infectedturtle

Members
  • Content count

    21
  • Joined

  • Last visited

About infectedturtle

  • Rank
    New Member
  1. Deleting the profiles from Firefox and Chrome and re-syncing from their servers ended up getting rid of the problem. Thanks for your help. Do you believe I should worry about the security of my passwords?
  2. I went ahead and didn't hard reset my router because I do not want to re-setup all of the intricate things I've done (DD-WRT). I also inspected the .bat file because I do not run scripts without knowing what they do and I have already done the things it was slated to do. No effect. Finally I deleted my user profiles for Chrome and Firefox and we will see if it keeps doing it. I don't ever run IE so that wouldn't have anything to do with the equation.
  3. I am afraid there isn't anything wrong with the Router. None of the other computers in the house have the same symptoms. This isn't a DNS thing because if you try to go to the link again, it will work correctly. It is only the first attempt which redirects. My HOSTS file is also healthy.
  4. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.11.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Lucas :: DEATHWING [administrator] 5/11/2012 10:17:54 AM mbam-log-2012-05-11 (10-17-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 203021 Time elapsed: 2 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  5. ========== FILES ========== File\Folder C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\sqduxv.dll not found. File\Folder C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll not found. OTL by OldTimer - Version 3.2.42.3 log created on 05112012_101642
  6. Hello, there is no difference, I am still getting the redirects. Yes I am behind a router, no open ports DD-WRT. Do I need to worry about my passwords? I am considering just wiping the drive and starting over, but I wish I didn't have to. I will run your suggestions and report back.
  7. All processes killed ========== OTL ========== C:\Users\Lucas\AppData\Local\458ffeq4p6hr700641u moved successfully. ADS C:\ProgramData\Microsoft:ao1VlNx8YbGrn9Wv1Onms6MKZd deleted successfully. ADS C:\ProgramData\Microsoft:wXz4oHAJVT4QGLZeJNjw8iHdTa deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Lucas ->Java cache emptied: 1494674 bytes User: Public Total Java Files Cleaned = 1.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Lucas ->Temp folder emptied: 56861689 bytes ->Temporary Internet Files folder emptied: 62597174 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 326331337 bytes ->Google Chrome cache emptied: 314060122 bytes ->Flash cache emptied: 59054 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 56659301 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 779.00 mb OTL by OldTimer - Version 3.2.42.3 log created on 05102012_203231 Files\Folders moved on Reboot... C:\Users\Lucas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot...
  8. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.08.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Lucas :: DEATHWING [administrator] 5/8/2012 8:14:04 PM mbam-log-2012-05-08 (20-14-04).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 201952 Time elapsed: 2 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\sqduxv.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully. (end)
  9. OTL Extras logfile created on: 5/9/2012 8:36:01 PM - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Lucas\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.95 Gb Total Physical Memory | 3.04 Gb Available Physical Memory | 51.15% Memory free 11.90 Gb Paging File | 8.50 Gb Available in Paging File | 71.43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 185.55 Gb Total Space | 73.48 Gb Free Space | 39.60% Space Free | Partition Type: NTFS Drive D: | 384.82 Gb Total Space | 336.30 Gb Free Space | 87.39% Space Free | Partition Type: NTFS Drive V: | 465.76 Gb Total Space | 81.28 Gb Free Space | 17.45% Space Free | Partition Type: NTFS Computer Name: DEATHWING | User Name: Lucas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [git_shell] -- wscript "C:\Program Files (x86)\Git\Git Bash.vbs" "%1" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [git_shell] -- wscript "C:\Program Files (x86)\Git\Git Bash.vbs" "%1" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07D49986-0F1A-45EC-A280-BA1E1BFCA5D5}" = rport=445 | protocol=6 | dir=out | app=system | "{0E547AD4-6C7D-4922-B0A5-57AA32EF4210}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{1F6D502C-2C4E-4458-B162-5F8517D27BBB}" = rport=137 | protocol=17 | dir=out | app=system | "{41B34316-FA7D-432B-9A5E-73C2242E7EFF}" = lport=139 | protocol=6 | dir=in | app=system | "{51BC914D-F727-4CC5-BF5D-E19340C09CB9}" = lport=10243 | protocol=6 | dir=in | app=system | "{69047C5D-1F28-4D19-96F8-826821DBC526}" = lport=445 | protocol=6 | dir=in | app=system | "{74E8E680-3E8B-433B-8861-9A3D3E80E179}" = lport=2869 | protocol=6 | dir=in | app=system | "{7EC1554B-4196-45A1-8680-67748C427655}" = rport=10243 | protocol=6 | dir=out | app=system | "{8AE60E59-2B45-47D7-ABB5-0356FB9EE0B3}" = lport=137 | protocol=17 | dir=in | app=system | "{95A2FD3C-5F06-48C8-BF89-9D845DFA1A21}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{98A86C84-D4CD-4E09-9B69-6AE3A3B57E0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9952FB3F-F5BB-48F9-B8F7-44BE8C168CC7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9DA80E49-0E77-437A-8EF9-78B7ED46A596}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A69A412E-0C74-423D-9B94-8D75F294D6BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A8DD4062-C724-46BE-A078-760C18609C13}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AD3283D1-98F0-461B-816B-A7220ABDFFC7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B011C823-BEF8-471A-9441-6FEE9D680D4F}" = rport=139 | protocol=6 | dir=out | app=system | "{BD336E05-35AF-4E31-A90F-E7E6FC940E6B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C1EA5AA9-D05F-4EC7-8F35-20BE2CB12619}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CA101BE4-0B88-46A5-A1AB-F726B82D613D}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe | "{CE90214D-703F-41F0-B80A-217E0D4885A3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D35FB18C-6703-4C3D-B692-2997BBC4F26D}" = lport=138 | protocol=17 | dir=in | app=system | "{DC2D579D-3726-44FB-81CC-10625884C111}" = rport=138 | protocol=17 | dir=out | app=system | "{DEF646C2-C0CF-4802-B1B2-600D3AB5B28F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F1F20752-9FF5-4A46-A21C-9E8977C0EA7F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FFBB33F3-CA20-4F89-B901-C0DB6BAF09A7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03D79D47-765C-4C44-8716-98EDA7F0B05F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{0755C145-E940-4A0F-81F3-AC938D5E838C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{076D6C45-551D-4A5F-BB33-EE2C703E4768}" = protocol=17 | dir=in | app=c:\users\lucas\appdata\local\google\google talk plugin\googletalkplugin.exe | "{0A5AD457-2F44-4605-96C7-7C37996E20FA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{0D69519C-73E2-4B26-A72B-860A679824FC}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | "{0EC6CFBE-78EE-4085-8466-95C43BE081F3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | "{16214C53-3B30-43B3-9C15-BABBF9FC6FEE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{165EE9F6-7E9C-4596-9711-7C918ECA35DB}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{19A3DDE1-B234-412B-AB80-E6D5D6C89789}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1E79C1D1-AFD5-479B-8E26-0FA730F091AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1F312B0F-523F-4657-8908-B1F9B39B1BF3}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{21E0959A-EEB6-4E22-AF03-F109DCED3CD0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{24C638BB-4651-42AA-A593-E7E01293DEC0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2B800D48-E6C2-4398-B637-AD00A2BB6E4D}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{3C3B3988-5CEF-464B-A775-80E4EEAAA75B}" = protocol=17 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe | "{3E2BF12D-4D24-4389-8407-2A4E0F62AEA9}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{3E9B38BA-1BCE-4153-AFE0-1FFAFDBA117F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{4244EDDD-2E43-4893-A2B9-A08C1F50DAA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4280E864-B11B-4E01-88AD-CFC7288033D1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | "{4BD35305-41A5-4013-985C-E4C19AFE795D}" = protocol=6 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe | "{4D7DF199-37B3-488B-8793-29B57CC9C48D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{52B082D7-88F9-4138-B651-B671088F3F6A}" = protocol=6 | dir=in | app=c:\users\lucas\appdata\local\google\google talk plugin\googletalkplugin.exe | "{53F1D0AD-E211-48F4-9960-3AD539A18A98}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snuggle truck\snuggle truck.exe | "{555358B1-1C58-49EA-AFAE-D6F3DCA356F0}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\dataproxy.exe | "{5857BE5D-093C-41DC-A65C-9856DA064D8A}" = protocol=17 | dir=in | app=c:\users\lucas\appdata\local\google\google talk plugin\googletalkplugin.exe | "{62BB5FC2-6854-4FB6-8785-3AC24715CAE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{64BFF7EE-E9DF-4148-89EC-E691EFB09D99}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6DFA3FB7-5DC4-49DC-B596-884D8A0AFF01}" = protocol=6 | dir=in | app=c:\users\lucas\appdata\local\google\google talk plugin\googletalkplugin.exe | "{6E14714F-017B-4A6F-8C9F-282524C31493}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{74E41ADC-B2D3-4449-873B-E15D955A693F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7A92038B-D1B9-408F-9A1C-DD6B59D958B7}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe | "{7F27402E-9AD7-420A-8765-2EBA15B42C83}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "{8189EA91-D5A8-4784-B1E5-77BB4914B61C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{83D90476-0F73-418D-B83E-9A40B42E14E7}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srfeature.exe | "{860D8CF8-FFD2-40EA-9DD7-BB2E3616C472}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snuggle truck\snuggle truck.exe | "{878187EE-E950-4AA6-A4B8-5023B2E32A46}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{88959DEC-CBBF-4BC3-B9BE-D4C13EB11F49}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8BF12400-7337-4C04-9433-775863E3A22C}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | "{8D1E7393-C817-4116-BE65-C8FB6304FAF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8DF5B141-B7C6-4F69-A4DB-9FD206752E0D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{906F72CD-2DEF-4897-B9C4-E9D8ED128840}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{94A2A794-CCB3-4818-9F69-C4022B1D959D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{953F23BD-4876-4FFC-83ED-67903CDBE8FA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{954D4F35-40C2-484B-AF95-9FB034F6FB8D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{95A8ED67-1A2A-4DC3-BF54-372CCFBE7B0A}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\inputserv.exe | "{95B84ED9-4916-4B87-84FD-F80E391725C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9852AEDE-5D97-4E47-8C1C-C2E547422E1E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{9F02C85D-441E-47C7-9C53-83C9A9B0FC94}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9F9C8142-1340-4B00-B83E-DE76BD2E4571}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A0AF4E54-C6D3-482F-9E1D-D15A8EEBA2A8}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{B1D0C305-A779-4741-AA36-2037EEEC6A1F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{B2EF2011-5C1E-4AC6-9258-D165A3548E24}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B6042080-540C-4DC9-80B0-81A77B93C014}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BA2CAB99-FEC0-48F2-AFE7-E42377A63E5A}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srlogin.exe | "{CAAD8350-BF6B-4930-BFEB-E6ACA4A2B80B}" = protocol=6 | dir=out | app=system | "{CDDF97B1-9C14-4D05-A30D-26485B383479}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "{CF22F183-A128-4612-9F8A-7DAFFE2CC8BD}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{D2868EE2-D511-436A-B284-328F92ABE627}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{D3FE344F-395F-4600-8ABA-4CAFB78895C2}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srserver.exe | "{DCBB9DBD-1A05-431D-9F00-9D2B500D738C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe | "{DDB38C2E-D5EB-405F-B627-1DAE330B165D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E7197AB7-6BAB-4F7A-8A50-ADB613FFA1A8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{EF652DEE-35FA-4F77-BFC5-DEC6978F5713}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe | "{F6F3A91A-A946-4980-B80C-478B3E49419A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{FE4845ED-11BE-4716-8A38-521EB6DF6DFB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "TCP Query User{2CB272B9-BD52-4273-9336-2E22F0589C06}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "TCP Query User{91C08A13-C715-47BF-9320-D403AE710D75}C:\program files (x86)\calibre2\calibre.exe" = protocol=6 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe | "TCP Query User{A477644C-926E-4231-8251-A2D7B9C9A953}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe | "TCP Query User{ECB7B1E9-D27A-44A2-B990-312A29AD0AC2}C:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe | "TCP Query User{F55B1B18-36AB-45C4-A306-76EEBB9B0033}C:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{25C05CE1-D6C2-4B8C-B9AC-25DAF847DE1A}C:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe | "UDP Query User{B4804827-2ACF-44A8-B98E-539D297590C5}C:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{C31320E2-4838-4F1F-BD2C-2CFD5056104A}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "UDP Query User{EA63E4F3-A1AB-4607-870D-34645A20E634}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe | "UDP Query User{F428297E-1B32-4804-B150-A16912D4F33F}C:\program files (x86)\calibre2\calibre.exe" = protocol=17 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518) "{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI "{07E570C2-CEFF-4AA4-BDA7-DA2B4CDD3E62}" = Fresco Logic USB3.0 Host Controller "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel® PROSet/Wireless WiFi Software "{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java 7 Update 2 (64-bit) "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display "{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1) "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290 "{49033FF4-8C1C-0EB9-C0A6-4691CB18D0A4}" = ccc-utility64 "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5601F151-A69F-4E30-8C60-37928124CD07}" = HP 3D DriveGuard "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java SE Development Kit 7 Update 2 (64-bit) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{9B2C4509-2B9F-4303-BA74-E2F9BB773F03}" = Oracle VM VirtualBox 4.1.8 "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{B0F1D023-EF17-43DF-A702-25E0FFFE4129}" = TortoiseGit 1.7.7.0 (64 bit) "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd "{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}" = AMD Catalyst Install Manager "{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel® PROSet/Wireless Software for Bluetooth® Technology "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64) "{EA01EDC3-CFB8-47DA-8C74-53069EB0BD00}" = ASUS Android USB Drivers "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "Defraggler" = Defraggler "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "ProInst" = Intel PROSet Wireless "SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1) "SynTPDeinstKey" = Synaptics TouchPad Driver "TeraCopy_is1" = TeraCopy 2.2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00A53800-BA75-3E9E-BD52-10171E5640B6}" = CCC Help Greek "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0296D4D2-DA68-2DFD-5AC1-6FB04354A86E}" = PX Profile Update "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{04098274-E98C-86E3-1B2C-50E32E561DF5}" = CCC Help Korean "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0502C9CA-D1A3-B741-2F0B-A4E6CDDFEF0E}" = CCC Help Norwegian "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{163A486D-BE65-487E-98D9-F5298F3D5E15}" = PhotoTools 2.5 "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1C34B2AF-0D61-1784-8BC8-219F969BEFD6}" = PX Profile Update "{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1 "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java 6 Update 29 "{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java 7 "{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch "{28B14C2C-B62F-E50C-EECD-97FF3C1ED3CE}" = CCC Help French "{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework "{2D049D1D-CA58-9652-B7C6-19CB98649923}" = CCC Help Dutch "{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer "{32A3A4F4-B792-11D6-A78A-00B0D0160270}" = Java SE Development Kit 6 Update 27 "{33DFAA69-9EF2-F12B-C6F5-4AF9FD445CF6}" = CCC Help Swedish "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{4741965C-AFD0-4D00-81D1-1039F96D4DC3}" = HP SimplePass 2011 "{480DCAD1-8670-66EA-8EBA-178047059A13}" = CCC Help German "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer "{4EA540A5-03BD-9B22-A3DD-E7BDCD879D70}" = CCC Help Finnish "{53CF3920-648B-4F99-8D05-6A6C5298F57B}" = Adobe Creative Suite 5.5 Design Standard "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{55B6344C-AE4F-4DA8-BF32-D7AE0CB4D2BE}_is1" = theRenamer 7.57 "{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}" = Intel® Wireless Display "{5E58CCDF-4A36-453F-A091-DA8F8D1643B5}" = CCC Help Danish "{60070423-DE0B-59FF-D4B7-16BDB8957864}" = CCC Help Portuguese "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74FBB537-8915-329D-393E-FDB7DC69A339}" = CCC Help Japanese "{755F4903-030D-B017-30F2-4D5BE92C8D38}" = CCC Help Italian "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{896C4E12-4857-9715-9F9D-249561D2D7EE}" = CCC Help Thai "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90932C65-D68E-4257-AEE8-EBBFC36AC601}" = KENWOOD Music Editor Light "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{968298EC-86D4-8F84-5ABC-E976C5CDA417}" = CCC Help Spanish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A79024ED-1969-334A-1ED6-16753F9DE377}" = CCC Help English "{A99BE117-F10C-470D-AE6D-DC2889F5F24E}" = Avadon "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{AEAB754A-426C-4738-89C1-52FCB389FCDF}" = calibre "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{BBDD3C95-E069-E346-6D1B-CC76AE448550}" = CCC Help Chinese Standard "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C57C21C0-CE1B-26D5-1215-B26862051F6F}" = Catalyst Control Center "{C86CB1B1-4BD0-7BFB-88CF-76762C8CE1D3}" = Catalyst Control Center Graphics Previews Common "{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport "{CD05F1BC-FC63-1E93-4094-82BC33662E76}" = Catalyst Control Center Localization All "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D61F78AF-A111-9DAE-8368-E3230B168F03}" = CCC Help Polish "{D629D8F0-CA96-11ED-FEAC-38C95F24F4E3}" = CCC Help Russian "{D8CABEA0-CAFB-9320-5F46-EAF31535203F}" = CCC Help Turkish "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{F9941E63-AB58-1382-BC5D-545C4A2AA9B1}" = CCC Help Hungarian "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset "{FC3FEC23-8BBB-CA39-DD99-C981F25A5D39}" = CCC Help Chinese Traditional "{FC8292ED-7E61-4370-15D1-60171263AA1D}" = CCC Help Czech "{FD207C2C-A7FF-332A-AC85-5A5ACED6F31B}" = Google Talk Plugin "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Afterburner" = MSI Afterburner 2.1.0 "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode) "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.dmp.contentviewer" = Adobe Content Viewer "dBpoweramp DSP Effects" = dBpoweramp DSP Effects "dBpoweramp m4a Codec" = dBpoweramp m4a Codec "dBpoweramp Midi Decoder" = dBpoweramp Midi Decoder "dBpoweramp Music Converter" = dBpoweramp Music Converter "EPSON Scanner" = EPSON Scan "FileZilla Client" = FileZilla Client 3.5.3 "FreeCommander_is1" = FreeCommander 2009.02b "Git_is1" = Git version 1.7.9-preview20120201 "HandBrake" = HandBrake 0.9.5 "ImgBurn" = ImgBurn "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD "Launchy_21344213_is1" = Launchy 2.6 Beta 2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "Mozilla Thunderbird 10.0.2 (x86 en-US)" = Mozilla Thunderbird 10.0.2 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.49 "MusicBrainz Picard" = MusicBrainz Picard "Notepad++" = Notepad++ "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Picasa 3" = Picasa 3 "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software "ProInst" = Intel PROSet Wireless "PuTTY_is1" = PuTTY version 0.61 "SABnzbd" = SABnzbd 0.6.12 "StarCraft II" = StarCraft II "Steam App 111100" = Snuggle Truck "Steam App 300" = Day of Defeat: Source "Steam App 4000" = Garry's Mod "Steam App 440" = Team Fortress 2 "Steam App 550" = Left 4 Dead 2 "TightVNC" = TightVNC 2.0.4 "TrueCrypt" = TrueCrypt "TurboTax 2011" = TurboTax 2011 "VLC media player" = VLC media player 2.0.0 "WBFS Manager 3.0" = WBFS Manager 3.0 "WinMerge_is1" = WinMerge 2.12.4 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 4/18/2012 10:31:54 AM | Computer Name = Deathwing | Source = WinMgmt | ID = 10 Description = [ Hewlett-Packard Events ] Error - 9/9/2011 5:08:19 PM | Computer Name = Deathwing | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091109020801.xml File not created by asset agent Error - 9/9/2011 5:13:33 PM | Computer Name = Deathwing | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091109021331.xml File not created by asset agent [ HP Connection Manager Events ] Error - 4/11/2012 11:55:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5 Description = 2012/04/11 20:55:33.171|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 4/11/2012 11:56:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5 Description = 2012/04/11 20:56:33.169|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 4/11/2012 11:57:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5 Description = 2012/04/11 20:57:33.167|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 4/11/2012 11:58:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5 Description = 2012/04/11 20:58:33.165|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 4/11/2012 11:59:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5 Description = 2012/04/11 20:59:33.162|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 4/12/2012 12:00:33 AM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5 Description = 2012/04/11 21:00:33.160|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 4/12/2012 12:01:33 AM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5 Description = 2012/04/11 21:01:33.173|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 4/12/2012 12:02:33 AM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5 Description = 2012/04/11 21:02:33.171|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 4/16/2012 11:36:24 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5 Description = 2012/04/16 20:36:24.007|00001814|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 4/16/2012 11:36:28 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5 Description = 2012/04/16 20:36:28.990|00001814|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] [ HP Software Framework Events ] Error - 4/30/2012 11:05:10 PM | Computer Name = Deathwing | Source = CaslSmBios | ID = 5 Description = 2012/04/30 20:05:10.602|00001174|Error |[CaslWmi]XmlTools::Validate{hpCasl.enReturnCode(string,string)}|The 'schemas-hp-com.casl:TechnologyType' element is invalid - The value '' is invalid according to its datatype 'schemas-hp-com.casl:technologyTypeValue' - The Enumeration constraint failed. Error - 5/2/2012 12:37:50 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5 Description = 2012/05/02 09:37:50.076|00000F04|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception occurred in querying WMI for WmiMonitorBrightness: 'Not supported ' Error - 5/2/2012 12:37:50 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5 Description = 2012/05/02 09:37:50.330|00000F04|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 5/8/2012 12:41:37 AM | Computer Name = Deathwing | Source = CaslWmi | ID = 5 Description = 2012/05/07 21:41:37.153|00001844|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 5/8/2012 9:35:36 AM | Computer Name = Deathwing | Source = CaslWmi | ID = 5 Description = 2012/05/08 06:35:36.442|00001784|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 5/8/2012 11:15:12 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5 Description = 2012/05/08 20:15:12.203|00000FC8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 5/8/2012 11:23:25 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5 Description = 2012/05/08 20:23:25.940|000018E4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 5/9/2012 12:21:42 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5 Description = 2012/05/09 09:21:42.638|0000140C|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception occurred in querying WMI for WmiMonitorBrightness: 'Not supported ' Error - 5/9/2012 12:21:42 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5 Description = 2012/05/09 09:21:42.816|0000140C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 5/9/2012 12:23:25 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5 Description = 2012/05/09 09:23:25.173|00001D84|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception occurred in querying WMI for WmiMonitorBrightness: 'Not supported ' [ System Events ] Error - 5/3/2012 9:31:54 AM | Computer Name = Deathwing | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR10. Error - 5/3/2012 9:31:55 AM | Computer Name = Deathwing | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR10. Error - 5/8/2012 3:09:37 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7034 Description = The Bluetooth Device Monitor service terminated unexpectedly. It has done this 1 time(s). Error - 5/8/2012 3:09:37 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7034 Description = The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s). Error - 5/8/2012 3:09:37 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7034 Description = The Bluetooth Media Service service terminated unexpectedly. It has done this 1 time(s). Error - 5/8/2012 3:13:44 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 5/8/2012 3:16:44 PM | Computer Name = Deathwing | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 5/8/2012 3:17:12 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 5/8/2012 10:29:31 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 5/8/2012 10:32:03 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. < End of report >
  10. OTL logfile created on: 5/9/2012 8:36:01 PM - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Lucas\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.95 Gb Total Physical Memory | 3.04 Gb Available Physical Memory | 51.15% Memory free 11.90 Gb Paging File | 8.50 Gb Available in Paging File | 71.43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 185.55 Gb Total Space | 73.48 Gb Free Space | 39.60% Space Free | Partition Type: NTFS Drive D: | 384.82 Gb Total Space | 336.30 Gb Free Space | 87.39% Space Free | Partition Type: NTFS Drive V: | 465.76 Gb Total Space | 81.28 Gb Free Space | 17.45% Space Free | Partition Type: NTFS Computer Name: DEATHWING | User Name: Lucas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/05/09 20:35:04 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe PRC - [2012/05/09 09:38:23 | 004,731,392 | ---- | M] (AVAST Software) -- D:\Dropbox\aswMBR.exe PRC - [2012/05/04 11:41:36 | 027,087,944 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/03/14 22:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe PRC - [2012/02/09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe PRC - [2012/02/09 13:44:06 | 002,509,184 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe PRC - [2012/02/09 13:43:46 | 002,029,952 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe PRC - [2012/01/08 23:08:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe PRC - [2011/08/19 15:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2011/07/20 05:07:50 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe PRC - [2011/07/20 05:07:32 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe PRC - [2011/07/20 05:07:06 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe PRC - [2011/07/11 15:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2011/06/16 20:49:40 | 000,402,944 | ---- | M] () -- C:\Apps\envyTouchPad.exe PRC - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011/05/20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2011/03/30 15:01:10 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2011/03/08 12:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011/02/15 15:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2011/01/24 15:34:06 | 000,991,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011/01/24 15:34:04 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011/01/24 15:33:30 | 000,901,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011/01/24 15:33:24 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe PRC - [2010/12/23 18:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/12/23 18:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/11/10 20:28:40 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe PRC - [2010/11/01 18:35:30 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\ASTSRV.EXE PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe ========== Modules (No Company Name) ========== MOD - [2012/04/27 19:07:01 | 000,444,400 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll MOD - [2012/04/27 19:06:59 | 003,915,248 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll MOD - [2012/04/27 19:05:45 | 000,544,240 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\libglesv2.dll MOD - [2012/04/27 19:05:44 | 000,117,744 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\libegl.dll MOD - [2012/04/27 19:05:34 | 000,122,880 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll MOD - [2012/04/27 19:05:33 | 000,220,672 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll MOD - [2012/04/27 19:05:32 | 001,747,456 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll MOD - [2012/04/27 18:09:18 | 008,743,584 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll MOD - [2012/04/12 19:48:35 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0642b0c04fa10e6986baf58cf1580879\IAStorUtil.ni.dll MOD - [2012/04/12 06:41:40 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll MOD - [2012/04/12 06:41:04 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll MOD - [2012/04/12 06:40:56 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll MOD - [2012/04/11 21:02:15 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bf4d4ad3e86281bc3924d74f4e716322\System.Windows.Forms.ni.dll MOD - [2012/04/11 21:02:06 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ab9feeb2817859457fc06c4c06f32fe1\System.Drawing.ni.dll MOD - [2012/03/11 15:40:54 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9bf91363906fc418ea34b30d7bf825b9\System.Core.ni.dll MOD - [2012/03/11 15:40:45 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\26430b84dfd15f788b0e39dce71ef5d1\System.ni.dll MOD - [2012/03/11 15:40:39 | 014,414,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fe6b346d83857a3f02bda63332e66642\mscorlib.ni.dll MOD - [2012/02/15 08:09:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012/02/15 08:08:27 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll MOD - [2012/02/15 08:08:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012/02/15 08:08:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012/02/15 08:08:17 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2012/02/09 10:25:14 | 000,071,352 | ---- | M] () -- C:\Program Files\TortoiseGit\bin\zlib132.dll MOD - [2012/02/09 10:25:08 | 000,227,512 | ---- | M] () -- C:\Program Files\TortoiseGit\bin\libgit232.dll MOD - [2012/01/08 23:14:35 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\91fa5cc7230b88e3e42b3bccd198f681\IAStorCommon.ni.dll MOD - [2011/10/15 18:33:43 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/06/16 20:49:40 | 000,402,944 | ---- | M] () -- C:\Apps\envyTouchPad.exe MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/11/10 20:28:40 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe MOD - [2010/11/05 16:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\calcy.dll MOD - [2010/11/05 16:03:42 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\weby.dll MOD - [2010/08/24 19:40:48 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\runner.dll MOD - [2010/08/24 19:40:48 | 000,030,208 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\gcalc.dll MOD - [2010/08/24 19:40:22 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\verby.dll MOD - [2010/08/24 19:40:08 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\controly.dll MOD - [2009/12/17 01:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Launchy\imageformats\qmng4.dll MOD - [2009/12/16 23:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtGui4.dll MOD - [2009/12/16 22:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtNetwork4.dll MOD - [2009/12/16 22:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtCore4.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2012/01/08 23:14:50 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2012/01/08 23:14:48 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2011/08/31 19:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011/07/27 22:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel® SRV:64bit: - [2011/07/27 21:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011/07/27 21:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel® SRV:64bit: - [2011/07/18 17:01:47 | 000,146,816 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV:64bit: - [2011/06/03 13:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel® Centrino® Wireless Bluetooth® SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2011/05/08 17:25:40 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/03/15 16:35:18 | 000,071,168 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe -- (NovacomD) SRV:64bit: - [2010/11/01 18:35:30 | 000,072,192 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysNative\nlsInterface.EXE -- (nlscc) SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/05/06 16:55:24 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/23 19:57:16 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/03/14 22:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService) SRV - [2012/02/09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService) SRV - [2012/01/08 23:13:14 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2011/08/14 15:39:51 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/07/20 05:07:50 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService) SRV - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2011/02/24 22:34:42 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56) SRV - [2011/02/15 15:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2011/01/24 15:34:06 | 000,991,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011/01/24 15:34:04 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011/01/24 15:33:30 | 000,901,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010/12/23 18:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2010/12/23 18:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010/11/01 18:35:30 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (astcc) SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/24 02:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV:64bit: - [2012/02/24 02:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/01/08 23:14:50 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2012/01/08 23:13:14 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2012/01/08 23:09:02 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel® DRV:64bit: - [2012/01/08 23:08:17 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2012/01/08 23:08:17 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011/12/19 13:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/08/09 23:28:26 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:64bit: - [2011/05/20 10:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/05/18 17:57:32 | 000,041,256 | ---- | M] (SeriousBit) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nbdrv.sys -- (Nbdrv) DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011/05/08 17:58:06 | 009,259,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/05/08 16:50:14 | 000,301,568 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/04/16 02:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/16 18:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/02/16 17:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2011/01/24 02:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel® DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/07/14 07:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV - [2009/12/18 11:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 67 C5 4F 21 57 CC 01 [binary data] IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.0: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lucas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lucas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/13 19:32:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/23 19:57:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/25 21:02:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/08/09 23:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Extensions [2012/05/01 23:28:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\extensions [2012/04/28 13:20:02 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\extensions\https-everywhere@eff.org [2012/02/25 21:03:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/08/10 00:00:18 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2012/04/23 19:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions [2012/03/10 18:27:42 | 001,331,409 | ---- | M] () (No name found) -- C:\USERS\LUCAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3S2YHTU7.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2012/03/10 18:27:42 | 000,195,719 | ---- | M] () (No name found) -- C:\USERS\LUCAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3S2YHTU7.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI [2012/03/10 18:27:42 | 000,113,603 | ---- | M] () (No name found) -- C:\USERS\LUCAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3S2YHTU7.DEFAULT\EXTENSIONS\NOSQUINT@URANDOM.CA.XPI [2012/04/23 19:57:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/03/10 18:23:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/03/10 18:23:43 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Java Platform SE 7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Lucas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Google Docs = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\5.3.2_0\ CHR - Extension: YouTube = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus (Beta) = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Google Search = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Calendar = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\ CHR - Extension: Aside = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhbmdeeajbgkdpaiencghlmbgbkpdaa\1.1_0\ CHR - Extension: Google Chrome to Phone Extension = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\ CHR - Extension: SABconnect++ = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\okphadhbbjadcifjplhifajfacbkkbod\0.5.8_0\ CHR - Extension: Weather Underground = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\ CHR - Extension: Gmail = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/05/08 12:17:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe (Windows ® Win 7 DDK provider) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001..\Run: [envyTouchPad] C:\Apps\envyTouchPad.exe () O4 - Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\..Trusted Domains: box.net ([www] https in Trusted sites) O15 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF6477D5-C2C1-4A4A-958E-A9DEC6AA64BC}: DhcpNameServer = 10.10.1.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/05/09 20:35:47 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe [2012/05/08 21:06:45 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\Microsoft Games [2012/05/08 20:13:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/05/08 19:33:40 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/05/08 12:09:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/05/08 12:09:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/05/08 12:09:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/05/08 12:09:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/05/08 12:09:39 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/05/08 12:08:58 | 004,487,872 | R--- | C] (Swearware) -- C:\Users\Lucas\Desktop\ComboFix.exe [2012/05/08 09:03:30 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\Splashtop [2012/05/08 08:41:07 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\RK_Quarantine [2012/05/04 00:41:48 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\dvdcss [2012/05/01 03:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2012/04/16 23:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDNS Updater [2012/04/16 23:16:09 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\OpenDNS Updater [2012/04/16 22:39:39 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2012/04/16 22:39:39 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2012/04/16 20:15:43 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\Bilbo [2012/04/09 21:04:48 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Documents\Asus WebStorage [2012/04/09 21:04:44 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\ASUS WebStorage [2012/04/09 21:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS WebStorage [2012/04/09 21:04:23 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\ASUS [2012/04/09 21:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS [2012/04/09 21:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS [2012/04/09 21:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012/04/09 21:01:47 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\eCareme [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/05/09 20:35:04 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe [2012/05/09 20:10:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001UA.job [2012/05/09 20:10:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001Core.job [2012/05/09 19:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/05/09 10:44:10 | 000,000,512 | ---- | M] () -- C:\Users\Lucas\Desktop\MBR.dat [2012/05/09 08:32:11 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/09 08:32:11 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/09 06:34:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/08 21:42:37 | 000,000,600 | ---- | M] () -- C:\Users\Lucas\AppData\Local\PUTTY.RND [2012/05/08 20:23:59 | 003,055,138 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/05/08 20:23:59 | 000,956,682 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/05/08 20:23:59 | 000,006,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/05/08 20:20:08 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys [2012/05/08 20:14:50 | 000,001,050 | ---- | M] () -- C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/05/08 12:17:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/05/08 12:08:38 | 004,487,872 | R--- | M] (Swearware) -- C:\Users\Lucas\Desktop\ComboFix.exe [2012/05/01 03:00:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/05/01 03:00:51 | 000,006,584 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/04/17 19:32:49 | 000,001,456 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Adobe Save for Web 12.0 Prefs [2012/04/16 22:38:54 | 000,001,977 | ---- | M] () -- C:\Users\Lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/05/09 10:44:10 | 000,000,512 | ---- | C] () -- C:\Users\Lucas\Desktop\MBR.dat [2012/05/08 12:09:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/05/08 12:09:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/05/08 12:09:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/05/08 12:09:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/05/08 12:09:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/02/21 07:48:57 | 000,000,600 | ---- | C] () -- C:\Users\Lucas\AppData\Roaming\winscp.rnd [2012/02/18 18:00:01 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2012/02/04 03:11:04 | 000,001,626 | ---- | C] () -- C:\Users\Lucas\AppData\Local\auto_install.bat [2012/02/04 03:11:04 | 000,001,481 | ---- | C] () -- C:\Users\Lucas\AppData\Local\dc.bat [2012/02/04 03:11:04 | 000,001,288 | ---- | C] () -- C:\Users\Lucas\AppData\Local\cc.bat [2012/01/17 22:00:26 | 000,000,079 | ---- | C] () -- C:\Users\Lucas\AppData\Local\CrystalDiskMark30.ini [2011/12/23 23:56:46 | 000,008,846 | -HS- | C] () -- C:\Users\Lucas\AppData\Local\458ffeq4p6hr700641u [2011/12/16 00:33:54 | 000,153,076 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011/12/09 21:24:34 | 000,002,655 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Midi Decoder.dat [2011/12/09 21:16:16 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat [2011/12/09 21:16:08 | 000,017,950 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2011/11/29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011/11/29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011/11/29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011/11/29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011/11/29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011/11/17 00:24:08 | 000,005,632 | ---- | C] () -- C:\Users\Lucas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/10/29 22:48:26 | 000,003,232 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat [2011/10/29 22:48:08 | 000,225,656 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2011/10/16 14:01:55 | 000,000,166 | ---- | C] () -- C:\Users\Lucas\AppData\Roaming\Battery Meter_Settings.ini [2011/09/24 21:20:22 | 000,001,456 | ---- | C] () -- C:\Users\Lucas\AppData\Local\Adobe Save for Web 12.0 Prefs [2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/09/10 20:02:31 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2011/09/09 16:59:16 | 000,000,600 | ---- | C] () -- C:\Users\Lucas\AppData\Local\PUTTY.RND [2011/09/05 00:19:56 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config [2011/08/14 15:34:02 | 000,000,412 | ---- | C] () -- C:\Users\Lucas\AppData\Roaming\All CPU Meter_Settings.ini [2011/08/12 23:47:26 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011/08/09 23:39:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/08/09 23:07:41 | 000,006,584 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/08/09 04:53:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/08/09 04:43:10 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/08/09 04:43:08 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/04/16 02:05:50 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/04/16 01:59:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011/04/16 01:33:40 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011/03/25 18:16:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/02/09 21:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini ========== LOP Check ========== [2011/10/16 13:47:56 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\onOne Software [2011/10/16 13:47:56 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\onOne Software [2012/04/17 23:42:58 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\.minecraft [2012/04/09 21:06:22 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\ASUS [2012/04/09 21:04:44 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\ASUS WebStorage [2011/12/09 21:15:22 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Audacity [2011/09/10 21:55:22 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\calibre [2011/10/18 20:59:10 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\CanuckSoftware [2011/09/24 21:54:34 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/09/10 19:30:40 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\com.adobe.dmp.contentviewer [2011/09/09 12:56:00 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/02/22 07:38:24 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\DiskAid [2012/03/19 20:39:14 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Downloaded Installations [2012/05/09 14:15:46 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Dropbox [2012/04/09 21:01:47 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\eCareme [2011/09/24 21:20:44 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\EPSON [2012/03/11 18:39:05 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\FileZilla [2011/11/14 22:27:48 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\FlixsterCollections [2011/12/09 00:32:08 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\FreeCommander [2011/08/09 23:39:40 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\GlarySoft [2011/09/04 22:17:31 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\gtk-2.0 [2011/10/05 22:16:34 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\HandBrake [2011/08/14 15:48:38 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\IDT [2011/12/04 20:38:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\ImgBurn [2011/08/27 17:17:27 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Jason Robitaille [2011/12/16 00:53:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\JasonRobitaille [2012/02/25 21:19:34 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Launchy [2011/10/13 11:39:04 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\LockHunter [2012/03/21 07:16:26 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Mp3tag [2011/10/13 11:55:32 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\MusicBrainz [2011/08/14 15:43:43 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Notepad++ [2011/10/16 13:48:05 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\onOne Software [2012/04/16 23:16:09 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\OpenDNS Updater [2011/09/10 20:02:31 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\PACE Anti-Piracy [2012/04/09 21:05:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\PrimoPDF [2012/02/18 19:42:55 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\pymclevel [2012/01/25 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\redsn0w [2012/04/16 22:37:23 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Samsung [2011/08/12 21:20:11 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\SeriousBit [2011/09/28 20:56:23 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011/08/09 22:22:19 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Synaptics [2011/08/12 23:21:14 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\SystemRequirementsLab [2012/04/29 20:08:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TeraCopy [2011/12/04 19:11:55 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Thunderbird [2011/08/14 14:41:27 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TightVNC [2011/09/09 18:08:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TrueCrypt [2012/05/07 21:32:36 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\uTorrent [2011/12/09 21:17:38 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1211 bytes -> C:\ProgramData\Microsoft:ao1VlNx8YbGrn9Wv1Onms6MKZd @Alternate Data Stream - 1062 bytes -> C:\ProgramData\Microsoft:wXz4oHAJVT4QGLZeJNjw8iHdTa < End of report >
  11. I am dual booting Ubuntu Natively fyi, so the extended partition contains a 122 GB ext4, 6GB Swap and, the rest as NTFS Media storage.
  12. ListParts by Farbar Version: 12-03-2012 03 Ran by Lucas (administrator) on 09-05-2012 at 09:39:38 Windows 7 (X64) Running From: D:\Dropbox Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 36% Total physical RAM: 6091.86 MB Available physical RAM: 3850.05 MB Total Pagefile: 12181.91 MB Available Pagefile: 9340.02 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:185.55 GB) (Free:73.96 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive d: () (Fixed) (Total:384.82 GB) (Free:336.3 GB) NTFS 4 Drive v: (Videos) (Network) (Total:465.76 GB) (Free:81.54 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 698 GB 2048 KB Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 199 MB 1024 KB Partition 2 Primary 185 GB 200 MB Partition 0 Extended 512 GB 185 GB Partition 3 Logical 122 GB 185 GB Partition 4 Logical 6144 MB 307 GB Partition 5 Logical 384 GB 313 GB ====================================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 185 GB Healthy Boot ====================================================================================================== Disk: 0 Partition 3 Type : 83 Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== Disk: 0 Partition 4 Type : 82 Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== Disk: 0 Partition 5 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D NTFS Partition 384 GB Healthy ====================================================================================================== ****** End Of Log ****** aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-05-09 09:40:51 ----------------------------- 09:40:51.036 OS Version: Windows x64 6.1.7601 Service Pack 1 09:40:51.037 Number of processors: 8 586 0x2A07 09:40:51.037 ComputerName: DEATHWING UserName: Lucas 09:40:51.686 Initialize success 10:00:45.624 AVAST engine defs: 12050900 10:05:17.355 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 10:05:17.357 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3 10:05:17.363 Disk 0 MBR read successfully 10:05:17.365 Disk 0 MBR scan 10:05:17.369 Disk 0 unknown MBR code 10:05:17.382 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 10:05:17.397 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 190000 MB offset 409600 10:05:17.402 Disk 0 Partition - 00 05 Extended 525203 MB offset 389531646 10:05:17.416 Disk 0 Partition 3 00 83 Linux 125000 MB offset 389531648 10:05:17.421 Disk 0 Partition - 00 05 Extended 6145 MB offset 645531648 10:05:17.453 Disk 0 scanning C:\Windows\system32\drivers 10:05:24.895 Service scanning 10:05:57.217 Modules scanning 10:05:57.225 Disk 0 trace - called modules: 10:05:57.266 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll 10:05:57.271 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006b65790] 10:05:57.276 3 CLASSPNP.SYS[fffff88001d5343f] -> nt!IofCallDriver -> [0xfffffa8006a7ab10] 10:05:57.285 5 hpdskflt.sys[fffff88001cfa189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800692e050] 10:05:57.944 AVAST engine scan C:\Windows 10:05:59.777 AVAST engine scan C:\Windows\system32 10:08:18.624 AVAST engine scan C:\Windows\system32\drivers 10:08:27.503 AVAST engine scan C:\Users\Lucas 10:14:44.918 AVAST engine scan C:\ProgramData 10:17:23.418 Scan finished successfully 10:44:10.001 Disk 0 MBR has been saved successfully to "C:\Users\Lucas\Desktop\MBR.dat" 10:44:10.006 The log file has been saved successfully to "C:\Users\Lucas\Desktop\aswMBR.txt" MBR.zip
  13. RogueKiller V7.4.4 [05/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Lucas [Admin rights] Mode: Scan -- Date: 05/09/2012 07:26:55 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK7575GSX +++++ --- User --- [MBR] b27ea8f791f5b651de5b587eaa78abc7 [bSP] 6abcc5b31419a117d0832257e7d591e9 : Linux MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 190000 Mo 2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 389531646 | Size: 525203 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  14. Mr. Charlie, it appears that we are still infected.
  15. Found this and removing now. Log will be posted below. It's odd that MBAM didn't detect this before right? Or was the system so heavily messed up it prevented MBAM from detecting it? I want to try to figure out how we knew the steps to take so that in future I can be better informed. Also, do you think my passwords have been risked? Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.08.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Lucas :: DEATHWING [administrator] 5/8/2012 8:14:04 PM mbam-log-2012-05-08 (20-14-04).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 201952 Time elapsed: 2 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\sqduxv.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully. (end)