540-1019952755-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com?o=15153&l=dis
    IE - HKU\S-1-5-21-3308803692-569414540-1019952755-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKU\S-1-5-21-3308803692-569414540-1019952755-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60788
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    [2010/03/22 20:20:02 | 000,002,429 | ---- | M] () -- C:\Users\Fa\AppData\Roaming\Mozilla\Firefox\Profiles\32o1pgtr.default\searchplugins\askcom.xml
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O3 - HKU\S-1-5-21-3308803692-569414540-1019952755-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
    O3 - HKU\S-1-5-21-3308803692-569414540-1019952755-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O33 - MountPoints2\K\Shell - "" = AutoRun
    O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\OriginInstaller.exe
    [2012/08/31 20:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/08/31 20:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2012/08/31 22:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
    [2012/08/31 22:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2 (64-bit)

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *LatestDLMgr.exe*
    
    :folderfind 
     *opencandy*
    
    :regfind
    opencandy /s
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Concerned I've been Hacked / Keylogged

Unread postby faffy » September 13th, 2012, 10:51 am

OTL log

OTL logfile created on: 13/09/2012 17:00:55 - Run 2
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Fa\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 3.86 Gb Available Physical Memory | 64.51% Memory free
12.09 Gb Paging File | 9.91 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 78.63 Gb Free Space | 16.88% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 46.55 Gb Free Space | 19.99% Space Free | Partition Type: NTFS
Drive F: | 477.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FREDDIE | User Name: Fa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/09 19:12:55 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Fa\Desktop\OTL.exe
PRC - [2012/09/09 13:29:47 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/08/31 21:13:52 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/08/31 21:13:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/08/31 21:13:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/08/27 21:00:31 | 001,193,176 | ---- | M] () -- C:\Users\Fa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/08/04 12:57:44 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/06/28 17:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2012/06/07 15:27:06 | 000,510,976 | ---- | M] (LOL Replay) -- C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
PRC - [2012/05/31 15:00:22 | 000,445,624 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2012/04/30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2012/03/01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/07/06 20:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/08/29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Fa\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/03/17 19:25:38 | 002,158,592 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
PRC - [2008/11/18 15:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/11/14 00:31:50 | 005,974,528 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
PRC - [2008/10/22 00:14:44 | 004,040,192 | ---- | M] () -- C:\Program Files\ASUS\TurboV\TurboV.exe
PRC - [2008/08/15 10:23:20 | 000,086,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
PRC - [2007/04/29 19:05:08 | 000,434,176 | ---- | M] () -- C:\Program Files (x86)\TRENDnet\TEW-424UB\WlanCU.exe
PRC - [2007/02/28 19:50:50 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SBAudigy\Volume Panel\VolPanlu.exe
PRC - [2001/09/28 19:18:18 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Belkin\Belkin Wireless USB Adapter Manager\WlanMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/09 13:29:43 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/09/09 13:29:28 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/09/09 13:29:27 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/09/09 13:29:27 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/09/09 13:29:27 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/08/27 21:00:31 | 001,193,176 | ---- | M] () -- C:\Users\Fa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/07/05 15:51:10 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/07/05 15:50:39 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/07/05 15:50:24 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/07/05 15:50:12 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/07/05 15:49:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/07/05 15:48:42 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/07/05 15:48:27 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/07/05 15:48:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/07/05 13:01:02 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0b56e0ea0a4fca560a68607afae65ac9\System.Core.ni.dll
MOD - [2012/07/05 13:00:57 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/07/05 13:00:45 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/06/07 14:03:58 | 001,033,728 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\LOLUtils.dll
MOD - [2012/05/24 11:50:32 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012/04/30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2012/04/30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2012/03/20 15:17:16 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2012/03/16 12:51:02 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll
MOD - [2012/03/09 10:13:58 | 000,138,752 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll
MOD - [2012/02/13 09:53:50 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/09/14 15:01:00 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll
MOD - [2010/01/11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
MOD - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/08/29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Fa\Local Settings\Apps\F.lux\flux.exe
MOD - [2009/07/10 09:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/03/17 19:25:38 | 002,158,592 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2008/11/14 00:31:50 | 005,974,528 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
MOD - [2008/10/22 00:14:44 | 004,040,192 | ---- | M] () -- C:\Program Files\ASUS\TurboV\TurboV.exe
MOD - [2008/09/04 19:42:50 | 001,126,912 | ---- | M] () -- C:\Program Files\ASUS\TurboV\OcProfile.dll
MOD - [2008/08/21 17:19:50 | 000,126,976 | ---- | M] () -- C:\Program Files\ASUS\TurboV\TvOcLib.dll
MOD - [2007/04/29 19:05:08 | 000,434,176 | ---- | M] () -- C:\Program Files (x86)\TRENDnet\TEW-424UB\WlanCU.exe
MOD - [2006/01/10 10:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005/05/11 18:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\TurboV\pngio.dll
MOD - [2005/05/11 18:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\pngio.dll
MOD - [2001/09/28 19:18:18 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Belkin\Belkin Wireless USB Adapter Manager\WlanMonitor.exe
MOD - [1998/10/31 06:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBMANAGE.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2012/07/26 14:39:30 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2010/07/13 16:08:42 | 000,177,664 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffWeb)
SRV:64bit: - [2010/07/13 16:08:42 | 000,177,664 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffScheduler)
SRV:64bit: - [2010/05/06 11:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/01/21 04:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/09 13:29:47 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/31 21:13:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/08/31 21:13:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/12 15:16:56 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/03/01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/01/18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/07/06 20:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/23 17:37:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/18 15:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/08/15 10:23:20 | 000,086,016 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe -- (AsSysCtrlService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/31 21:13:53 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/08/31 21:13:53 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/05/27 19:20:41 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012/05/27 19:20:41 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ggflt.sys -- (ggflt)
DRV:64bit: - [2012/02/29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/16 16:09:16 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/06 20:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/06/15 10:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/06/23 10:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/03/18 11:00:40 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2010/03/18 11:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 11:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/11/24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/10/16 08:44:56 | 001,309,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/10/01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 16:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/30 23:55:58 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2008/11/18 05:27:59 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2008/08/22 18:26:50 | 000,214,024 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mausb.sys -- (MAUSBFTP)
DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/07/23 20:26:08 | 000,340,000 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2006/11/01 09:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2007/03/16 12:11:20 | 000,015,648 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.myfitnesspal.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 60788
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fa\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fa\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Fa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/26 22:03:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/26 22:03:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/06 13:46:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/29 19:24:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/01 15:15:23 | 000,000,000 | ---D | M]

[2010/03/22 16:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fa\AppData\Roaming\Mozilla\Extensions
[2012/09/09 19:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fa\AppData\Roaming\Mozilla\Firefox\Profiles\32o1pgtr.default\extensions
[2011/01/04 12:19:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Fa\AppData\Roaming\Mozilla\Firefox\Profiles\32o1pgtr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/06 14:05:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Fa\AppData\Roaming\Mozilla\Firefox\Profiles\32o1pgtr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/01/28 18:08:34 | 000,012,703 | ---- | M] () -- C:\Users\Fa\AppData\Roaming\Mozilla\Firefox\Profiles\32o1pgtr.default\searchplugins\imdb.xml
[2012/05/07 12:46:33 | 000,004,873 | ---- | M] () -- C:\Users\Fa\AppData\Roaming\Mozilla\Firefox\Profiles\32o1pgtr.default\searchplugins\isohunt--bt-search.xml
[2010/06/27 10:52:21 | 000,001,597 | ---- | M] () -- C:\Users\Fa\AppData\Roaming\Mozilla\Firefox\Profiles\32o1pgtr.default\searchplugins\the-pirate-bay.xml
[2010/07/18 11:39:47 | 000,000,911 | ---- | M] () -- C:\Users\Fa\AppData\Roaming\Mozilla\Firefox\Profiles\32o1pgtr.default\searchplugins\thesauruscom.xml
[2010/03/23 22:01:44 | 000,001,546 | ---- | M] () -- C:\Users\Fa\AppData\Roaming\Mozilla\Firefox\Profiles\32o1pgtr.default\searchplugins\wowhead.xml
[2010/04/27 23:13:56 | 000,002,057 | ---- | M] () -- C:\Users\Fa\AppData\Roaming\Mozilla\Firefox\Profiles\32o1pgtr.default\searchplugins\youtube-video-search.xml
[2012/09/09 19:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/17 22:36:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012/02/26 20:56:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/24 19:23:02 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/07/24 19:23:02 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/07/24 19:23:02 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/07/24 19:23:02 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://100daysofslimmer.com/wp-admin/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://100daysofslimmer.com/wp-admin/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Fa\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Fa\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fa\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Fa\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Fa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Fa\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Fa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Anna Sui = C:\Users\Fa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjohejgigkmiclpgnilojffhiohcglib\3_0\
CHR - Extension: Google Search = C:\Users\Fa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: League of Legends Events = C:\Users\Fa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dilmjnllahlkpclmkcfmkgmplbdnekja\0.43_0\
CHR - Extension: DivX HiQ = C:\Users\Fa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: AdBlock = C:\Users\Fa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.43_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Fa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Fa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Gmail = C:\Users\Fa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TBIA] C:\Windows\SysNative\M-AudioTaskBarIcon64.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe ()
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [F.lux] C:\Users\Fa\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [googletalk] C:\Users\Fa\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Fa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - Startup: C:\Users\Fa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CEDE28F-7660-42FD-B58F-845219B333F9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBD387FD-1A93-406D-B306-1922AAC0BE91}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Fa\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Fa\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/25 00:28:30 | 000,000,048 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d0e49a05-35b3-11df-ae41-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d0e49a05-35b3-11df-ae41-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Installer.exe -- [2008/06/25 00:28:30 | 001,264,912 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/13 16:52:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/13 00:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012/09/13 00:19:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2012/09/09 19:13:01 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Fa\Desktop\OTL.exe
[2012/09/09 19:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/09/09 19:08:59 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Fa\Desktop\tdsskiller.exe
[2012/09/06 11:12:30 | 000,029,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2012/09/06 11:12:30 | 000,017,936 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2012/09/06 11:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2012/09/06 11:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2012/09/06 11:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF
[2012/09/06 11:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF
[2012/09/06 11:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012/09/06 11:10:14 | 000,000,000 | ---D | C] -- C:\Users\Fa\AppData\Roaming\Winamp
[2012/09/06 11:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2012/09/01 14:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/08/31 22:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/08/31 21:12:11 | 000,000,000 | ---D | C] -- C:\Users\Fa\AppData\Roaming\Avira
[2012/08/31 21:09:54 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/08/31 21:09:54 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/08/31 21:09:54 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/08/31 21:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/08/31 21:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/08/31 20:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/08/31 20:56:14 | 000,000,000 | ---D | C] -- C:\Users\Fa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/08/26 15:59:01 | 000,000,000 | ---D | C] -- C:\Users\Fa\AppData\Roaming\Titanium
[2012/08/21 17:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2012/08/21 17:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2012/08/21 17:35:34 | 000,000,000 | ---D | C] -- C:\Users\Fa\Documents\Guild Wars 2
[1 C:\Users\Fa\AppData\Local\*.tmp files -> C:\Users\Fa\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/13 16:57:25 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/13 16:57:25 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/13 16:57:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/13 16:33:04 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3308803692-569414540-1019952755-1000UA.job
[2012/09/13 00:19:23 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/09/12 23:33:01 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3308803692-569414540-1019952755-1000Core.job
[2012/09/11 20:19:23 | 000,098,304 | ---- | M] () -- C:\Users\Fa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/09 19:12:55 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Fa\Desktop\OTL.exe
[2012/09/09 19:09:00 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Fa\Desktop\tdsskiller.exe
[2012/09/08 20:03:33 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/08 20:03:33 | 000,608,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/08 20:03:33 | 000,108,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/06 15:26:37 | 000,000,814 | ---- | M] () -- C:\Users\Fa\Desktop\Final Fantasy Soundtracks - Shortcut.lnk
[2012/09/06 11:10:37 | 000,000,842 | ---- | M] () -- C:\Users\Fa\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/09/06 11:10:37 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012/09/04 21:34:09 | 000,002,064 | ---- | M] () -- C:\Users\Fa\Desktop\Google Chrome.lnk
[2012/09/04 21:34:09 | 000,002,026 | ---- | M] () -- C:\Users\Fa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/01 14:56:48 | 000,002,553 | ---- | M] () -- C:\Users\Fa\Desktop\HiJackThis.lnk
[2012/09/01 14:50:26 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/31 22:24:52 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/08/31 22:17:02 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/31 21:13:53 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/08/31 21:13:53 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/08/24 14:57:42 | 000,051,212 | ---- | M] () -- C:\Users\Fa\Documents\pug.jpg
[2012/08/21 17:37:18 | 000,000,771 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012/08/17 16:17:57 | 002,978,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/16 21:17:55 | 000,501,382 | ---- | M] () -- C:\Users\Fa\Documents\kda jack.jpg
[2012/08/16 21:14:44 | 000,469,789 | ---- | M] () -- C:\Users\Fa\Documents\kda fa.jpg
[2012/08/16 21:14:43 | 000,436,635 | ---- | M] () -- C:\Users\Fa\Documents\kda stephen.jpg
[1 C:\Users\Fa\AppData\Local\*.tmp files -> C:\Users\Fa\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/13 00:19:16 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/09/06 15:26:37 | 000,000,814 | ---- | C] () -- C:\Users\Fa\Desktop\Final Fantasy Soundtracks - Shortcut.lnk
[2012/09/06 11:12:18 | 000,001,884 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk
[2012/09/06 11:10:37 | 000,000,842 | ---- | C] () -- C:\Users\Fa\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/09/06 11:10:37 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012/08/31 22:24:52 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/08/31 21:10:14 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/31 20:56:14 | 000,002,553 | ---- | C] () -- C:\Users\Fa\Desktop\HiJackThis.lnk
[2012/08/24 14:57:41 | 000,051,212 | ---- | C] () -- C:\Users\Fa\Documents\pug.jpg
[2012/08/21 17:37:18 | 000,000,771 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012/08/16 21:17:33 | 000,501,382 | ---- | C] () -- C:\Users\Fa\Documents\kda jack.jpg
[2012/08/16 21:14:44 | 000,469,789 | ---- | C] () -- C:\Users\Fa\Documents\kda fa.jpg
[2012/08/16 21:14:21 | 000,436,635 | ---- | C] () -- C:\Users\Fa\Documents\kda stephen.jpg
[2012/05/01 23:09:55 | 001,211,643 | ---- | C] () -- C:\Users\Fa\001.jpg
[2012/05/01 23:09:55 | 000,075,201 | ---- | C] () -- C:\Users\Fa\Stark.jpg
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/06/27 00:44:12 | 000,002,436 | ---- | C] () -- C:\Users\Fa\AppData\Roaming\6850.C56
[2010/11/05 18:00:09 | 000,024,226 | ---- | C] () -- C:\Users\Fa\AppData\Roaming\UserTile.png
[2010/10/17 12:25:21 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/27 23:18:40 | 000,167,536 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/03/26 00:55:56 | 000,098,304 | ---- | C] () -- C:\Users\Fa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/22 19:09:57 | 000,000,680 | ---- | C] () -- C:\Users\Fa\AppData\Local\d3d9caps.dat
[2010/03/22 15:14:20 | 000,000,732 | ---- | C] () -- C:\Users\Fa\AppData\Local\d3d9caps64.dat

========== LOP Check ==========

[2010/09/12 03:05:41 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\Airytec
[2011/03/05 23:13:33 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\Audacity
[2010/05/09 19:03:15 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\Leadertech
[2011/05/15 19:01:06 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\LolClient
[2012/05/24 09:57:41 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\LolClient2
[2010/11/05 18:00:09 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\PeerNetworking
[2012/03/15 21:20:15 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\RayV
[2011/01/28 02:43:49 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\RIFT
[2012/09/09 16:27:51 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\Spotify
[2012/08/26 15:59:01 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\Titanium
[2012/06/18 01:04:24 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\TS3Client
[2010/09/27 23:17:40 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2012/02/26 18:22:27 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\Unity
[2010/04/30 12:37:55 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\WinAVI
[2012/09/13 16:56:04 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
faffy
Active Member
 
Posts: 7
Joined: September 1st, 2012, 9:04 am

Re: Concerned I've been Hacked / Keylogged

Unread postby faffy » September 13th, 2012, 11:20 am

SystemLook log

SystemLook 30.07.11 by jpshortstuff
Log created at 17:19 on 13/09/2012 by Fa
Administrator - Elevation successful

========== filefind ==========

Searching for "*LatestDLMgr.exe*"
C:\_OTL\MovedFiles\09132012_165237\C_Users\Fa\AppData\Roaming\OpenCandy\OpenCandy_F8CA6B826D3F4B808078041628087499\LatestDLMgr.exe --a---- 404640 bytes [09:10 06/09/2012] [09:10 06/09/2012] C7967BB66C3D27ECE63D322CD40E0EE1

========== folderfind ==========

Searching for "*opencandy*"
C:\_OTL\MovedFiles\09132012_165237\C_Users\Fa\AppData\Roaming\OpenCandy d------ [09:10 06/09/2012]
C:\_OTL\MovedFiles\09132012_165237\C_Users\Fa\AppData\Roaming\OpenCandy\OpenCandy_F8CA6B826D3F4B808078041628087499 d------ [09:10 06/09/2012]

========== regfind ==========

Searching for "opencandy /s"
No data found.
faffy
Active Member
 
Posts: 7
Joined: September 1st, 2012, 9:04 am

Re: Concerned I've been Hacked / Keylogged

Unread postby askey127 » September 14th, 2012, 10:08 am

faffy,
Currently, Unity Web Player has a flaw that may allow remote installation of infections.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Unity Web Player

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 60788
    FF - prefs.js..network.proxy.type: 0
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    [2010/07/24 19:23:02 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2010/07/24 19:23:02 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Fa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Fa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O32 - AutoRun File - [2008/06/25 00:28:30 | 000,000,048 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]
    [2012/08/31 22:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
    [2012/08/31 22:24:52 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
    [2012/08/26 15:59:01 | 000,000,000 | ---D | M] -- C:\Users\Fa\AppData\Roaming\Titanium
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-----------------------------------------------
Update and Scan with Antivir
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click Start Update.
When the update is complete, click on Scan System Now.
This full scan could take a hour or more.
It will ask what to do with any item it finds.
IMPORTANT >> tell it to DELETE or QUARANTINE any items it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.

So we are looking for the latest log from OTL, and the log from Antivir.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Concerned I've been Hacked / Keylogged

Unread postby askey127 » September 19th, 2012, 6:10 pm

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 297 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware