Possible keylogger infection

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Possible keylogger infection

Post by superfan84 on Tue 08 Jan 2013, 2:48 pm

Hello,

I have two issues going on currently with my computer. The first issue just recently popped up and I think its a keylogger virus, or at least it has the symptoms of one. My yahoo email was hacked the other day, I know this because it sent out random spam emails to everyone on my contact list and also to people I have emailed in the past. The funny thing about it is that these emails don't show up in my sent folder in my email but I received emails from people that received my spam emails. I went ahead and changed my email login password and the next day I still had spam emails sent out. I hope I don't have to delete my email account, as that would be a huge hassle for me.

My second issue has been a lingering problem with my computer. When I close my laptop and open it up from sleep mode, and when I go to type something, the screen freezes up and the only way to solve this is to restart the computer. I thought it was a problem with my search browser (google chrome), but its not because it happens in any program I can type in (search bar, Microsoft word, search browsers, etc).

I have pasted my log files below. I will be patient in receiving a response, and hopefully we can solve these issues. Thanks!

# AdwCleaner v2.104 - Logfile created 01/07/2013 at 21:15:20
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Nate - NATE-PC
# Boot Mode : Normal
# Running from : C:\Users\Nate\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : IB Updater

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\Babylon
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Perion
Folder Deleted : C:\Program Files (x86)\vShare
Folder Deleted : C:\Program Files (x86)\vShare.tv plugin
Folder Deleted : C:\Program Files\IB Updater
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Nate\AppData\Local\Conduit
Folder Deleted : C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Deleted : C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\Nate\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Nate\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Nate\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Nate\AppData\LocalLow\vShare
Folder Deleted : C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\zl4hg3uv.default\adawaretb
Folder Deleted : C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\zl4hg3uv.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Deleted : C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\zl4hg3uv.default\extensions\staged
Folder Deleted : C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\zl4hg3uv.default\Smartbar
Folder Deleted : C:\Users\Nate\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Nate\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Windows\SysWOW64\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\vShare
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Classes\.sanmed
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

File : C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\zl4hg3uv.default\prefs.js

C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\zl4hg3uv.default\user.js ... Deleted !

Deleted : user_pref("CT2269050.autoDisableScopes", -1);
Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb185?a=6R8NrPtPwc&i=26");

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [11190 octets] - [07/01/2013 21:15:20]

########## EOF - C:\AdwCleaner[S1].txt - [11251 octets] ##########

superfan84

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2013-01-08
Operating System : Windows 7

View user profile

Back to top Go down

Re: Possible keylogger infection

Post by superfan84 on Tue 08 Jan 2013, 2:50 pm

OTL logfile created on: 1/7/2013 8:52:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nate\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 47.52% Memory free
5.73 Gb Paging File | 3.28 Gb Available in Paging File | 57.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.34 Gb Total Space | 83.04 Gb Free Space | 38.03% Space Free | Partition Type: NTFS
Drive D: | 14.25 Gb Total Space | 2.35 Gb Free Space | 16.51% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.26 Mb Free Space | 96.04% Space Free | Partition Type: FAT32

Computer Name: NATE-PC | User Name: Nate | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/07 20:51:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nate\Downloads\OTL.com
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/04 14:06:46 | 000,188,760 | ---- | M] () -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe
PRC - [2012/09/04 13:26:28 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 02:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2009/09/30 22:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 22:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/04 19:15:15 | 012,456,040 | ---- | M] () -- C:\Users\Nate\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012/12/04 19:15:15 | 000,460,904 | ---- | M] () -- C:\Users\Nate\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 19:15:14 | 004,008,040 | ---- | M] () -- C:\Users\Nate\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 19:14:29 | 000,587,880 | ---- | M] () -- C:\Users\Nate\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/04 19:14:28 | 000,124,520 | ---- | M] () -- C:\Users\Nate\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/04 19:14:21 | 000,157,304 | ---- | M] () -- C:\Users\Nate\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 19:14:20 | 000,275,576 | ---- | M] () -- C:\Users\Nate\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 19:14:19 | 002,168,952 | ---- | M] () -- C:\Users\Nate\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/10/28 12:09:09 | 000,189,952 | ---- | M] () -- C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromePI.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/11/26 16:25:16 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/10/04 14:06:46 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/06/24 14:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/01/18 16:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/11 21:31:44 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/13 18:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/08/29 20:11:37 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 22:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 22:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/26 08:26:20 | 000,085,504 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/02 19:19:40 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/24 14:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/26 02:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/04/19 03:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 03:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/01/10 21:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/23 12:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 12:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 12:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/08 00:46:56 | 001,225,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 10:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/29 14:27:27 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/03/05 13:57:18 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/10/13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/22 19:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/09/22 19:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}
IE:64bit: - HKLM\..\SearchScopes\{5A6FBCC2-3485-4773-984B-D66A4564AD03}: "URL" = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}: "URL" = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\..\SearchScopes\{D70E5D87-215E-4081-A84A-033423333630}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}
IE - HKLM\..\SearchScopes\%EasyLifeSearch_IESearchEngineGuid%: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{3C9AC5C3-49DF-4C99-9DAC-D76DCDE97281}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{5A6FBCC2-3485-4773-984B-D66A4564AD03}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{B7DA5F9E-2BB0-4756-9DFB-938E986A309C}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{D70E5D87-215E-4081-A84A-033423333630}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\%EasyLifeSearch_IESearchEngineGuid%: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{3C9AC5C3-49DF-4C99-9DAC-D76DCDE97281}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{5A6FBCC2-3485-4773-984B-D66A4564AD03}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{9D1C9581-1496-6401-B0E1-B5AB23A42B87}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{ADDF54DE-F992-4DAD-8229-7985F3CF69C9}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{B7DA5F9E-2BB0-4756-9DFB-938E986A309C}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{B830A30B-C643-402E-8604-4AE1A2A05CAC}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{D70E5D87-215E-4081-A84A-033423333630}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "u-Search"
FF - prefs.js..browser.search.defaultenginename: "EasyLife"
FF - prefs.js..browser.search.defaulturl: "http://search.easylifeapp.com/?q="
FF - prefs.js..browser.search.order.1: "EasyLife"
FF - prefs.js..browser.search.selectedEngine: "EasyLife"
FF - prefs.js..browser.startup.homepage: "http://search.easylifeapp.com/"
FF - prefs.js..extensions.enabledAddons: [You must be registered and logged in to see this link.]:1.4.2
FF - prefs.js..extensions.enabledAddons: [You must be registered and logged in to see this link.]:6.2
FF - prefs.js..extensions.enabledAddons: [You must be registered and logged in to see this link.]:6.2
FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
FF - prefs.js..keyword.URL: "http://search.easylifeapp.com/?q="
FF - prefs.js..browser.search.order.1,S: S", "EasyLife"
FF - prefs.js..browser.search.defaultenginename,S: S", "EasyLife"
FF - prefs.js..browser.search.selectedEngine,S: S", "EasyLife"

FF - user.js..browser.search.defaultengine: "u-Search"
FF - user.js..browser.search.defaultenginename: "u-Search"
FF - user.js..browser.search.order.1: "u-Search"
FF - user.js..browser.startup.homepage: "http://u-search.net/?a=1&e=1"
FF - user.js..browser.search.defaulturl: "http://u-search.net/?a=1&e=2&q="
FF - user.js..keyword.URL: "http://u-search.net/?a=1&e=2&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nate\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nate\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2012/12/06 14:37:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/16 06:10:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files (x86)\fbphotozoom\fbphotozoom13.xpi [2012/03/08 15:40:46 | 000,102,233 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/15 22:56:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/09/15 22:56:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012/12/06 14:37:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/02 19:19:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/09/17 19:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nate\AppData\Roaming\Mozilla\Extensions
[2013/01/06 22:31:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\zl4hg3uv.default\extensions
[2012/10/28 14:41:25 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\zl4hg3uv.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012/10/28 14:41:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\zl4hg3uv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/07/27 17:50:01 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\zl4hg3uv.default\extensions\ich@maltegoetz.de
[2013/01/02 19:19:21 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\zl4hg3uv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/12/16 18:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\zl4hg3uv.default\extensions\staged
[2012/09/17 19:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/19 11:14:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012/09/15 22:56:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/15 22:56:39 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\NATE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZL4HG3UV.DEFAULT\EXTENSIONS\CROSSRIDERAPP4493@CROSSRIDER.COM
[2012/07/13 18:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/13 18:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/17 17:07:43 | 000,002,522 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/07/13 18:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: [You must be registered and logged in to see this link.]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: [You must be registered and logged in to see this link.]
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nate\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nate\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nate\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromePI.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\npbrowserext.dll
CHR - plugin: Perion plugin (Disabled) = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: YouTube = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Babylon Translator = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\
CHR - Extension: IB Updater = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\
CHR - Extension: GoodGuide Transparency Toolbar = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhlpjkggdghflmmfobcclppjdmpepnmh\2.7_0\
CHR - Extension: AVG Safe Search = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: vshare plugin = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_1\
CHR - Extension: FBPHOTOZOOM = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\2.2_0\
CHR - Extension: AVG Do Not Track = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Gmail = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [EPSON Stylus Photo R220 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAIA.EXE /FU "C:\Windows\TEMP\E_S696C.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Nate\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Nate\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Nate\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Nate\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Value error. File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 10.7.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [You must be registered and logged in to see this link.] (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B56B5944-BD05-4809-A756-566BD6292AF6}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d2126661-00b4-11e0-8399-c80aa9d43425}\Shell - "" = AutoRun
O33 - MountPoints2\{d2126661-00b4-11e0-8399-c80aa9d43425}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: avast - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Google Desktop Search - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: Weather - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

superfan84

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2013-01-08
Operating System : Windows 7

View user profile

Back to top Go down

Re: Possible keylogger infection

Post by superfan84 on Tue 08 Jan 2013, 2:52 pm

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/07 19:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013/01/07 19:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2013/01/07 19:06:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2013/01/06 20:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/01/06 20:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/01/06 20:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/01/06 18:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/01/06 18:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/01/06 18:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/06 18:09:33 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/06 18:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/02 19:23:44 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\LavasoftStatistics
[2013/01/02 19:19:46 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Local\Downloaded Installations
[2013/01/02 19:19:40 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/01/02 19:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013/01/02 19:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/01/02 19:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2013/01/02 19:15:38 | 000,000,000 | ---D | C] -- C:\Users\Nate\Desktop\DMB 12-5-2012
[2012/12/31 15:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012/12/31 15:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012/12/31 15:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphics Related Programs
[2012/12/31 15:31:10 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\PerformerSoft
[2012/12/31 15:31:08 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2012/12/31 15:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scout
[2012/12/22 10:16:12 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/22 10:16:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/22 10:16:11 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/22 10:16:11 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/20 21:18:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/12/16 19:35:07 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\IBMERS
[2012/12/16 18:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\%Installer_PublisherName%
[2012/12/16 18:55:55 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\SendSpace
[2012/12/16 18:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Browse2save
[2012/12/16 18:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/12/16 09:58:36 | 000,000,000 | ---D | C] -- C:\6db184c2eea4618f007265d9c03d
[2012/12/15 20:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/15 20:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/15 20:08:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/15 20:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/15 20:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/15 12:56:26 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/15 12:56:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/15 12:56:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/15 12:56:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/15 12:56:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/15 12:56:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/15 12:56:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/15 12:56:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/15 12:56:24 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/15 12:56:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/15 12:56:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/15 12:56:24 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/15 12:56:22 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/15 12:56:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/15 12:56:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/14 16:17:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/14 16:17:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/14 16:17:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/14 16:17:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/14 16:17:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/14 16:17:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/14 16:17:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/14 16:17:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/14 16:17:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/14 16:17:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/14 16:17:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/14 16:17:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/14 16:17:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/14 16:17:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/14 16:17:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/14 16:17:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/14 16:17:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/14 16:17:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/14 16:17:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/14 16:17:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/14 16:17:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/14 16:17:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/14 16:17:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/14 16:17:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/14 16:17:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/14 16:17:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/14 16:17:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/14 16:17:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/14 16:17:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/14 16:17:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/14 16:17:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/14 16:17:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/14 16:17:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/14 16:17:02 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/14 16:17:02 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/14 16:17:02 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/14 16:17:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/14 16:17:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/14 16:17:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/14 16:17:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/14 16:17:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/14 16:17:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/14 16:17:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/14 16:17:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/14 16:17:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/14 16:17:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/14 16:17:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/14 16:17:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/14 16:17:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/14 16:17:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/14 16:17:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/14 16:17:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/14 16:17:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/14 16:17:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/14 16:17:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/14 16:17:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/14 16:17:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/14 16:17:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/14 16:17:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/14 16:17:01 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/14 16:17:01 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/14 16:17:01 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/14 16:17:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/14 16:17:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/14 16:17:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/14 16:17:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/14 16:17:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/14 16:17:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/14 16:17:00 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/14 16:16:49 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/14 16:16:49 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/11 21:31:32 | 015,728,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/12/10 14:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/12/10 14:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/12/09 12:39:07 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\Malwarebytes
[2012/12/09 12:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

========== Files - Modified Within 30 Days ==========

[2013/01/07 20:49:02 | 056,545,692 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/07 20:49:02 | 020,058,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/07 20:49:02 | 000,006,274 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/07 20:47:32 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/07 20:47:31 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-123337139-2863389204-3785934037-1000UA.job
[2013/01/07 20:47:27 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/07 20:47:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/07 18:19:40 | 105,425,207 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/01/07 18:14:52 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNate.job
[2013/01/07 18:14:36 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Nate.job
[2013/01/07 18:14:35 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-123337139-2863389204-3785934037-1000Core.job
[2013/01/06 21:01:13 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/06 20:57:23 | 000,001,218 | ---- | M] () -- C:\Users\Nate\Desktop\Spybot - Search & Destroy.lnk
[2013/01/06 20:20:22 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/06 20:20:22 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/06 20:13:14 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Nate.job
[2013/01/06 20:12:34 | 2307,280,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/06 18:12:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/01/06 18:09:35 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/06 17:45:04 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Nate.job
[2013/01/06 09:48:08 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - Nate.job
[2013/01/04 17:51:42 | 000,583,616 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013/01/02 19:19:40 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2012/12/25 11:23:21 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/12/22 10:33:07 | 000,430,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/19 15:53:34 | 000,019,632 | ---- | M] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2012/12/16 11:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 08:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 08:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 08:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/15 20:09:19 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/12 12:38:15 | 000,002,477 | ---- | M] () -- C:\Users\Nate\Desktop\Google Chrome.lnk
[2012/12/11 21:31:43 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/11 21:31:43 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/11 21:31:32 | 015,728,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

========== Files Created - No Company Name ==========

[2013/01/06 20:57:23 | 000,001,218 | ---- | C] () -- C:\Users\Nate\Desktop\Spybot - Search & Destroy.lnk
[2013/01/06 18:12:28 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/01/06 18:12:22 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/01/06 18:09:35 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/31 15:34:59 | 000,001,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixillion Image Converter.lnk
[2012/12/19 20:37:32 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Nate.job
[2012/12/19 20:37:30 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Nate.job
[2012/12/19 20:37:28 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Nate.job
[2012/12/15 20:09:19 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/05 14:05:32 | 000,000,632 | ---- | C] () -- C:\Windows\hpomdl37.dat.temp
[2012/04/05 13:46:11 | 000,168,068 | ---- | C] () -- C:\Windows\hpoins37.dat
[2012/01/10 21:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/01/10 21:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/01/10 21:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/01/10 20:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/07/25 22:40:35 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/07/05 23:13:00 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/07/05 23:13:00 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/01/19 18:42:39 | 000,001,854 | ---- | C] () -- C:\Users\Nate\AppData\Roaming\GhostObjGAFix.xml
[2010/11/29 16:41:31 | 000,005,120 | ---- | C] () -- C:\Users\Nate\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/15 23:56:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/13 18:17:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/13 18:17:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/13 18:17:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/07/13 18:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/07/13 18:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/13 18:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Nate\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/12/04 19:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Nate\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/12/04 19:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Nate\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/12/04 19:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Nate\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/12/04 19:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/09/06 17:44:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/09/06 17:44:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/09/06 17:44:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/11/13 20:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/11/13 20:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/07/13 18:17:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/07/13 18:17:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/07/13 18:17:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/07/13 18:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/07/13 18:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/07/13 18:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\NATE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/12/04 19:15:17 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\NATE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/12/04 19:15:17 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\NATE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/12/04 19:15:17 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\NATE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/12/04 19:15:17 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/09/06 17:44:22 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/09/06 17:44:22 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/09/06 17:44:22 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/11/13 20:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/11/13 20:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

superfan84

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2013-01-08
Operating System : Windows 7

View user profile

Back to top Go down

Re: Possible keylogger infection

Post by superfan84 on Tue 08 Jan 2013, 2:59 pm


< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\ /s >

< %PROGRAMFILES%\*. >
[2013/01/02 19:19:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\adawaretb
[2011/06/21 17:26:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/06/14 19:23:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2011/03/24 15:49:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
[2012/05/03 13:51:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2010/11/19 17:22:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVS4YOU
[2010/12/24 22:30:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Babylon
[2012/05/06 22:19:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BitTorrent
[2011/10/15 13:49:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010/05/23 02:24:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2012/09/18 10:50:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2012/10/28 14:41:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2012/10/28 14:47:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2011/02/16 23:57:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
[2011/04/12 00:53:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DriverBoost
[2010/11/25 12:46:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Duplicate Finder
[2010/11/25 13:21:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Duplicate Finder 2009
[2011/06/20 18:31:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVD Flick
[2010/11/19 16:41:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVDVideoSoft
[2011/04/29 12:25:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Elaborate Bytes
[2010/08/16 12:07:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ExtractNow
[2012/03/08 15:40:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\fbphotozoom
[2012/12/31 15:31:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\File Scout
[2011/07/25 22:40:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free Easy Burner
[2012/09/01 15:10:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Freecorder
[2012/09/17 19:03:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Freemake
[2012/07/30 12:32:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010/12/05 22:38:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google Video
[2011/09/14 17:32:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2012/10/28 14:44:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP
[2010/11/21 01:13:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2010/12/30 00:30:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ImgBurn
[2011/04/29 21:07:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Inkscape
[2012/12/06 22:27:40 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/08/29 13:02:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2012/12/15 17:04:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/12/15 20:09:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2012/10/23 15:38:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2012/09/01 16:15:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lame For Audacity
[2013/01/06 18:09:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/19 15:33:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Michael K. Weise
[2010/09/06 18:54:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/04/29 16:33:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Expression
[2010/09/06 18:57:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2011/04/29 16:31:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SDKs
[2013/01/06 18:12:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Security Client
[2012/05/24 02:01:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/09/06 18:57:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/09/06 18:57:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/09/06 18:57:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/09/06 18:55:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/12/02 16:57:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/11/29 16:30:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Movie Maker 2.6
[2012/07/27 17:55:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2012/07/27 17:45:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2010/09/06 18:58:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/08/29 20:22:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache
[2010/05/23 02:29:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSN
[2012/04/07 08:58:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2012/12/31 15:34:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NCH Software
[2010/11/22 01:42:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NCH Swift Sound
[2010/06/30 23:03:28 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2011/04/12 00:42:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PCPitstop
[2012/12/06 14:37:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Perion
[2012/12/10 14:29:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2012/09/04 13:26:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real
[2011/01/12 19:12:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/12/24 22:29:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ScenicReflections
[2013/01/07 19:06:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Security Task Manager
[2010/07/15 23:51:35 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2013/01/06 20:57:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/04/10 00:47:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2013/01/02 19:19:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Toolbar Cleaner
[2010/10/08 01:49:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Trader's Little Helper
[2009/07/13 22:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/11/02 20:49:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2010/12/05 12:46:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\vShare
[2011/12/11 12:34:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\vShare.tv plugin
[2011/09/14 17:33:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WallpaperScreensavers.net
[2012/03/27 10:53:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Winamp
[2012/03/27 10:53:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Winamp Detect
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/04/01 10:48:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/06/23 11:39:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/06/23 11:39:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/06/23 11:39:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/06/23 11:39:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/06/23 11:39:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011/05/19 17:57:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinZip
[2011/07/05 23:12:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Xvid
[2012/09/19 15:00:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!

< %appdata%\*.* >
[2011/08/24 16:28:32 | 000,001,854 | ---- | M] () -- C:\Users\Nate\AppData\Roaming\GhostObjGAFix.xml

< MD5 for: AFD.SYS >
[2011/12/27 21:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 21:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 22:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2010/11/20 03:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 20:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/04/24 21:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2012/06/01 22:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2012/04/23 22:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2010/11/20 07:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2012/04/23 22:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/04/23 23:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2012/06/04 01:52:35 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=7E7D2DACF65D750D466F36BD3D09AE20 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_d4ab184aca903d4f\cryptsvc.dll
[2012/06/01 22:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\SysWOW64\cryptsvc.dll
[2012/06/01 22:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2012/06/01 23:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=9C01375BE382E834CC26D1B7EAF2C4FE -- C:\Windows\SysNative\cryptsvc.dll
[2012/06/01 23:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=9C01375BE382E834CC26D1B7EAF2C4FE -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_d3fc6569b18d7211\cryptsvc.dll
[2010/11/20 06:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2012/04/23 23:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\SysNative\dnsrslvr.dll
[2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
[2011/03/03 00:12:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
[2010/11/20 07:26:07 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll

< MD5 for: ES.DLL >
[2012/10/31 16:14:04 | 000,008,728 | ---- | M] () MD5=07C0EEFCED87271FD2844DA8EE8B6042 -- C:\Users\Nate\AppData\Local\Google\Chrome\Application\23.0.1271.64\Locales\es.dll
[2012/08/17 16:27:53 | 000,008,728 | ---- | M] () MD5=328868A14EB90E6A8EA9F3FC59FC49BB -- C:\Users\Nate\AppData\Local\Google\Chrome\Application\21.0.1180.83\Locales\es.dll
[2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
[2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[2012/10/10 04:05:14 | 000,008,728 | ---- | M] () MD5=543EC1FF66953631A17477AEC9C7A111 -- C:\Users\Nate\AppData\Local\Google\Chrome\Application\22.0.1229.94\Locales\es.dll
[2012/12/04 19:14:39 | 000,009,320 | ---- | M] () MD5=8A0A276C92283AFB871B8D692C207C23 -- C:\Users\Nate\AppData\Local\Google\Chrome\Application\23.0.1271.97\Locales\es.dll
[2012/10/03 19:14:58 | 000,008,728 | ---- | M] () MD5=CA2C5AA0DAC841157AE8680A48700073 -- C:\Users\Nate\AppData\Local\Google\Chrome\Application\22.0.1229.92\Locales\es.dll
[2012/11/13 20:10:22 | 000,009,320 | ---- | M] () MD5=CE1DEB45766BDE8ABBC90A4F780F2974 -- C:\Users\Nate\AppData\Local\Google\Chrome\Application\23.0.1271.91\Locales\es.dll
[2012/11/27 21:42:40 | 000,009,320 | ---- | M] () MD5=CFEBBFA78448CCD8E6EFE1F1062F1AB9 -- C:\Users\Nate\AppData\Local\Google\Chrome\Application\23.0.1271.95\Locales\es.dll
[2012/08/29 20:57:44 | 000,008,728 | ---- | M] () MD5=F01EB2548FC7BAEC80C00941089000DE -- C:\Users\Nate\AppData\Local\Google\Chrome\Application\21.0.1180.89\Locales\es.dll
[2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
[2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll
[2012/09/25 03:41:57 | 000,008,728 | ---- | M] () MD5=FABB2C5368FC626FB1D2A214028DF8EF -- C:\Users\Nate\AppData\Local\Google\Chrome\Application\22.0.1229.79\Locales\es.dll

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
[2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010/11/20 03:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 03:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys

< MD5 for: NETMAN.DLL >
[2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
[2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

< MD5 for: QMGR.DLL >
[2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2012/10/03 11:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\SysNative\drivers\tcpip.sys
[2012/10/03 11:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2011/09/29 11:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010/11/20 07:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2012/08/22 12:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012/03/30 04:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2011/04/24 23:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/06/21 00:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2012/03/30 05:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2011/04/25 00:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2012/10/03 11:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2011/06/21 00:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2012/08/22 12:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[2011/09/29 10:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: TDX.SYS >
[2010/11/20 03:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/20 03:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 07:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 07:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 07:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 19:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 19:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WMISVC.DLL >
[2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\SysNative\wbem\WMIsvc.dll
[2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\SysNative\wscsvc.dll
[2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll

< End of report >

superfan84

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2013-01-08
Operating System : Windows 7

View user profile

Back to top Go down

Re: Possible keylogger infection

Post by superfan84 on Tue 08 Jan 2013, 3:00 pm

OTL Extras logfile created on: 1/7/2013 8:52:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nate\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 47.52% Memory free
5.73 Gb Paging File | 3.28 Gb Available in Paging File | 57.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.34 Gb Total Space | 83.04 Gb Free Space | 38.03% Space Free | Partition Type: NTFS
Drive D: | 14.25 Gb Total Space | 2.35 Gb Free Space | 16.51% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.26 Mb Free Space | 96.04% Space Free | Partition Type: FAT32

Computer Name: NATE-PC | User Name: Nate | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Generate MD5 Signatures] -- "C:\Program Files (x86)\Michael K. Weise\mkw Audio Compression Toolkit\mkwACT.exe" (Michael K. Weise)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Generate MD5 Signatures] -- "C:\Program Files (x86)\Michael K. Weise\mkw Audio Compression Toolkit\mkwACT.exe" (Michael K. Weise)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A1C23B5-A2AE-4294-8D1A-05A1B9DF5F24}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2D6CCA5C-757C-4E36-B467-DC3688344563}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{39A7EABD-B83F-46F3-ACF8-A13C0652A456}" = lport=137 | protocol=17 | dir=in | app=system |
"{50306043-8FCF-4A47-885B-40E2A598CBDA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{736935E5-CF62-418C-A380-A2969500506F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7CA9B7FC-AF73-44A7-BAAE-A351FA221967}" = rport=445 | protocol=6 | dir=out | app=system |
"{7F7D460A-DAE0-45C2-9D72-9FBF69D9FFD2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{81A89AB8-D394-4DAA-81BD-9A90A3663A47}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{86333157-3432-4D84-B62F-8A5AFD7493E2}" = lport=139 | protocol=6 | dir=in | app=system |
"{8D4E6A93-DB40-4966-A237-425C905AFD89}" = rport=139 | protocol=6 | dir=out | app=system |
"{944B5C80-42C4-43A6-9721-58CDA65CF053}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{993D87F0-E65A-4FAE-A09A-475A2214B2CD}" = lport=138 | protocol=17 | dir=in | app=system |
"{B7509F30-F16C-4A4E-9AB4-F7C10B90FF5C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B821CBD7-7E87-4127-9E7D-F82548C5FDDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BD7A193A-14DD-44B5-BAE6-512FF7D3ADBD}" = rport=138 | protocol=17 | dir=out | app=system |
"{C105E0BD-CF9A-4373-83A1-76C6B6193155}" = rport=137 | protocol=17 | dir=out | app=system |
"{EA3325DC-4C37-413C-B504-9977C9EF504F}" = lport=445 | protocol=6 | dir=in | app=system |
"{F02D133A-9E74-42C4-AD03-33C81E012690}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0154FF29-1B58-4041-8264-B0974CFC360F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{0857EA63-E978-4825-9EBD-60654C4B4D37}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{089728AE-11CE-4969-B0DD-E822E9297956}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{0B59FD3B-2890-4D1F-A8FA-502658D75A48}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{0C3C928A-4977-4ABA-8575-E1A86B4E1BEA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CB0CE3D-504C-466F-9EA4-D1A6AD0DA862}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{10BB7611-7940-41A0-A078-26CB248EF3DE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{1259667C-3EB8-4D74-9C2A-7473AC7CCEE8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1306E3C5-5F20-4DEC-B27F-8B5FD3601213}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{14C64EC7-1EE0-4B35-9C30-7BA34F952EDC}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{1D32A7E7-9FBD-4D0F-8063-6B29A6867703}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{22CE8113-7E4B-4FBE-B255-9E3418780C4D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{29ECCBAF-FB3F-4BF8-85FC-255B6339BF9A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{32707E2A-25F8-4B37-83D5-38CF8130C99E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{3369ADDB-2318-45A6-864C-78B54C30D36C}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{34864BCB-59C8-4041-AB31-A3D073DC42D4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3B98A56A-FFD8-4888-8B02-B8F3F7466B91}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{415887C6-3B48-48C4-B781-3C2479CEEF39}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{45F51627-BBE2-4C01-9A25-A20FF98AF88F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{4850B247-7E68-4B0C-AC0B-7AD8C99B0E8E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{4D983306-5433-41AA-B7B6-37DB7278A1C4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{571591CF-74A7-42FA-90C2-3D84802927CC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{60308022-63D3-46CD-A938-B8EF2176DB39}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{62FF027E-02D1-46E9-B095-3117994DDBA6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6380EB6B-9A90-4087-AFDF-364E90E2719B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{653F5714-D495-40EF-9B35-F6B003A0B1A3}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{74D975FD-E9E9-421B-BFA0-36DFE38D7E41}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{7582C76D-D67B-4EFE-BF73-07455F30ECCE}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{7B0678DD-AB08-45A7-878F-585AE261171A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{866E745D-16FA-46D6-ABB3-BEBE8DAFE819}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{88512E4B-2B8D-4691-8EF7-228BF92AB4DF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{889C0856-1E7D-4902-B325-06526994B467}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{88F99D34-D3B1-4C7D-89E8-52ACF0011B91}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{89478776-6132-4CFE-B43E-1C486218F3DC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{8B894E7D-D44D-498B-918F-D4525B09C7F0}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{8C163AC1-9223-4480-AFCE-7E1AD911C7B4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{91646D8A-8359-457E-A392-0B2AFFE6985E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{989F02EA-F507-48B5-8B8C-7046113C6092}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98B8EA50-7C0D-44BE-985D-2CB1DF3BE739}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9AE1288F-9DB9-4E80-A3CB-27D0B0371C1B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A3DCFA13-B7C1-4058-900C-CA6AFACCA6A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A45DB7B1-4C64-4FC6-9B33-80758E11E548}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{A4630606-1344-41F4-B487-379CAE513AC4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{AAF9EF75-5A06-4033-9918-69D1C7DC0C15}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B38A6041-3496-4AB7-A06B-7E480BA15476}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{BA0F2921-99FC-4D11-8D43-07315320AA30}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{BDC8B717-6478-4285-B75E-0BEE18AD711A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C4AEC742-2A3B-435B-93C9-D9AC525BB371}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{C6ECE766-4D94-43C7-BF79-E822D9F41C80}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{CC9FEFCF-D051-4C77-85B6-F60999A12BB6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{D07193BD-31B2-472F-B397-F47034AA8902}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{DC30471C-A941-4972-A60D-1A33C421373C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E885AA14-F7D1-4C8B-907C-A9C325F96238}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{EA4F4A44-FB51-4EC6-B367-6EE394CD0625}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{EE5E8114-BB6D-47A3-BAD4-F904732461EA}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{F170C801-3E5B-42DB-855F-2B4F548B2670}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{F3B2F286-166E-4FCA-AE6D-E2EE7EDA7691}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{F5849B68-B607-435F-97DD-7D9CDE4CE35D}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{F59BAF51-6F14-4154-B8A3-C63B3E809012}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{FA146934-187F-4B3D-9AA8-5D1C3B35F640}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{FACA7C96-CD73-4E10-9AB5-0282F9DF1DD1}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"TCP Query User{1150DF91-47C0-4D49-A8F0-962CCE1B9473}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{4C36FE45-061C-4C1D-AAF8-1135E2D16FD1}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{90096033-C5B3-4B25-A437-58A43D815877}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{ABE3E15A-F135-43C1-9DFF-545A256051C2}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{C36D2AAF-74D1-4224-9E47-A5D5CDEDF657}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{E4F27E60-0BA3-431D-A82E-481861996E4F}C:\users\nate\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\nate\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{F5998020-BB04-43FC-8075-F9B4314099B2}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{232DEA27-67A8-4263-89AC-6BC68E6B2237}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{4BEF1BD8-E564-433A-A3B2-307A391FC28B}C:\users\nate\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\nate\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{BBEFE1F2-2466-42B7-A939-0936C0B2DA5E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{C3398A22-C0B0-456F-84DC-4267FD033B9F}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{CD7DB931-60B4-46EA-B0D6-2FA4B8DDF3B4}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{DD00C02E-9609-4BE5-A20E-D60D933A2046}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{E6FA05AB-7763-439D-A9AF-736588653CA5}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.530
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D9D2CAB2-C726-4372-9F05-51B906C802B5}" = AVG 2012
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"AVG" = AVG 2012
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON Printer Software
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WNLT" = IB Updater Service

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216014F0}" = Java(TM) 6 Update 14
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B322F4F-F403-4975-AB54-530459472148}" = Skype Toolbars
"{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}" = DriverBoost
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{48A25E19-D9AE-4BBE-9411-6F4C5D328B39}" = Skype™ Beta 5.0
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{9A4317FB-5775-4FB3-BDC9-995595106F1F}" = HP User Guides 0178
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9A43C0C-F274-4EC0-B02E-202C15C09C00}" = HP Wireless Assistant
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"BitTorrent" = BitTorrent
"Blend_4.0.20525.0" = Microsoft Expression Blend 4
"Design_7.0.20516.0" = Microsoft Expression Design 4
"Duplicate Finder 2009_is1" = Duplicate Finder 2009 v2.5.0.0
"Duplicate Finder_is1" = Duplicate Finder
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Encoder_4.0.1639.0" = Microsoft Expression Encoder 4
"ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4
"ExtractNow_is1" = ExtractNow
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Easy Burner_is1" = Free Easy Burner V 5.0
"Free Video Dub_is1" = Free Video Dub version 1.8
"Free YouTube Download_is1" = Free YouTube Download 2.10
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"Freecorder_1.0" = Freecorder 2.3 (with Skype Call Recording)
"Google Video Uploader" = Google Video Uploader
"Groovedown" = Groovedown
"HP Smart Web Printing" = HP Smart Web Printing
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"mkwACT" = mkw Audio Compression Toolkit
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PC Pitstop Driver Alert2_is1" = PC Pitstop Driver Alert2 2.0.0.0
"Pixillion" = Pixillion Image Converter
"RealPlayer 15.0" = RealPlayer
"Security Task Manager" = Security Task Manager 1.8f
"Switch" = Switch Sound File Converter
"ToolBox" = NCH Toolbox
"TradersLittleHelper_is1" = Trader's Little Helper 2.6.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.2
"vShare" = vShare Plugin
"vShare.tv plugin" = vShare.tv plugin 1.3
"Web_4.0.1303.0" = Microsoft Expression Web 4
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WT082172" = Polar Bowler
"WT082189" = Wheel of Fortune 2
"Xvid Video Codec 1.3.1" = Xvid Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/20/2011 7:09:51 AM | Computer Name = Nate-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 11/20/2011 12:35:02 PM | Computer Name = Nate-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 11/20/2011 12:35:02 PM | Computer Name = Nate-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 11/20/2011 1:50:34 PM | Computer Name = Nate-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 11/20/2011 1:50:34 PM | Computer Name = Nate-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 11/20/2011 3:35:27 PM | Computer Name = Nate-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 11/20/2011 3:35:27 PM | Computer Name = Nate-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 11/20/2011 7:49:48 PM | Computer Name = Nate-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 11/20/2011 7:49:48 PM | Computer Name = Nate-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 11/20/2011 8:28:50 PM | Computer Name = Nate-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 11/20/2011 8:28:50 PM | Computer Name = Nate-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

[ Hewlett-Packard Events ]
Error - 5/12/2011 12:43:38 AM | Computer Name = Nate-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051111114335.xml
File not created by asset agent

Error - 6/1/2011 11:11:13 PM | Computer Name = Nate-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061101101109.xml
File not created by asset agent

Error - 6/15/2011 6:58:04 PM | Computer Name = Nate-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061115055801.xml
File not created by asset agent

Error - 6/22/2011 9:03:58 PM | Computer Name = Nate-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061122080355.xml
File not created by asset agent

Error - 6/30/2011 1:18:29 AM | Computer Name = Nate-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061130121823.xml
File not created by asset agent

Error - 6/30/2011 1:18:33 AM | Computer Name = Nate-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061130121829.xml
File not created by asset agent

Error - 7/20/2011 6:52:45 PM | Computer Name = Nate-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071120055241.xml
File not created by asset agent

Error - 8/10/2011 11:59:27 PM | Computer Name = Nate-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081110105924.xml
File not created by asset agent

Error - 8/18/2011 9:35:44 AM | Computer Name = Nate-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081118083541.xml
File not created by asset agent

Error - 8/24/2011 6:28:29 PM | Computer Name = Nate-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081124052826.xml
File not created by asset agent

[ Media Center Events ]
Error - 3/8/2011 10:52:02 AM | Computer Name = Nate-PC | Source = MCUpdate | ID = 0
Description = 8:52:00 AM - Error connecting to the internet. 8:52:00 AM - Unable
to contact server..

Error - 4/17/2011 3:07:10 PM | Computer Name = Nate-PC | Source = MCUpdate | ID = 0
Description = 2:07:10 PM - Error connecting to the internet. 2:07:10 PM - Unable
to contact server..

Error - 4/17/2011 3:07:25 PM | Computer Name = Nate-PC | Source = MCUpdate | ID = 0
Description = 2:07:15 PM - Error connecting to the internet. 2:07:15 PM - Unable
to contact server..

[ System Events ]
Error - 1/2/2013 9:14:48 PM | Computer Name = Nate-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 1/2/2013 11:28:28 PM | Computer Name = Nate-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:26:11 PM on ?1/?2/?2013 was unexpected.

Error - 1/2/2013 11:28:33 PM | Computer Name = Nate-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 1/5/2013 3:22:31 PM | Computer Name = Nate-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:21:40 PM on ?1/?5/?2013 was unexpected.

Error - 1/5/2013 3:22:33 PM | Computer Name = Nate-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 1/6/2013 11:54:15 AM | Computer Name = Nate-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:52:44 AM on ?1/?6/?2013 was unexpected.

Error - 1/6/2013 11:54:19 AM | Computer Name = Nate-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 1/6/2013 1:38:49 PM | Computer Name = Nate-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the RtVOsdService service.

Error - 1/6/2013 10:13:07 PM | Computer Name = Nate-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 1/7/2013 8:34:15 AM | Computer Name = Nate-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the RtVOsdService service.


< End of report >

superfan84

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2013-01-08
Operating System : Windows 7

View user profile

Back to top Go down

Re: Possible keylogger infection

Post by DragonMaster Jay on Tue 08 Jan 2013, 6:13 pm

Hi there. Welcome to the forums!

ComboFix scan

Please download ComboFix by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:

  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Possible keylogger infection

Post by superfan84 on Wed 09 Jan 2013, 9:29 am

ComboFix 13-01-08.01 - Nate 01/08/2013 16:17:34.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2934.1681 [GMT -6:00]
Running from: c:\users\Nate\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-08 to 2013-01-08 )))))))))))))))))))))))))))))))
.
.
2013-01-08 22:24 . 2013-01-08 22:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-08 01:06 . 2013-01-08 01:10 -------- d-----w- c:\programdata\SecTaskMan
2013-01-08 01:06 . 2013-01-08 01:06 -------- d-----w- c:\program files (x86)\Security Task Manager
2013-01-08 00:25 . 2012-11-08 15:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F84B97B0-7C3A-4D67-92A9-EA07CD08473B}\mpengine.dll
2013-01-07 02:57 . 2013-01-07 04:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-07 02:57 . 2013-01-07 02:57 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-01-07 00:14 . 2013-01-07 00:14 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8288CF43-2B75-4AE7-9D2E-E509AD5AD25B}\gapaengine.dll
2013-01-07 00:14 . 2012-11-08 15:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-07 00:12 . 2013-01-07 00:12 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-01-07 00:12 . 2013-01-07 00:12 -------- d-----w- c:\program files\Microsoft Security Client
2013-01-07 00:09 . 2013-01-07 00:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-07 00:09 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-03 01:23 . 2013-01-03 01:23 -------- d-----w- c:\users\Nate\AppData\Roaming\LavasoftStatistics
2013-01-03 01:19 . 2013-01-03 01:19 -------- d-----w- c:\users\Nate\AppData\Local\Downloaded Installations
2013-01-03 01:19 . 2013-01-03 01:19 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-01-03 01:19 . 2013-01-03 01:19 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-12-31 21:35 . 2012-12-31 21:35 -------- d-----w- c:\programdata\NCH Software
2012-12-31 21:31 . 2012-12-19 21:53 19632 ----a-w- c:\windows\system32\roboot64.exe
2012-12-31 21:31 . 2012-12-31 21:31 -------- d-----w- c:\program files (x86)\File Scout
2012-12-22 16:16 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 16:16 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 16:16 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 16:16 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-17 01:35 . 2012-12-17 01:35 -------- d-----w- c:\users\Nate\AppData\Roaming\IBMERS
2012-12-17 00:56 . 2012-12-17 00:56 -------- d-----w- c:\programdata\%Installer_PublisherName%
2012-12-17 00:55 . 2012-12-17 00:55 -------- d-----w- c:\users\Nate\AppData\Roaming\SendSpace
2012-12-17 00:55 . 2013-01-01 19:10 -------- d-----w- c:\programdata\Browse2save
2012-12-16 15:58 . 2012-12-16 15:58 -------- d-----w- C:\6db184c2eea4618f007265d9c03d
2012-12-16 02:08 . 2012-12-16 02:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-16 02:08 . 2012-12-16 02:09 -------- d-----w- c:\program files\iTunes
2012-12-16 02:08 . 2012-12-16 02:09 -------- d-----w- c:\program files (x86)\iTunes
2012-12-16 02:08 . 2012-12-16 02:08 -------- d-----w- c:\program files\iPod
2012-12-14 22:18 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-14 22:18 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-14 22:18 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-14 22:16 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-14 22:16 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-10 20:29 . 2012-12-10 20:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-10 20:29 . 2012-12-10 20:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-10 20:29 . 2012-12-10 20:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-10 20:29 . 2012-12-10 20:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-10 20:29 . 2012-12-10 20:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-10 20:29 . 2012-12-10 20:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-10 20:29 . 2012-12-10 20:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-12-10 20:29 . 2012-12-10 20:29 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 21:26 . 2012-09-14 21:24 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-08 21:26 . 2012-09-14 21:24 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 15:58 . 2010-07-01 15:21 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-11-27 21:11 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 21:11 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 21:11 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-09-04 296096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-01 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [2009-06-26 85504]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-01-03 14456]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-11-26 140672]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-03-21 68928]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-09-29 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-03-05 271872]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2011-09-08 1225832]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-14 21:26]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-16 05:34]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-16 05:34]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-123337139-2863389204-3785934037-1000Core.job
- c:\users\Nate\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 23:56]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-123337139-2863389204-3785934037-1000UA.job
- c:\users\Nate\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 23:56]
.
2013-01-08 c:\windows\Tasks\HPCeeScheduleForNate.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
2013-01-06 c:\windows\Tasks\ReclaimerUpdateFiles_Nate.job
- c:\users\Nate\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-19 23:34]
.
2013-01-08 c:\windows\Tasks\ReclaimerUpdateXML_Nate.job
- c:\users\Nate\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-19 23:34]
.
2013-01-08 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Nate.job
- c:\users\Nate\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-19 23:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-05-16 172032]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-01-29 6160928]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uLocal Page = c:\windows\system32\blank.htm
mStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Nate\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Nate\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\zl4hg3uv.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - EasyLife
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - ExtSQL: 2012-12-06 14:33; [You must be registered and logged in to see this link.]; c:\users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\zl4hg3uv.default\extensions\crossriderapp4493@crossrider.com
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Freecorder_1.0 - c:\windows\iun6002.exe
AddRemove-vShare.tv plugin - c:\program files (x86)\vShare.tv plugin\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-123337139-2863389204-3785934037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ÆR}]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-123337139-2863389204-3785934037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ÆR}\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-08 16:27:00
ComboFix-quarantined-files.txt 2013-01-08 22:26
.
Pre-Run: 88,411,963,392 bytes free
Post-Run: 88,419,110,912 bytes free
.
- - End Of File - - 5097EDDDFA506C4D71AE69BEC5DF8EB0

superfan84

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2013-01-08
Operating System : Windows 7

View user profile

Back to top Go down

Re: Possible keylogger infection

Post by DragonMaster Jay on Thu 10 Jan 2013, 6:26 am

OTL Quick Scan

Please download OTL by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Quick Scan button and let the program run uninterrupted.
  • It will produce a log for you called OTL.txt, please post it in your next reply.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Possible keylogger infection

Post by superfan84 on Thu 10 Jan 2013, 9:44 am

OTL logfile created on: 1/9/2013 4:29:23 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nate\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 53.90% Memory free
5.73 Gb Paging File | 4.12 Gb Available in Paging File | 71.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.34 Gb Total Space | 82.31 Gb Free Space | 37.70% Space Free | Partition Type: NTFS
Drive D: | 14.25 Gb Total Space | 2.35 Gb Free Space | 16.51% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.26 Mb Free Space | 96.04% Space Free | Partition Type: FAT32

Computer Name: NATE-PC | User Name: Nate | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/09 16:28:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nate\Downloads\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/04 13:26:28 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 02:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2009/09/30 22:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 22:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/11/26 16:25:16 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/06/24 14:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/01/18 16:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/08 15:26:47 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/13 18:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/08/29 20:11:37 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 22:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 22:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/26 08:26:20 | 000,085,504 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/02 19:19:40 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/24 14:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/26 02:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/04/19 03:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 03:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/01/10 21:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/23 12:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 12:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 12:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/08 00:46:56 | 001,225,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 10:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/29 14:27:27 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/03/05 13:57:18 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/10/13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/22 19:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/09/22 19:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{5A6FBCC2-3485-4773-984B-D66A4564AD03}: "URL" = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}: "URL" = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\..\SearchScopes\{D70E5D87-215E-4081-A84A-033423333630}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\%EasyLifeSearch_IESearchEngineGuid%: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{3C9AC5C3-49DF-4C99-9DAC-D76DCDE97281}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{5A6FBCC2-3485-4773-984B-D66A4564AD03}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{B7DA5F9E-2BB0-4756-9DFB-938E986A309C}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{D70E5D87-215E-4081-A84A-033423333630}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\%EasyLifeSearch_IESearchEngineGuid%: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{3C9AC5C3-49DF-4C99-9DAC-D76DCDE97281}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{5A6FBCC2-3485-4773-984B-D66A4564AD03}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{9D1C9581-1496-6401-B0E1-B5AB23A42B87}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{ADDF54DE-F992-4DAD-8229-7985F3CF69C9}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{B7DA5F9E-2BB0-4756-9DFB-938E986A309C}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{B830A30B-C643-402E-8604-4AE1A2A05CAC}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{D70E5D87-215E-4081-A84A-033423333630}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "u-Search"
FF - prefs.js..browser.search.defaultenginename: "EasyLife"
FF - prefs.js..browser.search.defaulturl: "http://search.easylifeapp.com/?q="
FF - prefs.js..browser.search.order.1: "EasyLife"
FF - prefs.js..browser.search.selectedEngine: "EasyLife"
FF - prefs.js..browser.startup.homepage: "http://search.easylifeapp.com/"
FF - prefs.js..extensions.enabledAddons: [You must be registered and logged in to see this link.]:1.4.2
FF - prefs.js..extensions.enabledAddons: [You must be registered and logged in to see this link.]:6.2
FF - prefs.js..extensions.enabledAddons: [You must be registered and logged in to see this link.]:6.2
FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
FF - prefs.js..keyword.URL: "http://search.easylifeapp.com/?q="
FF - prefs.js..browser.search.order.1,S: S", "EasyLife"
FF - prefs.js..browser.search.defaultenginename,S: S", "EasyLife"
FF - prefs.js..browser.search.selectedEngine,S: S", "EasyLife"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nate\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nate\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/16 06:10:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files (x86)\fbphotozoom\fbphotozoom13.xpi [2012/03/08 15:40:46 | 000,102,233 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/15 22:56:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/09/15 22:56:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/02 19:19:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/09/17 19:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nate\AppData\Roaming\Mozilla\Extensions
[2013/01/07 21:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\zl4hg3uv.default\extensions
[2012/10/28 14:41:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\zl4hg3uv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/07/27 17:50:01 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\zl4hg3uv.default\extensions\ich@maltegoetz.de
[2013/01/02 19:19:21 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\zl4hg3uv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/09/17 19:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/19 11:14:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012/09/15 22:56:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/15 22:56:39 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\NATE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZL4HG3UV.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
File not found (No name found) -- C:\USERS\NATE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZL4HG3UV.DEFAULT\EXTENSIONS\CROSSRIDERAPP4493@CROSSRIDER.COM
[2012/07/13 18:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/13 18:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/13 18:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: [You must be registered and logged in to see this link.]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: [You must be registered and logged in to see this link.]
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nate\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nate\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nate\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromePI.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\npbrowserext.dll
CHR - plugin: Perion plugin (Disabled) = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: YouTube = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: FBPHOTOZOOM = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\2.2_0\
CHR - Extension: AVG Do Not Track = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Gmail = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/08 16:24:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Nate\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Nate\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Nate\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Nate\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Value error. File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 10.7.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [You must be registered and logged in to see this link.] (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B56B5944-BD05-4809-A756-566BD6292AF6}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/08 16:33:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/08 16:27:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/08 16:15:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/08 16:15:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/08 16:15:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/08 16:12:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/08 16:11:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/07 21:13:45 | 000,000,000 | ---D | C] -- C:\Users\Nate\Desktop\OTL Logs
[2013/01/07 19:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013/01/07 19:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2013/01/07 19:06:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2013/01/06 20:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/01/06 20:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/01/06 20:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/01/06 18:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/01/06 18:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/01/06 18:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/06 18:09:33 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/06 18:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/02 19:23:44 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\LavasoftStatistics
[2013/01/02 19:19:46 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Local\Downloaded Installations
[2013/01/02 19:19:40 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/01/02 19:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/01/02 19:15:38 | 000,000,000 | ---D | C] -- C:\Users\Nate\Desktop\DMB 12-5-2012
[2012/12/31 15:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012/12/31 15:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012/12/31 15:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphics Related Programs
[2012/12/31 15:31:08 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2012/12/31 15:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scout
[2012/12/20 21:18:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/12/16 19:35:07 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\IBMERS
[2012/12/16 18:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\%Installer_PublisherName%
[2012/12/16 18:55:55 | 000,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\SendSpace
[2012/12/16 18:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Browse2save
[2012/12/16 09:58:36 | 000,000,000 | ---D | C] -- C:\6db184c2eea4618f007265d9c03d
[2012/12/15 20:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/15 20:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/15 20:08:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/15 20:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/15 20:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

========== Files - Modified Within 30 Days ==========

[2013/01/09 16:34:19 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/09 16:34:19 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/09 16:32:35 | 105,573,919 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/01/09 16:27:25 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/09 16:27:17 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Nate.job
[2013/01/09 16:26:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/09 16:26:27 | 2307,280,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/09 16:24:20 | 056,596,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/09 16:24:19 | 020,076,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/09 16:24:18 | 000,006,274 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/09 16:24:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/09 16:21:41 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/09 16:21:26 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-123337139-2863389204-3785934037-1000UA.job
[2013/01/08 18:18:15 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Nate.job
[2013/01/08 16:46:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-123337139-2863389204-3785934037-1000Core.job
[2013/01/08 16:46:01 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Nate.job
[2013/01/08 16:24:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/07 18:14:52 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNate.job
[2013/01/06 20:57:23 | 000,001,218 | ---- | M] () -- C:\Users\Nate\Desktop\Spybot - Search & Destroy.lnk
[2013/01/06 18:12:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/01/06 18:09:35 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/04 17:51:42 | 000,583,616 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013/01/02 19:19:40 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2012/12/25 11:23:21 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/12/22 10:33:07 | 000,430,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/19 15:53:34 | 000,019,632 | ---- | M] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2012/12/15 20:09:19 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/12 12:38:15 | 000,002,477 | ---- | M] () -- C:\Users\Nate\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2013/01/08 16:15:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/08 16:15:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/08 16:15:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/08 16:15:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/08 16:15:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/06 20:57:23 | 000,001,218 | ---- | C] () -- C:\Users\Nate\Desktop\Spybot - Search & Destroy.lnk
[2013/01/06 18:12:28 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/01/06 18:12:22 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/01/06 18:09:35 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/31 15:34:59 | 000,001,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixillion Image Converter.lnk
[2012/12/19 20:37:32 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Nate.job
[2012/12/19 20:37:30 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Nate.job
[2012/12/19 20:37:28 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Nate.job
[2012/12/15 20:09:19 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/05 14:05:32 | 000,000,632 | ---- | C] () -- C:\Windows\hpomdl37.dat.temp
[2012/04/05 13:46:11 | 000,168,068 | ---- | C] () -- C:\Windows\hpoins37.dat
[2012/01/10 21:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/01/10 21:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/01/10 21:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/01/10 20:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/07/25 22:40:35 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/07/05 23:13:00 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/07/05 23:13:00 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/01/19 18:42:39 | 000,001,854 | ---- | C] () -- C:\Users\Nate\AppData\Roaming\GhostObjGAFix.xml
[2010/11/29 16:41:31 | 000,005,120 | ---- | C] () -- C:\Users\Nate\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/15 23:56:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/11/19 17:30:19 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\AnvSoft
[2012/09/01 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Audacity
[2012/05/03 13:58:53 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\AVG2012
[2012/12/29 13:52:59 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\BitTorrent
[2011/06/21 17:26:25 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011/04/10 00:12:34 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\DeviceDoctorSoftware
[2011/04/29 21:01:15 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Downloaded Installations
[2012/10/28 14:41:33 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\DVDVideoSoft
[2011/03/28 13:10:44 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/07/25 23:12:30 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\FreeBurner
[2011/01/16 20:19:19 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\GetRightToGo
[2012/09/15 22:56:34 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Groovedown
[2012/09/15 22:56:34 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Groovedown_Uninstall
[2012/12/16 19:35:07 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\IBMERS
[2011/01/04 00:02:45 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\ImgBurn
[2011/04/29 21:04:48 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\inkscape
[2011/01/14 20:00:21 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\iScreensaver
[2010/11/02 22:42:19 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\muvee Technologies
[2010/10/28 12:42:40 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\NCH Swift Sound
[2011/04/29 21:06:45 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Nitro PDF
[2012/12/06 22:26:56 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Orbit
[2011/09/19 14:54:56 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Philipp Winterberg
[2012/12/06 14:38:04 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\ProgSense
[2012/12/16 18:55:55 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\SendSpace
[2011/03/23 19:17:33 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\SharePod
[2010/09/06 18:34:53 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\SoftGrid Client
[2010/12/13 19:18:03 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\StreamTorrent
[2010/09/02 15:06:09 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\TP
[2011/01/25 13:04:56 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\WeatherBug
[2011/07/09 09:35:57 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\WhiteSmoke
[2010/12/08 17:02:29 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >

superfan84

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2013-01-08
Operating System : Windows 7

View user profile

Back to top Go down

Re: Possible keylogger infection

Post by DragonMaster Jay on Thu 10 Jan 2013, 8:32 pm

Hi there. Did you install WhiteSmoke?

Next step:

OTL Fix

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}: "URL" = [You must be registered and logged in to see this link.]
    IE:64bit: - HKLM\..\SearchScopes\{D70E5D87-215E-4081-A84A-033423333630}: "URL" = [You must be registered and logged in to see this link.]
    IE - HKLM\..\SearchScopes\{3C9AC5C3-49DF-4C99-9DAC-D76DCDE97281}: "URL" = [You must be registered and logged in to see this link.]
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}: "URL" = [You must be registered and logged in to see this link.]
    IE - HKLM\..\SearchScopes\{B7DA5F9E-2BB0-4756-9DFB-938E986A309C}: "URL" = [You must be registered and logged in to see this link.]
    IE - HKLM\..\SearchScopes\{D70E5D87-215E-4081-A84A-033423333630}: "URL" = [You must be registered and logged in to see this link.]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\%EasyLifeSearch_IESearchEngineGuid%: "URL" = [You must be registered and logged in to see this link.]
    IE - HKCU\..\SearchScopes\{3C9AC5C3-49DF-4C99-9DAC-D76DCDE97281}: "URL" = [You must be registered and logged in to see this link.]
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}: "URL" = [You must be registered and logged in to see this link.]
    IE - HKCU\..\SearchScopes\{9D1C9581-1496-6401-B0E1-B5AB23A42B87}: "URL" = [You must be registered and logged in to see this link.]
    IE - HKCU\..\SearchScopes\{B7DA5F9E-2BB0-4756-9DFB-938E986A309C}: "URL" = [You must be registered and logged in to see this link.]
    IE - HKCU\..\SearchScopes\{D70E5D87-215E-4081-A84A-033423333630}: "URL" = [You must be registered and logged in to see this link.]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\%EasyLifeSearch_IESearchEngineGuid%: "URL" = [You must be registered and logged in to see this link.]
    FF - prefs.js..browser.search.defaultengine: "u-Search"
    FF - prefs.js..browser.search.defaultenginename: "EasyLife"
    FF - prefs.js..browser.search.defaulturl: "http://search.easylifeapp.com/?q="
    FF - prefs.js..browser.search.order.1: "EasyLife"
    FF - prefs.js..browser.search.selectedEngine: "EasyLife"
    FF - prefs.js..browser.startup.homepage: "http://search.easylifeapp.com/"
    FF - prefs.js..extensions.enabledAddons: [You must be registered and logged in to see this link.]:6.2
    FF - prefs.js..extensions.enabledAddons: [You must be registered and logged in to see this link.]:6.2
    FF - prefs.js..keyword.URL: "http://search.easylifeapp.com/?q="
    FF - prefs.js..browser.search.order.1,S: S", "EasyLife"
    FF - prefs.js..browser.search.defaultenginename,S: S", "EasyLife"
    FF - prefs.js..browser.search.selectedEngine,S: S", "EasyLife"
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files (x86)\fbphotozoom\fbphotozoom13.xpi [2012/03/08 15:40:46 | 000,102,233 | ---- | M] ()
    [2012/08/19 11:14:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
    [2012/09/15 22:56:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    File not found (No name found) -- C:\USERS\NATE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZL4HG3UV.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
    File not found (No name found) -- C:\USERS\NATE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZL4HG3UV.DEFAULT\EXTENSIONS\CROSSRIDERAPP4493@CROSSRIDER.COM
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 10.7.2)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 10.9.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 10.9.2)
    [2012/12/16 18:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Browse2save
    [2012/12/16 09:58:36 | 000,000,000 | ---D | C] -- C:\6db184c2eea4618f007265d9c03d
    [2012/04/05 14:05:32 | 000,000,632 | ---- | C] () -- C:\Windows\hpomdl37.dat.temp
    [2012/04/05 13:46:11 | 000,168,068 | ---- | C] () -- C:\Windows\hpoins37.dat

    :files
    ipconfig /flushdns /c

    :commands
    [emptytemp]
    [reboot]

  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)



Hitman Pro

Please download Hitman Pro


  • After the download completes please double click the program to run it.
  • Accept the terms of the license agreement and click Next
  • Let the scan run. It will not take long
  • When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
  • Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
  • Upload log.xml here for review please


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Possible keylogger infection

Post by superfan84 on Fri 11 Jan 2013, 7:33 am

No I did not download whitesmoke. I have no clue what that program is. Anyways, here are the logs you've requested:

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D70E5D87-215E-4081-A84A-033423333630}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D70E5D87-215E-4081-A84A-033423333630}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3C9AC5C3-49DF-4C99-9DAC-D76DCDE97281}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C9AC5C3-49DF-4C99-9DAC-D76DCDE97281}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7DA5F9E-2BB0-4756-9DFB-938E986A309C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7DA5F9E-2BB0-4756-9DFB-938E986A309C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D70E5D87-215E-4081-A84A-033423333630}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D70E5D87-215E-4081-A84A-033423333630}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3C9AC5C3-49DF-4C99-9DAC-D76DCDE97281}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C9AC5C3-49DF-4C99-9DAC-D76DCDE97281}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9D1C9581-1496-6401-B0E1-B5AB23A42B87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D1C9581-1496-6401-B0E1-B5AB23A42B87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7DA5F9E-2BB0-4756-9DFB-938E986A309C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7DA5F9E-2BB0-4756-9DFB-938E986A309C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D70E5D87-215E-4081-A84A-033423333630}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D70E5D87-215E-4081-A84A-033423333630}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
Prefs.js: "u-Search" removed from browser.search.defaultengine
Prefs.js: "EasyLife" removed from browser.search.defaultenginename
Prefs.js: "http://search.easylifeapp.com/?q=" removed from browser.search.defaulturl
Prefs.js: "EasyLife" removed from browser.search.order.1
Prefs.js: "EasyLife" removed from browser.search.selectedEngine
Prefs.js: "http://search.easylifeapp.com/" removed from browser.startup.homepage
Prefs.js: [You must be registered and logged in to see this link.]:6.2 removed from extensions.enabledAddons
Prefs.js: [You must be registered and logged in to see this link.]:6.2 removed from extensions.enabledAddons
Prefs.js: "http://search.easylifeapp.com/?q=" removed from keyword.URL
Prefs.js: S", "EasyLife" removed from browser.search.order.1,S
Prefs.js: S", "EasyLife" removed from browser.search.defaultenginename,S
Prefs.js: S", "EasyLife" removed from browser.search.selectedEngine,S
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com deleted successfully.
File C:\Program Files (x86)\fbphotozoom\fbphotozoom13.xpi [2012/03/08 15:40:46 | 000,102,233 | ---- | M] not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\ProgramData\Browse2save\data folder moved successfully.
C:\ProgramData\Browse2save folder moved successfully.
C:\6db184c2eea4618f007265d9c03d folder moved successfully.
C:\Windows\hpomdl37.dat.temp moved successfully.
C:\Windows\hpoins37.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Nate\Downloads\cmd.bat deleted successfully.
C:\Users\Nate\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nate
->Temp folder emptied: 1170937 bytes
->Temporary Internet Files folder emptied: 5420393 bytes
->Java cache emptied: 15271358 bytes
->FireFox cache emptied: 27058394 bytes
->Google Chrome cache emptied: 106720796 bytes
->Flash cache emptied: 57728 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 80351949 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 222164 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 225.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01102013_141025

Files\Folders moved on Reboot...
C:\Users\Nate\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



Code:

HitmanPro 3.7.0.185
www.hitmanpro.com

  Computer name . . . . : NATE-PC
  Windows . . . . . . . : 6.1.1.7601.X64/4
  User name . . . . . . : Nate-PC\Nate
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Trial (30 days left)

  Scan date . . . . . . : 2013-01-10 14:18:33
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 6m 5s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 3
  Traces  . . . . . . . : 94

  Objects scanned . . . : 1,793,102
  Files scanned . . . . : 25,296
  Remnants scanned  . . : 386,805 files / 1,381,001 keys

Malware remnants ____________________________________________________________

  HKU\S-1-5-21-123337139-2863389204-3785934037-1000\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Deleted
  HKU\S-1-5-21-123337139-2863389204-3785934037-1000\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.Hotbar) -> Deleted
  HKU\S-1-5-21-123337139-2863389204-3785934037-1000\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.Hotbar) -> Deleted

Cookies _____________________________________________________________________

  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.amakings.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.crakmedia.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.glispa.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mail3x.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.masslive.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mlive.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.oregonlive.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pornerbros.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.us.e-planning.net
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.verticalscope.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultadworld.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultfriendfinder.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertstream.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:br.rk.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:c1.atdmt.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.phn.doublepimp.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ero-advertising.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:flirt4free.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:gntbcstglobal.112.2o7.net
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:interchangecorporation.122.2o7.net
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:judgeporn.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:leeenterprises.112.2o7.net
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:network.realmedia.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:overture.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:paypal.112.2o7.net
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:porn.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornsharia.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:premiumtv.122.2o7.net
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:realitykings.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:rts.phn.doublepimp.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexbot.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:socialsex.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.paypal.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:survey.g.doubleclick.net
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.prd.inpwrd.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:watchporn.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:wt.socialsex.biz
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.burstnet.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.flirt4free.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.porn.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.realitykings.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sexbot.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.socialsex.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.topsexspots.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
  C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com



superfan84

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2013-01-08
Operating System : Windows 7

View user profile

Back to top Go down

Re: Possible keylogger infection

Post by DragonMaster Jay on Fri 11 Jan 2013, 12:27 pm

Good work!

Remove WhiteSmoke from your Programs.


ESET Online Scan

Please run a free online scan with the ESET Online Scanner

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.



Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Note: Absence of issues does not mean that you're protected in the future.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Possible keylogger infection

Post by superfan84 on Sat 12 Jan 2013, 9:32 am

C:\Users\Nate\Downloads\06 - Shotgun.mp3.exe Win32/InstalleRex.E.Gen application cleaned by deleting - quarantined
C:\Users\Nate\Downloads\A_Football_Life_-_Walter_Payton_(720p)_secure.exe Win32/TopMedia.B application cleaned by deleting - quarantined
C:\Users\Nate\Downloads\cbsidlm-cbsi5_2_0_83-Flash_Video_Downloader_for_Google_Chrome-SEO2-75327988.exe a variant of Win32/CNETInstaller.A application cleaned by deleting - quarantined
C:\Users\Nate\Downloads\cbsidlm-tr1_8-Orbit_Downloader-SEO2-10600926.exe Win32/DownloadAdmin.E application cleaned by deleting - quarantined
C:\Users\Nate\Downloads\iLividSetup (1).exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\Nate\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\Nate\Downloads\iLividSetupV1 (1).exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\Nate\Downloads\iLividSetupV1 (2).exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\Nate\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\Nate\Downloads\mplayer_1158.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Users\Nate\Downloads\reginout_setup.exe multiple threats cleaned by deleting - quarantined
C:\Users\Nate\Downloads\SoftonicDownloader_for_jpg-to-pdf-converter-free.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\Users\Nate\Downloads\SoftonicDownloader_for_pc-wizard.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\Users\Nate\Downloads\SoftonicDownloader_for_tvants.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Users\Nate\Downloads\SoftonicDownloader_for_windows-movie-maker.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\01102013_141025\C_ProgramData\Browse2save\50ce6e177840f.ocx Win32/Adware.MultiPlug.E application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\01102013_141025\C_ProgramData\Browse2save\50ce6e1778447.html Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined

superfan84

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2013-01-08
Operating System : Windows 7

View user profile

Back to top Go down

Re: Possible keylogger infection

Post by superfan84 on Sat 12 Jan 2013, 9:34 am

I never found whitesmoke on my computer, so I don't its on my computer anymore. I still have troubles with my second issue that I originally posted about, here it is:

My second issue has been a lingering problem with my computer. When I close my laptop and open it up from sleep mode, and when I go to type something, the screen freezes up and the only way to solve this is to restart the computer. I thought it was a problem with my search browser (google chrome), but its not because it happens in any program I can type in (search bar, Microsoft word, search browsers, etc).

superfan84

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2013-01-08
Operating System : Windows 7

View user profile

Back to top Go down

Re: Possible keylogger infection

Post by DragonMaster Jay on Sun 13 Jan 2013, 4:24 am

It sounds more like video card trouble, tbh.

Please try these video card tests and tell me how they work:

[You must be registered and logged in to see this link.]

FurMark: VGA Stress Test, Graphics Card and GPU Stability Test, Burn-in Test, OpenGL Benchmark and GPU Temperature | oZone3D.Net

I would like to know if your video card passed them.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Possible keylogger infection

Post by superfan84 on Mon 14 Jan 2013, 3:13 am

I ran both tests, and the first test gave me the following results:

your video system: 36

NVIDIA GeForce 8400 GS: 41

NVIDIA GeForce 7600 GT: 195

ATI Radeon HD 2600 XT: 119
ATI Radeon HD 2400: 43
Intel(R) 915GM: 13

The second test gave me the result:

Burn In Score: not valid (GPU Temp error)

superfan84

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2013-01-08
Operating System : Windows 7

View user profile

Back to top Go down

Re: Possible keylogger infection

Post by DragonMaster Jay on Mon 14 Jan 2013, 6:33 am

Now, for the first test, did it hang at all within the 10-30 minute window?

DxDiag
  1. Click Start and then click Run.
  2. Type dxdiag in the Open box, and then click OK.
  3. Click Save all information, and it will collect information and it will prompt you to save the file. Save the file to the Desktop.
  4. Find DxDiag.txt on your Desktop, and post the contents of it in your next reply.


=================

Next, you're going to need a program called TestDisk. It's a free and open source disk recovery program.

Step 1: Download the TestDisk executable here: Download and save it to a flash drive.
Step 2: On the Reatogo desktop, extract the downloaded zip file using your favorite archive extractor.
Step 3: Double-click on the testdisk_win.exe file (found in the win folder of the extracted archive)
Step 4: You will now be at a scary looking text-based command window:

Press Enter here to create a new log file.

Step 5: TestDisk will now detect all local hard drives, and present them in a list like this:

You have indicated that there is only one hard drive attached to your computer, with two partitions. So, use the arrow (up and down) keys to highlight the disk called /dev/sda.

Note: If /dev/sda isn't listed or you have more than one hard drive, STOP and post back here.

With /dev/sda selected, press Enter

Step 6: Now we need to specify the type of partitions that are on your disk. Select Intel (even if you have an AMD processor).

Press Enter.

Step 7: Select Analyse and press Enter.


Quit TestDisk by pressing Q. Post me the testdisk log please (it can be found in the win folder).


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Possible keylogger infection

Post by superfan84 on Mon 14 Jan 2013, 10:47 am

No it did not hang at all during the first 10-30 minutes. Anyways, here are logs you've requested:

------------------
System Information
------------------
Time of this report: 1/13/2013, 17:40:00
Machine name: NATE-PC
Operating System: Windows 7 Home Premium 64-bit (6.1, Build 7601) Service Pack 1 (7601.win7sp1_gdr.120830-0333)
Language: English (Regional Setting: English)
System Manufacturer: Hewlett-Packard
System Model: HP G62 Notebook PC
BIOS: Default System BIOS
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz (4 CPUs), ~2.3GHz
Memory: 3072MB RAM
Available OS Memory: 2934MB RAM
Page File: 2471MB used, 3394MB available
Windows Dir: C:\Windows
DirectX Version: DirectX 11
DX Setup Parameters: Not found
User DPI Setting: Using System DPI
System DPI Setting: 96 DPI (100 percent)
DWM DPI Scaling: Disabled
DxDiag Version: 6.01.7601.17514 32bit Unicode

------------
DxDiag Notes
------------
Display Tab 1: No problems found.
Sound Tab 1: No problems found.
Input Tab: No problems found.

--------------------
DirectX Debug Levels
--------------------
Direct3D: 0/4 (retail)
DirectDraw: 0/4 (retail)
DirectInput: 0/5 (retail)
DirectMusic: 0/5 (retail)
DirectPlay: 0/9 (retail)
DirectSound: 0/5 (retail)
DirectShow: 0/6 (retail)

---------------
Display Devices
---------------
Card name: Intel(R) HD Graphics
Manufacturer: Intel Corporation
Chip type: Intel(R) HD Graphics (Core i3)
DAC type: Internal
Device Key: Enum\PCI\VEN_8086&DEV_0046&SUBSYS_1425103C&REV_02
Display Memory: 1274 MB
Dedicated Memory: 64 MB
Shared Memory: 1210 MB
Current Mode: 1366 x 768 (32 bit) (60Hz)
Monitor Name: Generic PnP Monitor
Monitor Model: unknown
Monitor Id: SEC3651
Native Mode: 1366 x 768(p) (60.031Hz)
Output Type: Internal
Driver Name: igdumd64.dll,igd10umd64.dll,igdumdx32,igd10umd32
Driver File Version: 8.15.0010.2622 (English)
Driver Version: 8.15.10.2622
DDI Version: 10
Driver Model: WDDM 1.1
Driver Attributes: Final Retail
Driver Date/Size: 1/10/2012 21:28:32, 8313856 bytes
WHQL Logo'd: n/a
WHQL Date Stamp: n/a
Device Identifier: {D7B78E66-4306-11CF-B279-2F34A2C2C535}
Vendor ID: 0x8086
Device ID: 0x0046
SubSys ID: 0x1425103C
Revision ID: 0x0002
Driver Strong Name: oem42.inf:IntelGfx.NTamd64.6.0:iILKM0:8.15.10.2622:pci\ven_8086&dev_0046
Rank Of Driver: 00E62001
Video Accel: ModeMPEG2_A ModeMPEG2_C ModeWMV9_B ModeWMV9_C ModeVC1_B ModeVC1_C
Deinterlace Caps: {BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(YV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(NV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(NV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(NV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC1,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC1,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC1,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC2,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC3,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC3,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC3,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC4,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC4,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC4,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend
D3D9 Overlay: Supported
DXVA-HD: Supported
DDraw Status: Enabled
D3D Status: Enabled
AGP Status: Enabled

-------------
Sound Devices
-------------
Description: Speakers (Realtek High Definition Audio)
Default Sound Playback: Yes
Default Voice Playback: Yes
Hardware ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0270&SUBSYS_103C1425&REV_1001
Manufacturer ID: 1
Product ID: 100
Type: WDM
Driver Name: RTKVHD64.sys
Driver Version: 6.00.0001.6037 (English)
Driver Attributes: Final Retail
WHQL Logo'd: n/a
Date and Size: 1/29/2010 16:48:44, 2260256 bytes
Other Files:
Driver Provider: Realtek Semiconductor Corp.
HW Accel Level: Basic
Cap Flags: 0x0
Min/Max Sample Rate: 0, 0
Static/Strm HW Mix Bufs: 0, 0
Static/Strm HW 3D Bufs: 0, 0
HW Memory: 0
Voice Management: No
EAX(tm) 2.0 Listen/Src: No, No
I3DL2(tm) Listen/Src: No, No
Sensaura(tm) ZoomFX(tm): No

---------------------
Sound Capture Devices
---------------------
Description: Microphone (Realtek High Definition Audio)
Default Sound Capture: Yes
Default Voice Capture: Yes
Driver Name: RTKVHD64.sys
Driver Version: 6.00.0001.6037 (English)
Driver Attributes: Final Retail
Date and Size: 1/29/2010 16:48:44, 2260256 bytes
Cap Flags: 0x0
Format Flags: 0x0

-------------------
DirectInput Devices
-------------------
Device Name: Mouse
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Device Name: Keyboard
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Device Name: USB Receiver
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x046D, 0xC52B
FF Driver: n/a

Device Name: USB Receiver
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x046D, 0xC52B
FF Driver: n/a

Device Name: USB Receiver
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x046D, 0xC52B
FF Driver: n/a

Device Name: USB Receiver
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x046D, 0xC52B
FF Driver: n/a

Device Name: USB Receiver
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x046D, 0xC52B
FF Driver: n/a

Device Name: USB Receiver
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x046D, 0xC52B
FF Driver: n/a

Poll w/ Interrupt: No

-----------
USB Devices
-----------
+ USB Root Hub
| Vendor/Product ID: 0x8086, 0x3B34
| Matching Device ID: usb\root_hub20
| Service: usbhub
|
+-+ Generic USB Hub
| | Vendor/Product ID: 0x8087, 0x0020
| | Location: Port_#0001.Hub_#0002
| | Matching Device ID: usb\class_09
| | Service: usbhub

----------------
Gameport Devices
----------------

------------
PS/2 Devices
------------
+ Standard PS/2 Keyboard
| Matching Device ID: *pnp0303
| Service: i8042prt
|
+ HID Keyboard Device
| Vendor/Product ID: 0x046D, 0xC52B
| Matching Device ID: hid_device_system_keyboard
| Service: kbdhid
|
+ Terminal Server Keyboard Driver
| Matching Device ID: root\rdp_kbd
| Upper Filters: kbdclass
| Service: TermDD
|
+ Synaptics PS/2 Port TouchPad
| Matching Device ID: *syn1e26
| Upper Filters: SynTP
| Service: i8042prt
|
+ HID-compliant mouse
| Vendor/Product ID: 0x046D, 0xC52B
| Matching Device ID: hid_device_system_mouse
| Service: mouhid
|
+ Terminal Server Mouse Driver
| Matching Device ID: root\rdp_mou
| Upper Filters: mouclass
| Service: TermDD

------------------------
Disk & DVD/CD-ROM Drives
------------------------
Drive: C:
Free Space: 81.4 GB
Total Space: 223.6 GB
File System: NTFS
Model: WDC WD2500BEKT-60A25T1

Drive: D:
Free Space: 2.4 GB
Total Space: 14.6 GB
File System: NTFS
Model: WDC WD2500BEKT-60A25T1

Drive: E:
Free Space: 0.1 GB
Total Space: 0.1 GB
File System: FAT32
Model: WDC WD2500BEKT-60A25T1

Drive: F:
Model: hp CDDVDW TS-L633N
Driver: c:\windows\system32\drivers\cdrom.sys, 6.01.7601.17514 (English), , 0 bytes

--------------
System Devices
--------------
Name: Intel(R) 82801 PCI Bridge - 2448
Device ID: PCI\VEN_8086&DEV_2448&SUBSYS_1425103C&REV_A5\3&11583659&0&F0
Driver: n/a

Name: Intel(R) Management Engine Interface
Device ID: PCI\VEN_8086&DEV_3B64&SUBSYS_1425103C&REV_06\3&11583659&0&B0
Driver: n/a

Name: Intel(R) PCHM SATA AHCI Controller 4 Port
Device ID: PCI\VEN_8086&DEV_3B29&SUBSYS_1425103C&REV_05\3&11583659&0&FA
Driver: n/a

Name: Intel(R) HD Graphics
Device ID: PCI\VEN_8086&DEV_0046&SUBSYS_1425103C&REV_02\3&11583659&0&10
Driver: n/a

Name: High Definition Audio Controller
Device ID: PCI\VEN_8086&DEV_3B56&SUBSYS_1425103C&REV_05\3&11583659&0&D8
Driver: n/a

Name: Intel(R) HM55 Express Chipset LPC Interface Controller - 3B09
Device ID: PCI\VEN_8086&DEV_3B09&SUBSYS_1425103C&REV_05\3&11583659&0&F8
Driver: n/a

Name: Intel(R) processor DRAM Controller - 0044
Device ID: PCI\VEN_8086&DEV_0044&SUBSYS_1425103C&REV_02\3&11583659&0&00
Driver: n/a

Name: Reserved - 2D13
Device ID: PCI\VEN_8086&DEV_2D13&SUBSYS_1425103C&REV_02\3&4F11E61&0&13
Driver: n/a

Name: Intel(R) 5 Series/3400 Series Chipset Family PCI Express Root Port 2 - 3B44
Device ID: PCI\VEN_8086&DEV_3B44&SUBSYS_1425103C&REV_05\3&11583659&0&E1
Driver: n/a

Name: Realtek RTL8191SE 802.11b/g/n WiFi Adapter
Device ID: PCI\VEN_10EC&DEV_8171&SUBSYS_1467103C&REV_10\4&2DD4FD51&0&00E0
Driver: n/a

Name: Reserved - 2D12
Device ID: PCI\VEN_8086&DEV_2D12&SUBSYS_1425103C&REV_02\3&4F11E61&0&12
Driver: n/a

Name: Intel(R) 5 Series/3400 Series Chipset Family PCI Express Root Port 1 - 3B42
Device ID: PCI\VEN_8086&DEV_3B42&SUBSYS_1425103C&REV_05\3&11583659&0&E0
Driver: n/a

Name: Realtek PCIe FE Family Controller
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_1425103C&REV_02\4&1D193AA&0&00E1
Driver: n/a

Name: QPI Physical 0 - 2D11
Device ID: PCI\VEN_8086&DEV_2D11&SUBSYS_1425103C&REV_02\3&4F11E61&0&11
Driver: n/a

Name: Intel(R) 5 Series/3400 Series Chipset Family USB Enhanced Host Controller - 3B3C
Device ID: PCI\VEN_8086&DEV_3B3C&SUBSYS_1425103C&REV_05\3&11583659&0&D0
Driver: n/a

Name: QPI Link 0 - 2D10
Device ID: PCI\VEN_8086&DEV_2D10&SUBSYS_1425103C&REV_02\3&4F11E61&0&10
Driver: n/a

Name: Intel(R) 5 Series/3400 Series Chipset Family USB Enhanced Host Controller - 3B34
Device ID: PCI\VEN_8086&DEV_3B34&SUBSYS_1425103C&REV_05\3&11583659&0&E8
Driver: n/a

Name: QuickPath Architecture System Address Decoder - 2D01
Device ID: PCI\VEN_8086&DEV_2D01&SUBSYS_1425103C&REV_02\3&4F11E61&0&01
Driver: n/a

Name: Intel(R) Turbo Boost Technology Driver
Device ID: PCI\VEN_8086&DEV_3B32&SUBSYS_1425103C&REV_05\3&11583659&0&FE
Driver: n/a

Name: QuickPath Architecture Generic Non-core Registers - 2C62
Device ID: PCI\VEN_8086&DEV_2C62&SUBSYS_1425103C&REV_02\3&4F11E61&0&00
Driver: n/a

Name: Intel(R) 5 Series/3400 Series Chipset Family SMBus Controller - 3B30
Device ID: PCI\VEN_8086&DEV_3B30&SUBSYS_1425103C&REV_05\3&11583659&0&FB
Driver: n/a

------------------
DirectShow Filters
------------------

DirectShow Filters:
WMAudio Decoder DMO,0x00800800,1,1,WMADMOD.DLL,6.01.7601.17514
WMAPro over S/PDIF DMO,0x00600800,1,1,WMADMOD.DLL,6.01.7601.17514
WMSpeech Decoder DMO,0x00600800,1,1,WMSPDMOD.DLL,6.01.7601.17514
MP3 Decoder DMO,0x00600800,1,1,mp3dmod.dll,6.01.7600.16385
Mpeg4s Decoder DMO,0x00800001,1,1,mp4sdecd.dll,6.01.7600.16385
WMV Screen decoder DMO,0x00600800,1,1,wmvsdecd.dll,6.01.7601.17514
WMVideo Decoder DMO,0x00800001,1,1,wmvdecod.dll,6.01.7601.17514
Expression Encoder Screen Codec 2,0x00600800,1,1,Microsoft.Expression.Encoder.EEScreen.Codec.dll,4.00.1639.0000
Mpeg43 Decoder DMO,0x00800001,1,1,mp43decd.dll,6.01.7600.16385
Mpeg4 Decoder DMO,0x00800001,1,1,mpg4decd.dll,6.01.7600.16385
WMT MuxDeMux Filter,0x00200000,0,0,WMM2FILT.dll,2.06.4037.0000
CyberLink Demultiplexer(HomeNetwork),0x00200000,1,0,CLDemuxer.ax,1.00.0000.4513
WMT VIH2 Fix,0x00200000,1,1,WLXVAFilt.dll,15.04.3508.1109
Record Queue,0x00200000,1,1,WLXVAFilt.dll,15.04.3508.1109
WMT Switch Filter,0x00200000,1,1,WLXVAFilt.dll,15.04.3508.1109
WMT Virtual Renderer,0x00200000,1,0,WLXVAFilt.dll,15.04.3508.1109
WMT DV Extract,0x00200000,1,1,WLXVAFilt.dll,15.04.3508.1109
WMT Virtual Source,0x00200000,0,1,WLXVAFilt.dll,15.04.3508.1109
WMT Sample Information Filter,0x00200000,1,1,WLXVAFilt.dll,15.04.3508.1109
CyberLink MPEG Video Encoder,0x00200000,1,1,,
RealPlayer Video Filter,0x00200000,1,1,rdsf3260.dll,15.00.0006.0014
CyberLink MP3/WAV Wrapper,0x00200000,1,1,,
DV Muxer,0x00400000,0,0,qdv.dll,6.06.7601.17514
CyberLink AudioCD Filter,0x00200000,0,1,,
Color Space Converter,0x00400001,1,1,quartz.dll,6.06.7601.17713
WM ASF Reader,0x00400000,0,0,qasf.dll,12.00.7601.17514
Screen Capture filter,0x00200000,0,1,wmpsrcwp.dll,12.00.7601.17514
Cyberlink Streamming Filter,0x00200000,0,1,CLStream.ax,1.01.0000.2902
AVI Splitter,0x00600000,1,1,quartz.dll,6.06.7601.17713
WMT AudioAnalyzer,0x00200000,1,1,WMM2FILT.dll,2.06.4037.0000
VGA 16 Color Ditherer,0x00400000,1,1,quartz.dll,6.06.7601.17713
SBE2MediaTypeProfile,0x00200000,0,0,sbe.dll,6.06.7601.17528
CyberLink Editing Service 3.0 (Source),0x00200000,0,2,,
Microsoft DTV-DVD Video Decoder,0x005fffff,2,4,msmpeg2vdec.dll,6.01.7140.0000
AC3 Parser Filter,0x00600000,1,1,mpg2splt.ax,6.06.7601.17528
CyberLink Digest Filter (PDVD8),0x00200000,2,2,DigestFilter.dll,1.00.0000.3314
WMT Format Conversion,0x00200000,1,1,WMM2FILT.dll,2.06.4037.0000
CyberLink HD/BD Mixer (PDVD8.0),0x00200000,1,2,CLHBMixer.ax,2.00.0000.2117
StreamBufferSink,0x00200000,0,0,sbe.dll,6.06.7601.17528
WMT Black Frame Generator,0x00200000,1,1,WMM2FILT.dll,2.06.4037.0000
MJPEG Decompressor,0x00600000,1,1,quartz.dll,6.06.7601.17713
WMT Screen Capture filter,0x00200000,0,1,WMM2FILT.dll,2.06.4037.0000
CyberLink TimeStretch Filter (PDVD8),0x00200000,1,1,clauts.ax,1.00.0000.7907
MPEG-I Stream Splitter,0x00600000,1,2,quartz.dll,6.06.7601.17713
CyberLink Demux (PDVD8),0x00200000,1,0,cldemuxer.ax,1.00.0000.7830
SAMI (CC) Parser,0x00400000,1,1,quartz.dll,6.06.7601.17713
P2G Video Decoder,0x00200000,2,3,,
VBI Codec,0x00600000,1,4,VBICodec.ax,6.06.7601.17514
CyberLink Video/SP Decoder (PDVD8),0x00602000,2,3,CLVsd.ax,8.04.0000.0901
MPEG-2 Splitter,0x005fffff,1,0,mpg2splt.ax,6.06.7601.17528
Closed Captions Analysis Filter,0x00200000,2,5,cca.dll,6.06.7601.17514
SBE2FileScan,0x00200000,0,0,sbe.dll,6.06.7601.17528
Microsoft MPEG-2 Video Encoder,0x00200000,1,1,msmpeg2enc.dll,6.01.7601.17514
Internal Script Command Renderer,0x00800001,1,0,quartz.dll,6.06.7601.17713
CyberLink Video Regulator,0x00200000,1,1,,
AVS Video Out,0x00200000,0,1,AVSVideoOutFilter3.ax,1.00.0000.0233
CyberLink DVD Navigator (PDVD8),0x00200000,0,3,CLNavX.ax,8.00.0000.3210
P2G Audio Decoder,0x00200000,1,1,,
MPEG Audio Decoder,0x03680001,1,1,quartz.dll,6.06.7601.17713
WMT Import Filter,0x00200000,0,1,WMM2FILT.dll,2.06.4037.0000
DV Splitter,0x00600000,1,2,qdv.dll,6.06.7601.17514
Bitmap Generate,0x00200000,1,1,WMM2FILT.dll,2.06.4037.0000
Cyberlink SubTitle Importor (PDVD8),0x00200000,2,1,CLSubTitle.ax,1.00.0000.6519
Video Mixing Renderer 9,0x00200000,1,0,quartz.dll,6.06.7601.17713
CyberLink MPEG Splitter,0x00200000,1,2,CLSplter.ax,3.01.0000.3022
CyberLink Video Effect,0x00200000,1,1,,
WMT VIH2 Fix,0x00200000,1,1,WMM2FILT.dll,2.06.4037.0000
Record Queue,0x00200000,1,1,WMM2FILT.dll,2.06.4037.0000
CyberLink Audio Noise Reduction,0x00200000,1,1,,
WMT Audio Mixer,0x00200000,1,1,WMM2FILT.dll,2.06.4037.0000
Microsoft MPEG-2 Encoder,0x00200000,2,1,msmpeg2enc.dll,6.01.7601.17514
CyberLink MPEG-2 Splitter,0x00200000,1,2,,
Xvid MPEG-4 Video Decoder,0x00800002,1,1,xvid.ax,
CyberLink Audio VolumeBooster,0x00200000,1,1,,
CyberLink MPEG-4 Splitter (PDVD8),0x00200000,1,2,clm4splt.ax,1.01.0000.1826
ACM Wrapper,0x00600000,1,1,quartz.dll,6.06.7601.17713
CyberLink Audio Wizard,0x00201010,1,1,CLAudWizard.ax,1.00.0000.4414
Video Renderer,0x00800001,1,0,quartz.dll,6.06.7601.17713
Frame Eater,0x00200000,1,1,WMM2FILT.dll,2.06.4037.0000
MPEG-2 Video Stream Analyzer,0x00200000,0,0,sbe.dll,6.06.7601.17528
Cyberlink Dump Dispatch Filter,0x00200000,1,0,,
Line 21 Decoder,0x00600000,1,1,qdvd.dll,6.06.7601.17835
Video Port Manager,0x00600000,2,1,quartz.dll,6.06.7601.17713
Video Renderer,0x00400000,1,0,quartz.dll,6.06.7601.17713
CyberLink Audio Resampler,0x00200000,1,1,,
File Writer,0x00200000,1,0,WLXVAFilt.dll,15.04.3508.1109
VPS Decoder,0x00200000,0,0,WSTPager.ax,6.06.7601.17514
WM ASF Writer,0x00400000,0,0,qasf.dll,12.00.7601.17514
CyberLink MPEG-1 Splitter,0x00200000,1,2,,
WMT Sample Information Filter,0x00200000,1,1,WMM2FILT.dll,2.06.4037.0000
VBI Surface Allocator,0x00600000,1,1,vbisurf.ax,6.01.7601.17514
File writer,0x00200000,1,0,qcap.dll,6.06.7601.17514
iTV Data Sink,0x00600000,1,0,itvdata.dll,6.06.7601.17514
iTV Data Capture filter,0x00600000,1,1,itvdata.dll,6.06.7601.17514
Cyberlink File Reader (Async.),0x00200000,0,1,,
CyberLink M2V Writer,0x00200000,1,0,,
WMT Log Filter,0x00200000,1,1,WMM2FILT.dll,2.06.4037.0000
WMT Virtual Renderer,0x00200000,1,0,WMM2FILT.dll,2.06.4037.0000
CyberLink Audio Decoder (PDVD8),0x00201000,1,1,Claud.ax,6.03.0000.2128
Cyberlink Dump Filter,0x00200000,1,0,,
CyberLink Video Stabilizer,0x00200000,1,1,,
WAV Dest,0x00000000,0,0,,
Expression Encoder Screen Codec 2,0x00600000,0,0,Microsoft.Expression.Encoder.EEScreen.Codec.dll,4.00.1639.0000
CyberLink PCM Wrapper,0x00200000,1,1,,
DVD Navigator,0x00200000,0,3,qdvd.dll,6.06.7601.17835
Overlay Mixer2,0x00200000,1,1,qdvd.dll,6.06.7601.17835
AVI Draw,0x00600064,9,1,quartz.dll,6.06.7601.17713
RDP DShow Redirection Filter,0xffffffff,1,0,DShowRdpFilter.dll,
CyberLink Audio Spectrum Analyzer(HomeNetwork),0x00200000,1,1,CLAudSpa.ax,1.00.0000.0924
Microsoft MPEG-2 Audio Encoder,0x00200000,1,1,msmpeg2enc.dll,6.01.7601.17514
CyberLink AudioCD Filter (PDVD8),0x00600000,0,1,CLAudioCD.ax,5.00.0000.5316
WST Pager,0x00200000,1,1,WSTPager.ax,6.06.7601.17514
WMT DirectX Transform Wrapper,0x00200000,1,1,WMM2FILT.dll,2.06.4037.0000
CyberLink Push-Mode CLStream,0x00200000,0,1,CLStream(PushMode).ax,1.00.0000.1627
MPEG-2 Demultiplexer,0x00600000,1,1,mpg2splt.ax,6.06.7601.17528
DV Video Decoder,0x00800000,1,1,qdv.dll,6.06.7601.17514
RealPlayer Transcode Filter,0x00600000,0,0,rdsf3260.dll,15.00.0006.0014
9x8Resize,0x00200000,1,1,WMM2FILT.dll,2.06.4037.0000
Allocator Fix,0x00200000,1,1,WMM2FILT.dll,2.06.4037.0000
SampleGrabber,0x00200000,1,1,qedit.dll,6.06.7601.17514
Null Renderer,0x00200000,1,0,qedit.dll,6.06.7601.17514
WMT Virtual Source,0x00200000,0,1,WMM2FILT.dll,2.06.4037.0000
MPEG-2 Sections and Tables,0x005fffff,1,0,Mpeg2Data.ax,6.06.7601.17514
Microsoft AC3 Encoder,0x00200000,1,1,msac3enc.dll,6.01.7601.17514
WMT Interlacer,0x00200000,1,1,WMM2FILT.dll,2.06.4037.0000
CyberLink Tzan Filter (PDVD8),0x00200000,1,1,CLTzan.ax,3.05.0000.1928
StreamBufferSource,0x00200000,0,0,sbe.dll,6.06.7601.17528
CyberLink TimeStretch Filter (CES),0x00200000,1,1,,
Smart Tee,0x00200000,1,2,qcap.dll,6.06.7601.17514
Overlay Mixer,0x00200000,0,0,qdvd.dll,6.06.7601.17835
CyberLink TL MPEG Splitter,0x00200000,1,2,,
RealPlayer Audio Filter,0x00200000,1,1,rdsf3260.dll,15.00.0006.0014
AVI Decompressor,0x00600000,1,1,quartz.dll,6.06.7601.17713
CyberLink MPEG Muxer,0x00200000,2,1,,
Uncompressed Domain Shot Detection Filter,0x00200000,1,1,WMM2FILT.dll,2.06.4037.0000
AVI/WAV File Source,0x00400000,0,2,quartz.dll,6.06.7601.17713
Wave Parser,0x00400000,1,1,quartz.dll,6.06.7601.17713
MIDI Parser,0x00400000,1,1,quartz.dll,6.06.7601.17713
Multi-file Parser,0x00400000,1,1,quartz.dll,6.06.7601.17713
File stream renderer,0x00400000,1,1,quartz.dll,6.06.7601.17713
CyberLink Line21 Decoder (PDVD8),0x00200000,0,2,CLLine21.ax,4.00.0000.10309
CyberLink Audio Decoder(PDVD8 UPnP),0x00200000,1,1,CLAud.ax,6.01.0000.3816
CyberLink Audio Effect (PDVD8),0x00200000,1,1,CLAudFx.ax,6.00.0000.6525
Adaptive Streaming Filter,0x00600000,0,0,Microsoft.Expression.Encoder.Utilities2.dll,4.00.1639.0000
Microsoft DTV-DVD Audio Decoder,0x005fffff,1,1,msmpeg2adec.dll,6.01.7140.0000
StreamBufferSink2,0x00200000,0,0,sbe.dll,6.06.7601.17528
AVI Mux,0x00200000,1,0,qcap.dll,6.06.7601.17514
Line 21 Decoder 2,0x00600002,1,1,quartz.dll,6.06.7601.17713
File Source (Async.),0x00400000,0,1,quartz.dll,6.06.7601.17713
File Source (URL),0x00400000,0,1,quartz.dll,6.06.7601.17713
WMT DV Extract,0x00200000,1,1,WMM2FILT.dll,2.06.4037.0000
P2G Video Regulator,0x00200000,1,1,,
P2G Audio Encoder,0x00200000,2,0,,
WMT Switch Filter,0x00200000,1,1,WMM2FILT.dll,2.06.4037.0000
WMT Volume,0x00200000,1,1,WMM2FILT.dll,2.06.4037.0000
Stretch Video,0x00200000,1,1,WMM2FILT.dll,2.06.4037.0000
CyberLink Audio Spectrum Analyzer (PDVD8),0x00200000,1,1,CLAudSpa.ax,1.00.0000.0924
Infinite Pin Tee Filter,0x00200000,1,1,qcap.dll,6.06.7601.17514
CyberLink Video/SP Decoder(HomeNetwork),0x00200000,2,3,CLVSD.ax,6.01.0000.0916
Enhanced Video Renderer,0x00200000,1,0,evr.dll,6.01.7601.17514
BDA MPEG2 Transport Information Filter,0x00200000,2,0,psisrndr.ax,6.06.7601.17669
MPEG Video Decoder,0x40000001,1,1,quartz.dll,6.06.7601.17713
CyberLink MPEG Decoder,0x00200000,2,3,,

WDM Streaming Tee/Splitter Devices:
Tee/Sink-to-Sink Converter,0x00200000,1,1,ksproxy.ax,6.01.7601.17514

Video Compressors:
WMVideo8 Encoder DMO,0x00600800,1,1,wmvxencd.dll,6.01.7600.16385
WMVideo9 Encoder DMO,0x00600800,1,1,wmvencod.dll,6.01.7600.16385
MSScreen 9 encoder DMO,0x00600800,1,1,wmvsencd.dll,6.01.7600.16385
DV Video Encoder,0x00200000,0,0,qdv.dll,6.06.7601.17514
MJPEG Compressor,0x00200000,0,0,quartz.dll,6.06.7601.17713
Cinepak Codec by Radius,0x00200000,1,1,qcap.dll,6.06.7601.17514
Intel IYUV codec,0x00200000,1,1,qcap.dll,6.06.7601.17514
Intel IYUV codec,0x00200000,1,1,qcap.dll,6.06.7601.17514
Microsoft RLE,0x00200000,1,1,qcap.dll,6.06.7601.17514
Microsoft Video 1,0x00200000,1,1,qcap.dll,6.06.7601.17514
Xvid MPEG-4 Codec,0x00200000,1,1,qcap.dll,6.06.7601.17514

Audio Compressors:
WM Speech Encoder DMO,0x00600800,1,1,WMSPDMOE.DLL,6.01.7600.16385
WMAudio Encoder DMO,0x00600800,1,1,WMADMOE.DLL,6.01.7600.16385
IMA ADPCM,0x00200000,1,1,quartz.dll,6.06.7601.17713
PCM,0x00200000,1,1,quartz.dll,6.06.7601.17713
Microsoft ADPCM,0x00200000,1,1,quartz.dll,6.06.7601.17713
GSM 6.10,0x00200000,1,1,quartz.dll,6.06.7601.17713
Messenger Audio Codec,0x00200000,1,1,quartz.dll,6.06.7601.17713
CCITT A-Law,0x00200000,1,1,quartz.dll,6.06.7601.17713
CCITT u-Law,0x00200000,1,1,quartz.dll,6.06.7601.17713
MPEG Layer-3,0x00200000,1,1,quartz.dll,6.06.7601.17713

Audio Capture Sources:
Microphone (Realtek High Defini,0x00200000,0,0,qcap.dll,6.06.7601.17514

PBDA CP Filters:
PBDA DTFilter,0x00600000,1,1,CPFilters.dll,6.06.7601.17528
PBDA ETFilter,0x00200000,0,0,CPFilters.dll,6.06.7601.17528
PBDA PTFilter,0x00200000,0,0,CPFilters.dll,6.06.7601.17528

Midi Renderers:
Default MidiOut Device,0x00800000,1,0,quartz.dll,6.06.7601.17713
Microsoft GS Wavetable Synth,0x00200000,1,0,quartz.dll,6.06.7601.17713

WDM Streaming Capture Devices:
Realtek HD Audio Mic input,0x00200000,1,1,ksproxy.ax,6.01.7601.17514
Realtek HD Audio Stereo input,0x00200000,1,1,ksproxy.ax,6.01.7601.17514
HP Webcam-101,0x00200000,1,2,ksproxy.ax,6.01.7601.17514

WDM Streaming Rendering Devices:
Realtek HD Audio output,0x00200000,1,1,ksproxy.ax,6.01.7601.17514

BDA Network Providers:
Microsoft ATSC Network Provider,0x00200000,0,1,MSDvbNP.ax,6.06.7601.17514
Microsoft DVBC Network Provider,0x00200000,0,1,MSDvbNP.ax,6.06.7601.17514
Microsoft DVBS Network Provider,0x00200000,0,1,MSDvbNP.ax,6.06.7601.17514
Microsoft DVBT Network Provider,0x00200000,0,1,MSDvbNP.ax,6.06.7601.17514
Microsoft Network Provider,0x00200000,0,1,MSNP.ax,6.06.7601.17514

Video Capture Sources:
HP Webcam-101,0x00200000,1,2,ksproxy.ax,6.01.7601.17514
CyberLink Web Camera Filter,0x00200000,0,1,YCWebCameraSource.ax,3.00.8289.2201

Multi-Instance Capable VBI Codecs:
VBI Codec,0x00600000,1,4,VBICodec.ax,6.06.7601.17514

BDA Transport Information Renderers:
BDA MPEG2 Transport Information Filter,0x00600000,2,0,psisrndr.ax,6.06.7601.17669
MPEG-2 Sections and Tables,0x00600000,1,0,Mpeg2Data.ax,6.06.7601.17514

BDA CP/CA Filters:
Decrypt/Tag,0x00600000,1,1,EncDec.dll,6.06.7601.17708
Encrypt/Tag,0x00200000,0,0,EncDec.dll,6.06.7601.17708
PTFilter,0x00200000,0,0,EncDec.dll,6.06.7601.17708
XDS Codec,0x00200000,0,0,EncDec.dll,6.06.7601.17708

WDM Streaming Communication Transforms:
Tee/Sink-to-Sink Converter,0x00200000,1,1,ksproxy.ax,6.01.7601.17514

Audio Renderers:
Speakers (Realtek High Definiti,0x00200000,1,0,quartz.dll,6.06.7601.17713
CyberLink Audio Renderer (PDVD8),0x00200000,1,0,cladr.ax,7.00.0000.2111
Default DirectSound Device,0x00800000,1,0,quartz.dll,6.06.7601.17713
Default WaveOut Device,0x00200000,1,0,quartz.dll,6.06.7601.17713
DirectSound: Speakers (Realtek High Definition Audio),0x00200000,1,0,quartz.dll,6.06.7601.17713

---------------
EVR Power Information
---------------
Current Setting: {5C67A112-A4C9-483F-B4A7-1D473BECAFDC} (Quality)
Quality Flags: 2576
Enabled:
Force throttling
Allow half deinterlace
Allow scaling
Decode Power Usage: 100
Balanced Flags: 1424
Enabled:
Force throttling
Allow batching
Force half deinterlace
Force scaling
Decode Power Usage: 50
PowerFlags: 1424
Enabled:
Force throttling
Allow batching
Force half deinterlace
Force scaling
Decode Power Usage: 0




Sun Jan 13 17:44:28 2013
Command line: TestDisk

TestDisk 6.14-WIP, Data Recovery Utility, December 2012
Christophe GRENIER
[You must be registered and logged in to see this link.]
OS: Windows 7 (7601) SP1
Compiler: GCC 4.6, Cygwin 1007.17
Compilation date: 2013-01-06T21:07:12
ext2fs lib: 1.42.2, ntfs lib: 10:0:0, reiserfs lib: 0.3.1-rc8, ewf lib: 20120504
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(/dev/sda)=250059350016
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\PhysicalDrive0)=250059350016
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\C:)=234439573504
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\D:)=15300820992
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\E:)=108191744
filewin32_getfilesize(\\.\F:) GetFileSize err Incorrect function.

filewin32_setfilepointer(\\.\F:) SetFilePointer err Incorrect function.

Warning: can't get size for \\.\F:
Hard disk list
Disk /dev/sda - 250 GB / 232 GiB - CHS 30401 255 63, sector size=512 - WDC WD25 00BEKT-60A25, S/N:W -DXW184AF04081, FW:02.0

Partition table type (auto): Intel
Disk /dev/sda - 250 GB / 232 GiB - WDC WD25 00BEKT-60A25
Partition table type: Intel

Analyse Disk /dev/sda - 250 GB / 232 GiB - CHS 30401 255 63
Geometry from i386 MBR: head=255 sector=63
NTFS at 0/32/33
NTFS at 25/126/38
NTFS at 28527/208/34
FAT32 at 30388/9/22
Info: size boot_sector 211312, partition 211312
FAT1 : 6604-7397
FAT2 : 7398-8191
start_rootdir : 8192 root cluster : 2
Data : 8192-211311
sectors : 211312
cluster_size : 2
no_of_cluster : 101560 (2 - 101561)
fat_length 794 calculated 794
Current partition structure:
1 * HPFS - NTFS 0 32 33 25 126 37 407552 [SYSTEM]
2 P HPFS - NTFS 25 126 38 28527 208 33 457889792
3 P HPFS - NTFS 28527 208 34 30388 9 21 29884416 [RECOVERY]
4 P FAT32 LBA 30388 9 22 30401 48 31 211312 [HP_TOOLS]

search_part()
Disk /dev/sda - 250 GB / 232 GiB - CHS 30401 255 63
NTFS at 0/32/33
filesystem size 407552
sectors_per_cluster 8
mft_lcn 16981
mftmirr_lcn 2
clusters_per_mft_record -10
clusters_per_index_record 1
HPFS - NTFS 0 32 33 25 126 37 407552 [SYSTEM]
NTFS, blocksize=4096, 208 MB / 199 MiB
NTFS at 25/126/38
filesystem size 457889792
sectors_per_cluster 8
mft_lcn 786432
mftmirr_lcn 8912895
clusters_per_mft_record -10
clusters_per_index_record 1
HPFS - NTFS 25 126 38 28527 208 33 457889792
NTFS, blocksize=4096, 234 GB / 218 GiB
NTFS at 28527/208/34
filesystem size 29884416
sectors_per_cluster 8
mft_lcn 786432
mftmirr_lcn 2
clusters_per_mft_record -10
clusters_per_index_record 1
HPFS - NTFS 28527 208 34 30388 9 21 29884416 [RECOVERY]
NTFS, blocksize=4096, 15 GB / 14 GiB
FAT32 at 30388/9/22
FAT1 : 6604-7397
FAT2 : 7398-8191
start_rootdir : 8192 root cluster : 2
Data : 8192-211311
sectors : 211312
cluster_size : 2
no_of_cluster : 101560 (2 - 101561)
fat_length 794 calculated 794

FAT32 at 30388/9/22
FAT32 LBA 30388 9 22 30401 48 31 211312 [HP_TOOLS]
FAT32, blocksize=1024, 108 MB / 103 MiB
file_pread(4,2,buffer,488397168(30401/81/1)) ReadFile The request could not be performed because of an I/O device error.

file_pread(4,1,buffer,488397168(30401/81/1)) ReadFile The request could not be performed because of an I/O device error.

file_pread(4,2,buffer,488397200(30401/81/33)) lseek err Invalid argument
file_pread(4,1,buffer,488397200(30401/81/33)) lseek err Invalid argument
file_pread(4,2,buffer,488397231(30401/82/1)) lseek err Invalid argument
file_pread(4,1,buffer,488397231(30401/82/1)) lseek err Invalid argument
file_pread(4,2,buffer,488397263(30401/82/33)) lseek err Invalid argument
file_pread(4,1,buffer,488397263(30401/82/33)) lseek err Invalid argument
file_pread(4,2,buffer,488398848(30401/107/43)) lseek err Invalid argument
file_pread(4,1,buffer,488398848(30401/107/43)) lseek err Invalid argument
file_pread(4,8,buffer,488397184(30401/81/17)) lseek err Invalid argument
file_pread(4,1,buffer,488397184(30401/81/17)) lseek err Invalid argument
file_pread(4,8,buffer,488397312(30401/83/19)) lseek err Invalid argument
file_pread(4,8,buffer,488397440(30401/85/21)) lseek err Invalid argument
file_pread(4,8,buffer,488397568(30401/87/23)) lseek err Invalid argument
file_pread(4,8,buffer,488397696(30401/89/25)) lseek err Invalid argument
file_pread(4,8,buffer,488397824(30401/91/27)) lseek err Invalid argument
file_pread(4,8,buffer,488397952(30401/93/29)) lseek err Invalid argument
file_pread(4,8,buffer,488398080(30401/95/31)) lseek err Invalid argument
file_pread(4,8,buffer,488398208(30401/97/33)) lseek err Invalid argument
file_pread(4,8,buffer,488398336(30401/99/35)) lseek err Invalid argument
file_pread(4,8,buffer,488398464(30401/101/37)) lseek err Invalid argument
file_pread(4,8,buffer,488398592(30401/103/39)) lseek err Invalid argument
file_pread(4,8,buffer,488398720(30401/105/41)) lseek err Invalid argument
file_pread(4,7,buffer,488398849(30401/107/44)) lseek err Invalid argument
file_pread(4,16,buffer,488398848(30401/107/43)) lseek err Invalid argument
file_pread(4,3,buffer,488398864(30401/107/59)) lseek err Invalid argument
file_pread(4,3,buffer,488398911(30401/108/43)) lseek err Invalid argument
file_pread(4,8,buffer,488398927(30401/108/59)) lseek err Invalid argument
file_pread(4,11,buffer,488398974(30401/109/43)) lseek err Invalid argument
file_pread(4,2,buffer,488400896(30401/140/12)) lseek err Invalid argument

Results
HPFS - NTFS 0 32 33 25 126 37 407552 [SYSTEM]
NTFS, blocksize=4096, 208 MB / 199 MiB
HPFS - NTFS 25 126 38 28527 208 33 457889792
NTFS, blocksize=4096, 234 GB / 218 GiB
HPFS - NTFS 28527 208 34 30388 9 21 29884416 [RECOVERY]
NTFS, blocksize=4096, 15 GB / 14 GiB
FAT32 LBA 30388 9 22 30401 75 10 212992 [HP_TOOLS]
FAT32, blocksize=1024, 109 MB / 104 MiB

interface_write()

No partition found or selected for recovery
simulate write!

write_mbr_i386: starting...
write_all_log_i386: starting...
No extended partition

TestDisk exited normally.


superfan84

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2013-01-08
Operating System : Windows 7

View user profile

Back to top Go down

Re: Possible keylogger infection

Post by DragonMaster Jay on Tue 15 Jan 2013, 3:27 am

Check Partitions

Please download Listparts64
Run the tool,
check the "list BCD" box
click "Scan" and post the log (Result.txt) it makes.



  • Please download VEW by Vino Rosso from here and save it to your desktop
  • Double click it to start it Note: If running Windows Vista or Windows 7 you will need to right click the file and select Run as administrator and click Continue or Allow at the User Account Control Prompt.
  • Click the check boxes next to Application and System located under Select log to query on the upper left
  • Under Select type to list on the right click the boxes next to Error and Warning Note: If running Windows Vista or Windows 7 also click the box next to Critical (not XP).
  • Under Number or date of events select Number of events and type 20 in the box next to 1 to 20 and click Run
  • Once it finishes it will display a log file in notepad
  • Please copy and paste its entire contents into your next reply


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Possible keylogger infection

Post by superfan84 on Tue 15 Jan 2013, 7:32 am

I was able to run the first program and the results are shown below, but the second program runs but at the end it pops up a message saying it cannot find the log. Therefore, I cannot post the results of that scan.

ListParts by Farbar Version: 30-10-2012
Ran by Nate (administrator) on 14-01-2013 at 14:22:43
Windows 7 (X64)
Running From: C:\Users\Nate\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 59%
Total physical RAM: 2933.86 MB
Available physical RAM: 1192.68 MB
Total Pagefile: 5865.91 MB
Available Pagefile: 3547.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:218.34 GB) (Free:79.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (RECOVERY) (Fixed) (Total:14.25 GB) (Free:2.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 218 GB 200 MB
Partition 3 Primary 14 GB 218 GB
Partition 4 Primary 103 MB 232 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 218 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E HP_TOOLS FAT32 Partition 103 MB Healthy

======================================================================================================

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
extendedinput Yes
default {c279be76-9b51-11de-9b93-a29d207e6d0e}
resumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}
displayorder {c279be76-9b51-11de-9b93-a29d207e6d0e}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30
customactions 0x1000085000001
0x5400000f
custom:5400000f {7beb5473-664b-11df-90d9-f8a651e6e7f4}

Windows Boot Loader
-------------------
identifier {572bcd60-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[boot]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
path \windows\system32\boot\winload.exe
description Microsoft Windows PE 2.0
osdevice ramdisk=[boot]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
systemroot \windows
detecthal Yes
winpe Yes
ems Yes

Windows Boot Loader
-------------------
identifier {7beb5473-664b-11df-90d9-f8a651e6e7f4}
device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{7beb5474-664b-11df-90d9-f8a651e6e7f4}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{7beb5474-664b-11df-90d9-f8a651e6e7f4}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Windows Boot Loader
-------------------
identifier {c279be76-9b51-11de-9b93-a29d207e6d0e}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {7beb5473-664b-11df-90d9-f8a651e6e7f4}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}
nx OptIn

Resume from Hibernate
---------------------
identifier {c279be75-9b51-11de-9b93-a29d207e6d0e}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {7beb5474-664b-11df-90d9-f8a651e6e7f4}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Setup Ramdisk Options
---------------------
identifier {ae5534e0-a924-466c-b836-758539a3ee3a}
description Ramdisk Options
ramdisksdidevice boot
ramdisksdipath \boot\boot.sdi


****** End Of Log ******


superfan84

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2013-01-08
Operating System : Windows 7

View user profile

Back to top Go down

Re: Possible keylogger infection

Post by DragonMaster Jay on Wed 16 Jan 2013, 4:45 am

How to capture an event log and upload it to the forum:

  • First, open Event Viewer by clicking Start -> type eventvwr.msc and press ENTER.
  • In the Event Viewer please right click the requested event log (i.e. Application, system, etc...) and click Save Log File As.
  • Please save the logfile to your desktop and give it a recognizable name.
  • Do this for each log that has been requested.
  • When you are finished saving the necessary logs, close Event Viewer.
  • On your desktop find the saved log files. Hold the CTRL key and click to select each event log.
  • When all event logs are selected, right-click one of them, click Send to -> Compressed Zip Folder.
  • A new .ZIP file will have been created on your desktop. Please attach that file to this forum in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Possible keylogger infection

Post by superfan84 on Wed 16 Jan 2013, 7:47 am

I have no idea how to find the log that you want me to post from that event viewer program. I searched around in that program and I have clue as to no where I look in that program.

superfan84

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2013-01-08
Operating System : Windows 7

View user profile

Back to top Go down

Re: Possible keylogger infection

Post by DragonMaster Jay on Wed 16 Jan 2013, 8:48 am

Sorry you're having trouble with this...

Kaspersky GetSystemInfo Scan

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.




On the General tab, make sure all of the boxes are checked.




On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.



Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to [You must be registered and logged in to see this link.] If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Possible keylogger infection

Post by superfan84 on Wed 16 Jan 2013, 10:45 am

ok, that worked a lot better this time around.

[You must be registered and logged in to see this link.]

superfan84

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2013-01-08
Operating System : Windows 7

View user profile

Back to top Go down

Re: Possible keylogger infection

Post by DragonMaster Jay on Wed 16 Jan 2013, 11:08 am

Looks like AVG could be the culprit here. Do you run Spybot and AVG at the same time?

It'll probably be best to get a different antivirus program. You did or didn't pay for AVG?

OTL Fix

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :files
    ipconfig /flushdns /c
    C:\Windows\Babylon8_setup_14628.exe

    :commands
    [emptytemp]
    [reboot]

  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Possible keylogger infection

Post by Sponsored content Today at 6:02 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum