Solved Update fails & other

joblojr2 · 2012/05/10

[Resolved] Update fails & other

Hello! Newbie here.

Windows 7 updates fail. Also, when I shut down my computer, it always says there are programs running preventing it from shutting down. Started about 2 months ago. Logs are below.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.10.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
21st Sentry 001 :: COMPUTER [administrator]

5/10/2012 7:04:02 AM
mbam-log-2012-05-10 (07-04-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 305499
Time elapsed: 18 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: sp -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^^ -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\21st (TrojanProxy.Agent) -> Quarantined and deleted successfully.

(end)

-----------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-10 07:58:31
Windows 6.1.7600
Running: vunf8qee.exe

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\._@_\xf029_auto_file

---- EOF - GMER 1.0.15 ----

------------------

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-10 08:00:46
-----------------------------
08:00:46.644 OS Version: Windows x64 6.1.7600
08:00:46.644 Number of processors: 2 586 0x602
08:00:46.646 ComputerName: COMPUTER UserName:
08:00:48.789 Initialize success
08:01:11.044 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
08:01:11.049 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
08:01:11.066 Disk 0 MBR read successfully
08:01:11.072 Disk 0 MBR scan
08:01:11.077 Disk 0 unknown MBR code
08:01:11.090 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
08:01:11.102 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 599215 MB offset 206848
08:01:11.142 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11163 MB offset 1227399168
08:01:11.190 Disk 0 scanning C:\Windows\system32\drivers
08:01:20.984 Service scanning
08:01:35.388 Modules scanning
08:01:35.405 Disk 0 trace - called modules:
08:01:35.424 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004d7e334]<<storport.sys hal.dll nvstor64.sys
08:01:35.429 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d626f0]
08:01:35.775 3 CLASSPNP.SYS[fffff8800193743f] -> nt!IofCallDriver -> [0xfffffa80041e1bb0]
08:01:35.788 5 ACPI.sys[fffff88000ed9781] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa80041de060]
08:01:35.800 \Driver\nvstor64[0xfffffa80041c32d0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004d7e334
08:01:35.813 Scan finished successfully
08:01:47.979 Disk 0 MBR has been saved successfully to "C:\Users\21st Sentry 001\Desktop\MBR.dat "
08:01:48.006 The log file has been saved successfully to "C:\Users\21st Sentry 001\Desktop\aswMBR.txt "

----------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by 21st Sentry 001 at 8:29:53 on 2012-05-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.1796 [GMT -7:00]
.
AV: Total Defense Anti-Virus Plus *Disabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
SP: Total Defense Anti-Virus Plus *Disabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\System Center Operations Manager 2007\HealthService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxducoms.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osa.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\alg.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\System Center Operations Manager 2007\MonitoringHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\osaui.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Microsoft\OnlineManagement\Common\omsvchost.exe
C:\Program Files\Microsoft\OnlineManagement\Common\omsvchost2.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkService
C:\Users\21st Sentry 001\AppData\Local\Mozilla Firefox\firefox.exe
C:\Users\21st Sentry 001\AppData\Local\Mozilla Firefox\plugin-container.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = localhost:6544
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE "
uRun: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
uRun: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe "
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [OfficeSubscriptionAgent] "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osaui.exe "
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\21STSE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\21st Sentry 001\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\21STSE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SYSTEM~1\Dropbox.lnk - C:\Users\21st Sentry 001\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Windows\system32\VetRedir.dll
Trusted Zone: asapcctv.com
DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} - hxxp://99.140.43.20:84/DVRemoteAx.cab
DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} - hxxp://99.58.136.233/ActiveViewGUI.cab
DPF: {609F3E8A-6207-4C0E-91F4-B032CA79E321} - hxxp://99.140.43.20:87/iWatchDVR.cab
DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} - hxxp://99.58.136.233/ActiveView.cab
DPF: {74D866C3-102D-4995-9CBA-511971BFA90B} - hxxp://www.idtecktraining.com/contents/Sales%20and%20Marketing%20Tips/10270011/002/common/component/StreamNote3.cab
DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://qbo.intuit.com/c30/v33.140/qboax10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {B2F190F0-1FA4-4D77-9ABD-1A054D23653D} - hxxp://210.243.226.50/IPNCWebDlls.CAB
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {EE479A40-C128-40DD-93DA-000556AF9607} - hxxp://72.34.82.206/CtrWeb.cab
DPF: {F9BF64A0-5A65-43E0-ACDB-B223E7F9DDD9} - hxxp://99.140.43.20:92/WEBWATCH2.cab
TCP: Interfaces\{1735206C-7F70-459A-8CB6-2593E95E90BA} : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{36812395-0AA6-4645-8DE4-74320E56112E} : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{36812395-0AA6-4645-8DE4-74320E56112E}\76263777966696 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{4345AA95-C0C0-4C39-BEEA-195B348CD57C} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{441518C4-B610-47B6-AB04-9D8664B7BC7E} : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{441518C4-B610-47B6-AB04-9D8664B7BC7E}\76263777966696 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{441518C4-B610-47B6-AB04-9D8664B7BC7E}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{91FCB389-223C-43B7-A9F2-6F9795F51349} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9BBB3551-D953-41A8-9426-1B83F7B46FE8} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{C1EB2C80-8827-4DD9-998C-6783871DEE47} : DhcpNameServer = 192.168.43.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: PFW - UmxWnp.Dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [OfficeSubscriptionAgent] "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osaui.exe "
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "
mRun-x64: [(Default)]
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE-X64: {FA96114C-9270-4D70-8FE9-FBDDD8E09DCD} - C:\Casino\VegasSlot\casinogame.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\21st Sentry 001\AppData\Roaming\Mozilla\Firefox\Profiles\xhw3xzrs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.60401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\21st Sentry 001\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\21st Sentry 001\AppData\Local\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Users\21st Sentry 001\AppData\Local\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\21st Sentry 001\AppData\Local\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Users\21st Sentry 001\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\21st Sentry 001\AppData\Roaming\Mozilla\Plugins\npgoogletalk.dll
FF - plugin: C:\Users\21st Sentry 001\AppData\Roaming\Mozilla\Plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\21st Sentry 001\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\21st Sentry 001\AppData\Roaming\Mozilla\Plugins\npoff.dll
FF - plugin: C:\Users\21st Sentry 001\AppData\Roaming\Mozilla\Plugins\npwbe.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(yahoo.homepage.dontask, true
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;C:\Windows\system32\DRIVERS\KmxAMRT.sys --> C:\Windows\system32\DRIVERS\KmxAMRT.sys [?]
R1 KmxAgent;KmxAgent;C:\Windows\system32\DRIVERS\kmxagent.sys --> C:\Windows\system32\DRIVERS\kmxagent.sys [?]
R1 KmxCfg;KmxCfg;C:\Windows\system32\DRIVERS\kmxcfg.sys --> C:\Windows\system32\DRIVERS\kmxcfg.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 CAAMSvc;CAAMSvc;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe [2012-2-28 291656]
R2 CAISafe;CAISafe;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe [2012-2-28 312656]
R2 ccSchedulerSVC;CA Common Scheduler Service;C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [2012-3-1 287280]
R2 HealthService;System Center Management;C:\Program Files\System Center Operations Manager 2007\HealthService.exe [2009-5-8 30592]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 lxdu_device;lxdu_device;C:\Windows\system32\lxducoms.exe -service --> C:\Windows\system32\lxducoms.exe -service [?]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-11-17 517632]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-8-17 2024864]
R2 omupdsrv;Microsoft Online Management Updates Service;C:\Program Files\Microsoft\OnlineManagement\Common\omsvchost.exe [2012-3-20 44328]
R2 osubsvc;Microsoft Office 2010 Subscription Agent;C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\osa.exe [2011-11-16 493384]
R2 SignalingAgent;Windows Intune Notification Service;C:\Program Files\Microsoft\OnlineManagement\Common\omsvchost2.exe [2011-9-20 44304]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-5-21 173352]
R2 UmxEngine;TM Engine;C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-4-4 920656]
R3 easytether;easytether;C:\Windows\system32\DRIVERS\easytthr.sys --> C:\Windows\system32\DRIVERS\easytthr.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S1 FDU11;FDU11 Service;C:\Windows\System32\drivers\NGStar.sys [2011-10-4 26880]
S2 Apache2.2;Apache2.2; "c:\xampp\apache\bin\httpd.exe" -k runservice --> c:\xampp\apache\bin\httpd.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2011-8-5 91984]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2011-8-4 111440]
S2 CoreScanner;CoreScanner; "C:\Program Files (x86)\Motorola Scanner\Common\CoreScanner.exe" --> C:\Program Files (x86)\Motorola Scanner\Common\CoreScanner.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-14 136176]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxduserv.exe [2008-5-23 29184]
S2 rsmdriverproviderservice;RSM Driver Provider Service;C:\Program Files (x86)\Motorola Scanner\Common\RSMDriverProviderService.exe --> C:\Program Files (x86)\Motorola Scanner\Common\RSMDriverProviderService.exe [?]
S2 ScnSrvc;Symbol Scanner Management;C:\Program Files (x86)\Motorola Scanner\Common\ScannerService.exe --> C:\Program Files (x86)\Motorola Scanner\Common\ScannerService.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 253600]
S3 AE1000;Linksys AE1000 Driver;C:\Windows\system32\DRIVERS\ae1000w7.sys --> C:\Windows\system32\DRIVERS\ae1000w7.sys [?]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-14 136176]
S3 lpasvc;Microsoft Policy Platform Local Authority;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2011-10-27 53864]
S3 lppsvc;Microsoft Policy Platform Processor;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2011-10-27 53864]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
S3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdtAgent;Operations Manager Audit Forwarding Service;C:\Windows\system32\AdtAgent.exe --> C:\Windows\system32\AdtAgent.exe [?]
S4 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2010-5-1 401920]
.
=============== Created Last 30 ================
.
2012-05-10 14:02:53 -------- d-----w- C:\Users\21st Sentry 001\AppData\Roaming\Malwarebytes
2012-05-10 14:02:42 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-10 14:02:41 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-10 14:02:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-10 13:02:22 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{664D1075-4C76-43CB-9D07-A16ED2807C64}\offreg.dll
2012-05-10 00:43:16 -------- d-----w- C:\Users\21st Sentry 001\AppData\Roaming\SanDisk
2012-05-06 12:47:32 -------- d-----w- C:\Program Files\System Center Operations Manager 2007
2012-05-06 08:26:41 -------- d-----w- C:\ProgramData\4qsXatqkEcVccUBjW
2012-05-06 08:26:20 62832 ----a-r- C:\Users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{F9A035E8-731F-4437-93E1-8CD9CB9AACF5}\VPWIntroApp.exe1_6F9384127F68448A86771D11EFEDF52B.exe
2012-05-06 08:26:20 62832 ----a-r- C:\Users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{F9A035E8-731F-4437-93E1-8CD9CB9AACF5}\NewShortcut8_EB8AD7CDC12044F594E72E8D2188F1F4.exe
2012-05-06 08:26:20 62832 ----a-r- C:\Users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{F9A035E8-731F-4437-93E1-8CD9CB9AACF5}\NewShortcut7_C02BFCB8628145A6BFA867E1C0489316.exe
2012-05-06 08:26:20 62832 ----a-r- C:\Users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{F9A035E8-731F-4437-93E1-8CD9CB9AACF5}\NewShortcut6_8F0732E1EA434956B225F68709FA376B.exe
2012-05-06 08:26:20 62832 ----a-r- C:\Users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{F9A035E8-731F-4437-93E1-8CD9CB9AACF5}\NewShortcut5_4A81316A0B4E45129A3AF83EC145EA46.exe
2012-05-06 08:26:20 62832 ----a-r- C:\Users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{F9A035E8-731F-4437-93E1-8CD9CB9AACF5}\NewShortcut4_BA0FC4D604954AFCA92C6DC1CE530452.exe
2012-05-06 08:26:20 62832 ----a-r- C:\Users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{F9A035E8-731F-4437-93E1-8CD9CB9AACF5}\NewShortcut3_287C3D4E5A3C488C842FA3F4EA02A329.exe
2012-05-06 08:26:20 62832 ----a-r- C:\Users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{F9A035E8-731F-4437-93E1-8CD9CB9AACF5}\NewShortcut2_819DCF676C8B4A3E9155D101C9C72C9C.exe
2012-05-06 08:26:20 62832 ----a-r- C:\Users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{F9A035E8-731F-4437-93E1-8CD9CB9AACF5}\NewShortcut1_DE2625ED82FE4BBB97B8FD90254E303A.exe
2012-05-06 08:26:20 62832 ----a-r- C:\Users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{F9A035E8-731F-4437-93E1-8CD9CB9AACF5}\ARPPRODUCTICON.exe
2012-05-06 08:25:33 -------- d-----w- C:\Users\21st Sentry 001\AppData\Local\Programs
2012-05-05 05:56:06 2621440 ----a-w- C:\Windows\System32\wucltux.dll
2012-05-05 05:55:51 98816 ----a-w- C:\Windows\System32\wudriver.dll
2012-05-05 05:55:32 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-05-05 05:55:32 185416 ----a-w- C:\Windows\System32\wuwebv.dll
2012-05-05 03:19:44 20752 ----a-w- C:\Windows\System32\drivers\easytthr.sys
2012-05-05 03:19:43 -------- d-----w- C:\Program Files (x86)\Mobile Stream
2012-05-04 21:07:36 -------- d-----w- C:\Ruby193
2012-05-04 20:09:08 -------- d-----w- C:\Program Files\Windows Firewall Configuration Provider
2012-05-04 20:07:51 -------- d-----w- C:\Program Files\Microsoft Policy Platform
2012-05-04 20:06:51 -------- d-----w- C:\Program Files (x86)\Microsoft Easy Assist
2012-05-03 20:02:14 -------- d-----w- C:\Users\21st Sentry 001\AppData\Roaming\KompoZer
2012-04-30 11:24:36 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{664D1075-4C76-43CB-9D07-A16ED2807C64}\mpengine.dll
2012-04-29 02:57:17 -------- d-----w- C:\Program Files\Microsoft Games
2012-04-27 10:14:40 -------- d-----w- C:\Program Files (x86)\WildTangent Games
2012-04-26 00:23:24 -------- d-----w- C:\Windows\System32\SPReview
2012-04-25 02:58:14 -------- d-----w- C:\Users\21st Sentry 001\AppData\Local\PokerStars.NET
2012-04-23 03:36:31 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-04-23 03:36:31 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-04-23 03:36:31 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-04-23 03:36:31 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-04-23 03:36:31 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-04-23 03:36:31 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-04-23 03:35:56 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-04-22 05:54:02 -------- d-----w- C:\NVIDIA
2012-04-22 05:36:20 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-04-22 04:45:59 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-04-22 04:45:25 -------- d-----w- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2012-04-22 04:45:21 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-04-22 04:45:00 4223008 ----a-w- C:\Windows\SysWow64\NVStWiz.exe
2012-04-21 11:18:57 -------- d-----w- C:\Users\21st Sentry 001\AppData\Roaming\OpenDNS Updater
2012-04-21 11:18:55 -------- d-----w- C:\Program Files (x86)\OpenDNS Updater
2012-04-19 05:47:28 -------- d-----w- C:\Program Files (x86)\FriendFinder
2012-04-18 23:11:49 -------- d-----w- C:\Windows\System32\EventProviders
2012-04-18 23:11:33 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-18 23:11:32 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-18 23:11:32 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-18 23:07:59 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-18 23:07:59 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-18 23:07:59 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-18 23:07:58 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-18 23:07:58 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-18 23:07:58 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-18 23:07:57 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-18 22:43:33 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2012-04-12 23:20:29 35928 ----a-w- C:\Windows\System32\AdobePDF64.dll
2012-04-12 23:20:11 95864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-04-26 08:12:54 152064 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-04-26 08:12:53 175104 ----a-w- C:\Windows\System32\msclmd.dll
2012-04-22 05:42:24 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-01 01:20:21 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-01 01:20:21 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-23 02:32:17 468 ----a-w- C:\Windows\user.tmp
2012-03-23 02:32:15 57093 ----a-w- C:\Windows\angelcam.tmp
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-02-29 20:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-02-28 22:47:26 95568 ----a-w- C:\Windows\System32\vetredir.dll
2012-02-28 22:47:26 141136 ----a-w- C:\Windows\System32\isafeif64.dll
2012-02-28 22:47:26 128336 ----a-w- C:\Windows\System32\isafeif.dll
2012-02-28 22:47:26 103760 ----a-w- C:\Windows\System32\vetredir64.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 17:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-19 07:06:32 1681230 ----a-w- C:\ProgramData\SPLF076.tmp
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-14 19:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
.
============= FINISH: 8:38:38.86 ===============

broni · 2012/05/10

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================================

I still need Extras.txt part of DDS.

joblojr2 · 2012/05/10

rest of logs

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/30/2010 9:24:00 PM
System Uptime: 5/9/2012 11:57:02 PM (9 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Narra6
Processor: AMD Athlon(tm) II X2 250 Processor | CPU 1 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 585 GiB total, 475.878 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 0.291 GiB free.
E: is Removable
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP540: 4/30/2012 4:23:46 AM - Windows Update
RP541: 5/4/2012 1:02:34 PM - Installed Windows Intune
RP542: 5/4/2012 1:05:57 PM - Microsoft Online Management Updates
RP543: 5/4/2012 1:20:18 PM - Microsoft Online Management Updates
RP544: 5/4/2012 1:30:46 PM - Microsoft Online Management Updates
RP545: 5/4/2012 1:41:13 PM - Microsoft Online Management Updates
RP546: 5/4/2012 1:51:38 PM - Microsoft Online Management Updates
RP547: 5/4/2012 2:02:01 PM - Microsoft Online Management Updates
RP548: 5/4/2012 2:12:30 PM - Microsoft Online Management Updates
RP549: 5/4/2012 2:22:58 PM - Microsoft Online Management Updates
RP550: 5/4/2012 2:33:21 PM - Microsoft Online Management Updates
RP551: 5/4/2012 2:43:44 PM - Microsoft Online Management Updates
RP552: 5/4/2012 8:19:17 PM - Installed EasyTether
RP553: 5/4/2012 10:55:08 PM - Windows Update
RP554: 5/5/2012 3:00:10 AM - Microsoft Online Management Updates
RP555: 5/6/2012 1:25:38 AM - Installed Video Poker for Winners.
RP556: 5/6/2012 5:47:01 AM - Microsoft Online Management Updates
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acrobat.com
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Media Live Encoder 3.1
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
All In One
Amazon Games & Software Downloader
AudibleManager
Barona Online Poker
Belarc Advisor 8.1
BetOnline Poker 8.2
BovadaPoker
CamStudio
Casino Titan
Cherry Red Casino
Club Player Casino
CMS
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectX for Managed Code Update (Summer 2004)
DistanceCalculator
DiViS-Net
Dropbox
DVD Menu Pack for HP MediaSmart Video
DVR Utility
Eldorado Palace
eReg
FileZilla Client 3.5.1
FriendFinder Messenger v4.1
Golden Cherry Casino
Google Chrome
Google Earth
Google SketchUp 8
Google Talk Plugin
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.2.0
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2135068)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2160831)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2278944)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2293451)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2303365)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2376419)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2387011)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2401992)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2402012)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2402815)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2425130)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2434700)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB983504)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB983537)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB983578)
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HTC Driver
IIS 7.5 Express
J2SE Runtime Environment 5.0 Update 10
Java Auto Updater
Java(TM) 6 Update 31
LabelPrint
Lexmark Printable Web
Lexmark Toolbar
LightScribe System Software
Malwarebytes Anti-Malware version 1.61.0.1400
MaxView
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5 Developer Preview Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Easy Assist v2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office Subscription (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus Subscription 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Report Viewer Redistributable 2008 (KB971118)
Microsoft Silverlight
Microsoft Silverlight 4 SDK
Microsoft Silverlight 5 Beta SDK
Microsoft SQL Server "Denali" Management Objects CTP3
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft System CLR Types for SQL Server "Denali" CTP3
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Works
Miranda IM 0.9.10
MotoHelper MergeModules
Motorola CoreScanner Driver
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox (3.6.17)
Mozilla Firefox 11.0 (x86 en-US)
Mozilla Thunderbird 11.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Norton Online Backup
OpenDNS Updater 2.2.1
Palace of Chance
PDF Settings
Picasa 3
PictureMover
PokerStars.net
Power2Go
PowerDirector
Prism Casino
QuickBooks
QuickBooks Pro 2010
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Recovery Manager
Ruby 1.9.2-p290
Ruby 1.9.3-p194
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
SHOUTcast DNAS Server v2
SHOUTcast Transcoder v2
Sid Meier's Civilization 4 Complete
Sid Meier's Civilization IV Colonization
Skypeâ„¢ 4.2
Slot Madness
Slots Jungle Casino
Slots of Vegas
SmartFTP Client Setup Files 4.0 (x64) (remove only)
Sony ACID XMC 6.0
STAR 100R
TeamViewer 5
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update Installer for WildTangent Games App
Video Poker for Winners
VLC media player 1.1.9
WCF RIA Services V1.0 SP1
Wild Vegas
WildTangent Games App (HP Games)
Winamp
Winamp Detector Plug-in
Windows Media Player Firefox Plugin
WinPalace
Yahoo! Detect
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
5/9/2012 7:28:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
5/9/2012 7:25:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
5/9/2012 7:25:02 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR17.
5/9/2012 7:05:06 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR15.
5/9/2012 6:58:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
5/9/2012 6:58:23 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/9/2012 6:57:24 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR7.
5/9/2012 5:54:02 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
5/9/2012 5:43:15 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running.
5/9/2012 5:29:48 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR10.
5/9/2012 11:57:59 PM, Error: Service Control Manager [7023] - The Windows Process Activation Service service terminated with the following error: The data is invalid.
5/9/2012 11:57:59 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Windows Process Activation Service service which failed to start because of the following error: The data is invalid.
5/9/2012 11:57:59 PM, Error: Service Control Manager [7001] - The Net.Pipe Listener Adapter service depends on the Windows Process Activation Service service which failed to start because of the following error: The data is invalid.
5/9/2012 11:57:58 PM, Error: Microsoft-Windows-WAS [5173] - The Windows Process Activation Service encountered an error trying to read configuration data for config section 'system.applicationHost/applicationPools' from file '\\?\C:\Windows\system32\inetsrv\config\applicationHost.config', line number '133'. The error message is: 'Unrecognized attribute 'setProfileEnvironment' '. The data field contains the error number.
5/9/2012 11:57:58 PM, Error: Microsoft-Windows-WAS [5036] - The configuration manager for Windows Process Activation Service (WAS) did not initialize. The data field contains the error number.
5/9/2012 11:57:58 PM, Error: Microsoft-Windows-WAS [5005] - Windows Process Activation Service (WAS) is stopping because it encountered an error. The data field contains the error number.
5/9/2012 11:57:53 PM, Error: Service Control Manager [7000] - The Symbol Scanner Management service failed to start due to the following error: The system cannot find the file specified.
5/9/2012 11:57:53 PM, Error: Service Control Manager [7000] - The RSM Driver Provider Service service failed to start due to the following error: The system cannot find the file specified.
5/9/2012 11:57:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.
5/9/2012 11:57:39 PM, Error: Service Control Manager [7000] - The lxduCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/9/2012 11:57:33 PM, Error: Service Control Manager [7000] - The CoreScanner service failed to start due to the following error: The system cannot find the file specified.
5/9/2012 11:57:33 PM, Error: Microsoft-Windows-IIS-APPHOSTSVC [9000] - The Application Host Helper Service encountered an error while reading the data for SID mapping. Please ensure that the application pool name data is correct in the configuration file. To resolve this issue, please recommit the changes or restart this service. The data field contains the error number.
5/9/2012 11:57:31 PM, Error: Service Control Manager [7000] - The Apache2.2 service failed to start due to the following error: The system cannot find the file specified.
5/9/2012 11:44:48 AM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 4 time(s).
5/9/2012 11:39:49 AM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 3 time(s).
5/9/2012 11:36:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
5/9/2012 11:36:20 AM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/8/2012 8:04:04 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
5/8/2012 8:03:27 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/8/2012 8:03:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.
5/8/2012 8:03:22 PM, Error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/7/2012 10:02:45 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 4 time(s).
5/6/2012 5:42:36 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Telephony service, but this action failed with the following error: An instance of the service is already running.
5/4/2012 12:20:28 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
5/4/2012 12:20:28 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
5/4/2012 12:20:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
5/3/2012 2:30:03 AM, Error: Service Control Manager [7034] - The TeamViewer 5 service terminated unexpectedly. It has done this 1 time(s).
5/10/2012 12:24:39 AM, Error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 3 time(s).
5/10/2012 12:24:39 AM, Error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 3 time(s).
5/10/2012 12:24:39 AM, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 3 time(s).
5/10/2012 12:24:39 AM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 3 time(s).
5/10/2012 12:12:55 AM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 2 time(s).
5/10/2012 12:12:55 AM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/10/2012 12:12:55 AM, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/10/2012 12:12:55 AM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
5/10/2012 12:12:55 AM, Error: Service Control Manager [7031] - The Network Access Protection Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 86400000 milliseconds: Restart the service.
5/10/2012 12:12:55 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/10/2012 12:04:10 AM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/10/2012 12:04:10 AM, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/10/2012 12:04:10 AM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
5/10/2012 12:04:10 AM, Error: Service Control Manager [7031] - The Network Access Protection Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/10/2012 12:04:10 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/10/2012 12:04:10 AM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================

broni · 2012/05/10

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

joblojr2 · 2012/05/10

combofix

ComboFix 12-05-10.02 - 21st Sentry 001 05/10/2012 10:28:48.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.1994 [GMT -7:00]
Running from: c:\users\21st Sentry 001\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\desktop.ini
c:\program files\test.txt
c:\programdata\SPLF076.tmp
c:\users\21st Sentry 001\Desktop\Setup.exe
c:\windows\sv.ini
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\ijl11.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-10 18:10 . 2012-05-10 18:10 -------- d-----w- c:\users\mediaruse\AppData\Local\temp
2012-05-10 18:10 . 2012-05-10 18:10 -------- d-----w- c:\users\Greg Sullivan\AppData\Local\temp
2012-05-10 18:10 . 2012-05-10 18:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-10 18:10 . 2012-05-10 18:10 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2012-05-10 16:12 . 2012-05-10 16:12 -------- d-----w- c:\users\21st Sentry 001\AppData\Roaming\NVIDIA
2012-05-10 14:02 . 2012-05-10 14:02 -------- d-----w- c:\users\21st Sentry 001\AppData\Roaming\Malwarebytes
2012-05-10 14:02 . 2012-05-10 14:02 -------- d-----w- c:\programdata\Malwarebytes
2012-05-10 14:02 . 2012-05-10 14:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-10 00:43 . 2012-05-10 00:43 -------- d-----w- c:\users\21st Sentry 001\AppData\Roaming\SanDisk
2012-05-06 12:47 . 2012-05-06 12:47 -------- d-----w- c:\program files\System Center Operations Manager 2007
2012-05-06 08:26 . 2012-05-06 08:26 -------- d-----w- c:\programdata\4qsXatqkEcVccUBjW
2012-05-06 08:26 . 2012-05-06 08:26 62832 ----a-r- c:\users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{F9A035E8-731F-4437-93E1-8CD9CB9AACF5}\VPWIntroApp.exe1_6F9384127F68448A86771D11EFEDF52B.exe
2012-05-06 08:26 . 2012-05-06 08:26 62832 ----a-r- c:\users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{F9A035E8-731F-4437-93E1-8CD9CB9AACF5}\NewShortcut8_EB8AD7CDC12044F594E72E8D2188F1F4.exe
2012-05-06 08:26 . 2012-05-06 08:26 62832 ----a-r- c:\users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{F9A035E8-731F-4437-93E1-8CD9CB9AACF5}\NewShortcut7_C02BFCB8628145A6BFA867E1C0489316.exe
2012-05-06 08:26 . 2012-05-06 08:26 62832 ----a-r- c:\users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{F9A035E8-731F-4437-93E1-8CD9CB9AACF5}\NewShortcut6_8F0732E1EA434956B225F68709FA376B.exe
2012-05-06 08:26 . 2012-05-06 08:26 62832 ----a-r- c:\users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{F9A035E8-731F-4437-93E1-8CD9CB9AACF5}\NewShortcut5_4A81316A0B4E45129A3AF83EC145EA46.exe
2012-05-06 08:26 . 2012-05-06 08:26 62832 ----a-r- c:\users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{F9A035E8-731F-4437-93E1-8CD9CB9AACF5}\NewShortcut4_BA0FC4D604954AFCA92C6DC1CE530452.exe
2012-05-06 08:26 . 2012-05-06 08:26 62832 ----a-r- c:\users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{F9A035E8-731F-4437-93E1-8CD9CB9AACF5}\NewShortcut3_287C3D4E5A3C488C842FA3F4EA02A329.exe
2012-05-06 08:26 . 2012-05-06 08:26 62832 ----a-r- c:\users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{F9A035E8-731F-4437-93E1-8CD9CB9AACF5}\NewShortcut2_819DCF676C8B4A3E9155D101C9C72C9C.exe
2012-05-06 08:26 . 2012-05-06 08:26 62832 ----a-r- c:\users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{F9A035E8-731F-4437-93E1-8CD9CB9AACF5}\NewShortcut1_DE2625ED82FE4BBB97B8FD90254E303A.exe
2012-05-06 08:26 . 2012-05-06 08:26 62832 ----a-r- c:\users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{F9A035E8-731F-4437-93E1-8CD9CB9AACF5}\ARPPRODUCTICON.exe
2012-05-06 08:25 . 2012-05-06 08:26 -------- d-----w- c:\users\21st Sentry 001\AppData\Local\Programs
2012-05-05 05:56 . 2009-08-07 02:24 43744 ----a-w- c:\windows\system32\wups2.dll
2012-05-05 05:56 . 2009-08-07 02:24 57560 ----a-w- c:\windows\system32\wuauclt.exe
2012-05-05 05:56 . 2009-08-07 02:24 2424024 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-05 05:56 . 2009-08-07 01:59 2621440 ----a-w- c:\windows\system32\wucltux.dll
2012-05-05 05:55 . 2009-08-07 02:24 38112 ----a-w- c:\windows\system32\wups.dll
2012-05-05 05:55 . 2009-08-07 01:59 98816 ----a-w- c:\windows\system32\wudriver.dll
2012-05-05 05:55 . 2009-08-07 02:23 700640 ----a-w- c:\windows\system32\wuapi.dll
2012-05-05 05:55 . 2009-08-07 02:23 185416 ----a-w- c:\windows\system32\wuwebv.dll
2012-05-05 05:55 . 2009-08-07 01:59 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-05 03:19 . 2011-05-22 22:44 20752 ----a-w- c:\windows\system32\drivers\easytthr.sys
2012-05-05 03:19 . 2012-05-05 03:19 -------- d-----w- c:\program files (x86)\Mobile Stream
2012-05-04 21:07 . 2012-05-04 21:07 -------- d-----w- C:\Ruby193
2012-05-04 20:09 . 2012-05-04 20:09 -------- d-----w- c:\program files\Windows Firewall Configuration Provider
2012-05-04 20:07 . 2012-05-04 20:09 -------- d-----w- c:\program files\Microsoft Policy Platform
2012-05-04 20:06 . 2012-05-04 20:06 -------- d-----w- c:\program files (x86)\Microsoft Easy Assist
2012-05-03 20:02 . 2012-05-03 20:02 -------- d-----w- c:\users\21st Sentry 001\AppData\Roaming\KompoZer
2012-04-30 11:24 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{664D1075-4C76-43CB-9D07-A16ED2807C64}\mpengine.dll
2012-04-29 02:57 . 2012-04-29 02:57 -------- d-----w- c:\program files\Microsoft Games
2012-04-27 10:14 . 2012-04-27 10:14 -------- d-----w- c:\program files (x86)\WildTangent Games
2012-04-26 00:23 . 2012-04-26 00:23 -------- d-----w- c:\windows\system32\SPReview
2012-04-25 02:58 . 2012-04-25 02:58 -------- d-----w- c:\users\21st Sentry 001\AppData\Local\PokerStars.NET
2012-04-23 03:36 . 2012-02-10 03:14 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-04-23 03:36 . 2012-02-10 03:14 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-04-23 03:36 . 2012-02-10 03:07 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-04-23 03:36 . 2012-02-10 03:07 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-04-23 03:36 . 2012-02-10 03:07 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-04-23 03:36 . 2012-02-10 03:07 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-04-23 03:35 . 2012-04-23 03:35 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-04-22 05:54 . 2012-04-23 03:02 -------- d-----w- C:\NVIDIA
2012-04-22 05:36 . 2012-04-23 03:36 -------- d-----w- c:\program files\NVIDIA Corporation
2012-04-22 04:45 . 2012-04-23 03:30 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-04-22 04:45 . 2012-04-22 04:45 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2012-04-22 04:45 . 2012-04-22 04:45 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-22 04:45 . 2009-08-06 15:20 4223008 ----a-w- c:\windows\SysWow64\NVStWiz.exe
2012-04-21 11:18 . 2012-04-21 11:18 -------- d-----w- c:\users\21st Sentry 001\AppData\Roaming\OpenDNS Updater
2012-04-21 11:18 . 2012-04-21 11:18 -------- d-----w- c:\program files (x86)\OpenDNS Updater
2012-04-19 05:47 . 2012-04-19 05:47 -------- d-----w- c:\program files (x86)\FriendFinder
2012-04-18 23:11 . 2012-04-18 23:11 -------- d-----w- c:\windows\system32\EventProviders
2012-04-18 23:11 . 2012-03-06 06:43 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-18 23:11 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-18 23:11 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-18 23:07 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-18 23:07 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-18 23:07 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-18 23:07 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-18 23:07 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-18 23:07 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-18 23:07 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-18 22:43 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2012-04-12 23:20 . 2007-03-23 23:55 35928 ----a-w- c:\windows\system32\AdobePDF64.dll
2012-04-12 23:20 . 2007-05-11 05:52 95864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 08:12 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-26 08:12 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll
2012-04-22 05:42 . 2010-10-11 07:12 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-01 01:20 . 2012-04-01 01:20 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-01 01:20 . 2011-09-04 12:45 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-23 02:32 . 2010-07-01 18:22 468 ----a-w- c:\windows\user.tmp
2012-03-23 02:32 . 2010-07-01 18:22 57093 ----a-w- c:\windows\angelcam.tmp
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-19 23:53 . 2010-07-20 12:09 17816 ----a-w- c:\programdata\Microsoft\MSOIdentityCRL\production\msoidconfig.dll
2012-03-13 12:15 . 2012-03-13 12:15 40960 ----a-r- c:\users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{3F7D09B0-13B0-4BBF-B5EB-2E04EA66D8FD}\STAR100R.exe1_3F7D09B013B04BBFB5EB2E04EA66D8FD.exe
2012-03-13 12:15 . 2012-03-13 12:15 40960 ----a-r- c:\users\21st Sentry 001\AppData\Roaming\Microsoft\Installer\{3F7D09B0-13B0-4BBF-B5EB-2E04EA66D8FD}\STAR100R.exe_3F7D09B013B04BBFB5EB2E04EA66D8FD.exe
2012-03-04 21:14 . 2012-01-09 18:01 1779840 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2012-02-29 20:26 . 2012-02-29 20:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-28 22:47 . 2012-02-28 22:47 95568 ----a-w- c:\windows\system32\vetredir.dll
2012-02-28 22:47 . 2012-02-28 22:47 141136 ----a-w- c:\windows\system32\isafeif64.dll
2012-02-28 22:47 . 2012-02-28 22:47 128336 ----a-w- c:\windows\system32\isafeif.dll
2012-02-28 22:47 . 2012-02-28 22:47 103760 ----a-w- c:\windows\system32\vetredir64.dll
2012-02-23 18:06 . 2012-02-23 18:06 118987 ----a-w- c:\users\testing01\pgp7vna.js
2012-02-23 17:18 . 2010-05-03 17:07 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 06:27 . 2012-03-19 23:59 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-19 23:59 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-19 23:59 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-19 23:59 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\21st Sentry 001\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\21st Sentry 001\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\21st Sentry 001\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess "= "c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
"OpenDNS Updater "= "c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
"EasyTether "= "c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2011-05-23 48648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update "= "c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Intuit SyncManager "= "c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-02-22 1497352]
"OfficeSubscriptionAgent "= "c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\osaui.exe" [2011-11-16 932160]
"BCSSync "= "c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"TkBellExe "= "c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-08-07 202256]
"Acrobat Assistant 8.0 "= "c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"SunJavaUpdateSched "= "c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\21st Sentry 001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\21st Sentry 001\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\users\21st Sentry 001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled
Dropbox.lnk - c:\users\21st Sentry 001\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-11 1155432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
.
R1 FDU11;FDU11 Service;c:\windows\system32\DRIVERS\NGStar.sys [2011-01-21 26880]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2011-08-05 91984]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2011-08-05 111440]
R2 CoreScanner;CoreScanner;c:\program files (x86)\Motorola Scanner\Common\CoreScanner.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [2009-10-16 29184]
R2 rsmdriverproviderservice;RSM Driver Provider Service;c:\program files (x86)\Motorola Scanner\Common\RSMDriverProviderService.exe [x]
R2 ScnSrvc;Symbol Scanner Management;c:\program files (x86)\Motorola Scanner\Common\ScannerService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 136176]
R3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe [2011-10-28 53864]
R3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe [2011-10-28 53864]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 NUS_Bus;Network USB Server Bus;c:\windows\system32\DRIVERS\NUS_Bus.sys [x]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdtAgent;Operations Manager Audit Forwarding Service;c:\windows\system32\AdtAgent.exe [x]
R4 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 HealthService;System Center Management;c:\program files\System Center Operations Manager 2007\HealthService.exe [2009-05-09 30592]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-17 1039360]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-05-04 517632]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-08-17 2024864]
S2 omupdsrv;Microsoft Online Management Updates Service;c:\program files\Microsoft\OnlineManagement\Common\omsvchost.exe [2012-03-20 44328]
S2 osubsvc;Microsoft Office 2010 Subscription Agent;c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\osa.exe [2011-11-16 493384]
S2 SignalingAgent;Windows Intune Notification Service;c:\program files\Microsoft\OnlineManagement\Common\omsvchost2.exe [2011-09-20 44304]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 01:20]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-14 12:31]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-14 12:31]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-509302359-2067149998-3783769910-1000Core.job
- c:\users\21st Sentry 001\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-04 22:26]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-509302359-2067149998-3783769910-1000UA.job
- c:\users\21st Sentry 001\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-04 22:26]
.
2012-04-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\21st Sentry 001\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\21st Sentry 001\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\21st Sentry 001\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@= "{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\21st Sentry 001\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu "= "c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"PC-Doctor for Windows localizer "= "c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"lxdumon.exe "= "c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs "=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:6544
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: asapcctv.com
TCP: Interfaces\{9BBB3551-D953-41A8-9426-1B83F7B46FE8}: NameServer = 208.67.222.222,208.67.220.220
DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} - hxxp://99.140.43.20:84/DVRemoteAx.cab
DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} - hxxp://99.58.136.233/ActiveViewGUI.cab
DPF: {609F3E8A-6207-4C0E-91F4-B032CA79E321} - hxxp://99.140.43.20:87/iWatchDVR.cab
DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} - hxxp://99.58.136.233/ActiveView.cab
DPF: {74D866C3-102D-4995-9CBA-511971BFA90B} - hxxp://www.idtecktraining.com/contents/Sales%20and%20Marketing%20Tips/10270011/002/common/component/StreamNote3.cab
DPF: {B2F190F0-1FA4-4D77-9ABD-1A054D23653D} - hxxp://210.243.226.50/IPNCWebDlls.CAB
DPF: {EE479A40-C128-40DD-93DA-000556AF9607} - hxxp://72.34.82.206/CtrWeb.cab
DPF: {F9BF64A0-5A65-43E0-ACDB-B223E7F9DDD9} - hxxp://99.140.43.20:92/WEBWATCH2.cab
FF - ProfilePath - c:\users\21st Sentry 001\AppData\Roaming\Mozilla\Firefox\Profiles\xhw3xzrs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(yahoo.homepage.dontask, true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-509302359-2067149998-3783769910-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*��@]
@Class= "Shell "
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-509302359-2067149998-3783769910-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*��@\OpenWithList]
@Class= "Shell "
"a "= "vlc.exe "
"MRUList "= "a "
.
[HKEY_USERS\S-1-5-21-509302359-2067149998-3783769910-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*��@]
@Allowed: (Read) (RestrictedCode)
"0 "=hex:72,74,73,70,3a,2f,2f,32,31,30,2e,32,34,33,2e,32,32,36,2e,35,31,3a,38,
35,35,37,2f,50,53,49,41,2f,53,74,72,65,61,6d,69,6e,67,2f,63,68,61,6e,6e,65,\
"MRUListEx "=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.10 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution "= "{15727DE6-F92D-4E46-ACB4-0E2C58B31A18} "
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key "= "ActionsPane3 "
"Location "= "c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd "
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2012-05-10 11:42:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-10 18:42
.
Pre-Run: 514,088,267,776 bytes free
Post-Run: 514,956,980,224 bytes free
.
- - End Of File - - CC704A0279BE2C9042482C6F90E971AD

broni · 2012/05/10

Looks good.

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

joblojr2 · 2012/05/10

Not sure

It seems to be running maybe a little smoother than it was, however, it restarted itself half way through the combofix and the same message popped up about programs running, to wait for shutdown.

Ill be doing OTL now.

broni · 2012/05/10

What is the EXACT message?

joblojr2 · 2012/05/10

log

I have to restart my computer to get the exact message, is it ok to do that?

OTL logfile created on: 5/10/2012 11:55:55 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\21st Sentry 001\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 62.15% Memory free
7.50 Gb Paging File | 6.10 Gb Available in Paging File | 81.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.17 Gb Total Space | 479.69 Gb Free Space | 81.97% Space Free | Partition Type: NTFS
Drive D: | 10.90 Gb Total Space | 0.29 Gb Free Space | 2.67% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: 21st Sentry 001 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/10 11:53:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\21st Sentry 001\Desktop\OTL.exe
PRC - [2011/11/11 14:41:46 | 001,155,432 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/11/11 13:36:56 | 000,045,056 | ---- | M] (Intuit) -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/08/06 17:15:02 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/05/21 04:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/05/10 03:44:24 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/10/22 19:50:40 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/05/10 22:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

========== Modules (No Company Name) ==========

MOD - [2009/10/22 19:50:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/20 16:58:26 | 000,044,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\OnlineManagement\Common\omsvchost.exe -- (omupdsrv)
SRV:64bit: - [2011/10/27 19:51:02 | 000,053,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lppsvc)
SRV:64bit: - [2011/10/27 19:51:02 | 000,053,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lpasvc)
SRV:64bit: - [2011/09/20 14:35:36 | 000,044,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\OnlineManagement\Common\omsvchost2.exe -- (SignalingAgent)
SRV:64bit: - [2009/10/16 17:06:40 | 001,039,360 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device)
SRV:64bit: - [2009/10/16 16:53:46 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/05/08 20:35:22 | 000,343,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\AdtAgent.exe -- (AdtAgent)
SRV:64bit: - [2009/05/08 20:27:48 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\System Center Operations Manager 2007\HealthService.exe -- (HealthService)
SRV - [2012/03/31 18:20:21 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/11/11 13:36:56 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/05 01:25:50 | 000,091,984 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/05/21 04:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/05/10 03:44:24 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Disabled | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/10/16 16:53:46 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/13 18:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 18:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/23 05:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxducoms.exe -- (lxdu_device)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/03 03:31:25 | 001,101,600 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ae1000w7.sys -- (AE1000)
DRV:64bit: - [2011/07/19 11:35:00 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2011/05/22 15:44:12 | 000,020,752 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/20 17:16:58 | 000,026,880 | ---- | M] (NITGEN&COMPANY Co., Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ngstar.sys -- (FDU11)
DRV:64bit: - [2010/08/06 13:22:14 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010/03/18 02:00:40 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010/03/18 02:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 02:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/12/01 16:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/11/14 00:05:36 | 000,036,256 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2009/07/30 10:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 13:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/05/09 21:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/03/07 14:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pnetmdm64.sys -- (pnetmdm)
DRV - [2011/01/20 17:16:58 | 000,026,880 | ---- | M] (NITGEN&COMPANY Co., Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\NGStar.sys -- (FDU11)
DRV - [2010/05/04 08:51:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/04 08:50:54 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1998/05/07 00:00:00 | 000,000,111 | ---- | M] () [Adapter | On_Demand | Unknown] -- C:\Windows\SysWow64\WINSOCK.SRG -- (Winsock)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB}
IE:64bit: - HKLM\..\SearchScopes\{5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{CCA70054-9FB7-46C4-A32D-B64843035997}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB}
IE - HKLM\..\SearchScopes\{5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{CCA70054-9FB7-46C4-A32D-B64843035997}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\..\SearchScopes,DefaultScope = {5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB}
IE - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\..\SearchScopes\{5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\..\SearchScopes\{A3F34433-A5F5-4A2D-A6BA-B8910AD6093B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\..\SearchScopes\{CCA70054-9FB7-46C4-A32D-B64843035997}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
IE - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
IE - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:6544

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm "
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm "
FF - prefs.js..browser.search.param.yahoo-type: "${8} "
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
FF - prefs.js..network.proxy.autoconfig_url: "http://localhost:8080/ "
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 4

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.60401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\21st Sentry 001\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\21st Sentry 001\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\21st Sentry 001\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\21st Sentry 001\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Users\21st Sentry 001\AppData\Local\Mozilla Firefox\components [2012/04/02 15:44:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Users\21st Sentry 001\AppData\Local\Mozilla Firefox\plugins [2012/03/19 16:37:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/14 18:47:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 16:20:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/14 18:47:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 16:20:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/14 18:47:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 16:20:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/14 18:47:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 16:20:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/04/02 15:41:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2012/04/03 11:24:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\21st Sentry 001\AppData\Roaming\Mozilla\Extensions
[2010/05/17 13:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\21st Sentry 001\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/04/27 12:12:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\21st Sentry 001\AppData\Roaming\Mozilla\Firefox\Profiles\xhw3xzrs.default\extensions
[2012/03/01 01:24:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\21st Sentry 001\AppData\Roaming\Mozilla\Firefox\Profiles\xhw3xzrs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/08/09 17:12:55 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\21st Sentry 001\AppData\Roaming\Mozilla\Firefox\Profiles\xhw3xzrs.default\extensions\DeviceDetection@logitech.com
[2012/01/10 14:13:42 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\21st Sentry 001\AppData\Roaming\Mozilla\Firefox\Profiles\xhw3xzrs.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2011/05/22 16:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/22 13:08:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012/04/21 22:42:49 | 000,000,000 | ---D | M] (Java Console) -- C:\USERS\21ST SENTRY 001\APPDATA\LOCAL\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2010/10/11 00:12:33 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\21st Sentry 001\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\21st Sentry 001\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\21st Sentry 001\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Users\21st Sentry 001\AppData\Local\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\21st Sentry 001\AppData\Local\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\21st Sentry 001\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\21st Sentry 001\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.60401.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\21st Sentry 001\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\21st Sentry 001\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: Google Search = C:\Users\21st Sentry 001\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: IE Tab = C:\Users\21st Sentry 001\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.5.1.1_0\
CHR - Extension: Gmail = C:\Users\21st Sentry 001\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/10 11:16:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [lxdumon.exe] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-509302359-2067149998-3783769910-1000..\Run: [EasyTether] C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O4 - HKU\S-1-5-21-509302359-2067149998-3783769910-1000..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - Startup: C:\Users\21st Sentry 001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\21st Sentry 001\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\21st Sentry 001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled [2012/04/03 11:15:07 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\..Trusted Domains: asapcctv.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\..Trusted Ranges: Range2 ([http] in Trusted sites)
O15 - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\..Trusted Ranges: Range3 ([http] in Trusted sites)
O16 - DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} http://99.140.43.20:84/DVRemoteAx.cab (DVRemoteControl Class)
O16 - DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} http://99.58.136.233/ActiveViewGUI.cab (ActiveViewGUI Control)
O16 - DPF: {609F3E8A-6207-4C0E-91F4-B032CA79E321} http://99.140.43.20:87/iWatchDVR.cab (Bubo Bubo Nest)
O16 - DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} http://99.58.136.233/ActiveView.cab (ActiveView Control)
O16 - DPF: {74D866C3-102D-4995-9CBA-511971BFA90B} http://www.idtecktraining.com/conte...10270011/002/common/component/StreamNote3.cab (StreamNote3Outer Control)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://qbo.intuit.com/c30/v33.140/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {B2F190F0-1FA4-4D77-9ABD-1A054D23653D} http://210.243.226.50/IPNCWebDlls.CAB (GFFMpeg Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {EE479A40-C128-40DD-93DA-000556AF9607} http://72.34.82.206/CtrWeb.cab (DVRWeb Control)
O16 - DPF: {F9BF64A0-5A65-43E0-ACDB-B223E7F9DDD9} http://99.140.43.20:92/WEBWATCH2.cab (WebWatch2 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1735206C-7F70-459A-8CB6-2593E95E90BA}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36812395-0AA6-4645-8DE4-74320E56112E}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4345AA95-C0C0-4C39-BEEA-195B348CD57C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{441518C4-B610-47B6-AB04-9D8664B7BC7E}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91FCB389-223C-43B7-A9F2-6F9795F51349}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BBB3551-D953-41A8-9426-1B83F7B46FE8}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1EB2C80-8827-4DD9-998C-6783871DEE47}: DhcpNameServer = 192.168.43.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O30:64bit: - LSA: Security Packages - (msoidssp) - C:\Windows\SysNative\msoidssp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (msoidssp) - C:\Windows\SysWow64\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - lvcodec2.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/10 11:53:00 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\21st Sentry 001\Desktop\OTL.exe
[2012/05/10 11:17:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/10 10:16:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/10 10:16:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/10 10:16:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/10 10:15:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/10 10:15:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/10 10:14:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/10 09:12:15 | 000,000,000 | ---D | C] -- C:\Users\21st Sentry 001\AppData\Roaming\NVIDIA
[2012/05/10 08:02:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\21st Sentry 001\Desktop\dds.scr
[2012/05/10 07:59:47 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\21st Sentry 001\Desktop\aswMBR.exe
[2012/05/10 07:02:53 | 000,000,000 | ---D | C] -- C:\Users\21st Sentry 001\AppData\Roaming\Malwarebytes
[2012/05/10 07:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/10 07:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/10 07:02:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/10 07:01:37 | 000,000,000 | ---D | C] -- C:\Users\21st Sentry 001\Desktop\NotaRob
[2012/05/10 00:03:44 | 000,000,000 | ---D | C] -- C:\Users\21st Sentry 001\Documents\notarob_backup
[2012/05/10 00:02:08 | 000,000,000 | ---D | C] -- C:\Users\21st Sentry 001\Documents\Templates
[2012/05/09 17:43:16 | 000,000,000 | ---D | C] -- C:\Users\21st Sentry 001\AppData\Roaming\SanDisk
[2012/05/06 05:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\System Center Operations Manager 2007
[2012/05/06 01:26:41 | 000,000,000 | ---D | C] -- C:\ProgramData\4qsXatqkEcVccUBjW
[2012/05/06 01:26:20 | 000,000,000 | ---D | C] -- C:\Users\21st Sentry 001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Poker for Winners
[2012/05/06 01:25:33 | 000,000,000 | ---D | C] -- C:\Users\21st Sentry 001\AppData\Local\Programs
[2012/05/04 20:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Stream
[2012/05/04 20:19:44 | 000,020,752 | ---- | C] (Mobile Stream) -- C:\Windows\SysNative\drivers\easytthr.sys
[2012/05/04 20:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Stream
[2012/05/04 14:07:57 | 000,000,000 | ---D | C] -- C:\Users\21st Sentry 001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 1.9.3-p194
[2012/05/04 14:07:36 | 000,000,000 | ---D | C] -- C:\Ruby193
[2012/05/04 13:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Firewall Configuration Provider
[2012/05/04 13:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Policy Platform
[2012/05/04 13:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Easy Assist
[2012/05/03 13:02:14 | 000,000,000 | ---D | C] -- C:\Users\21st Sentry 001\AppData\Roaming\KompoZer
[2012/04/28 19:57:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2012/04/27 03:14:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WildTangent Games
[2012/04/25 17:23:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/04/24 19:58:14 | 000,000,000 | ---D | C] -- C:\Users\21st Sentry 001\AppData\Local\PokerStars.NET
[2012/04/22 20:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/04/21 22:54:02 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/04/21 22:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/04/21 21:45:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/04/21 21:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/04/21 04:18:57 | 000,000,000 | ---D | C] -- C:\Users\21st Sentry 001\AppData\Roaming\OpenDNS Updater
[2012/04/21 04:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDNS Updater
[2012/04/18 22:47:28 | 000,000,000 | ---D | C] -- C:\Users\21st Sentry 001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FriendFinder
[2012/04/18 22:47:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FriendFinder
[2012/04/18 22:46:22 | 000,000,000 | ---D | C] -- C:\Users\21st Sentry 001\Desktop\oldLapTop
[2012/04/18 16:11:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/10 11:53:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\21st Sentry 001\Desktop\OTL.exe
[2012/05/10 11:51:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/10 11:41:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/10 11:26:04 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/10 11:26:04 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/10 11:16:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/10 11:16:05 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/10 11:15:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/10 11:15:19 | 3019,350,016 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/10 11:14:00 | 000,083,396 | ---- | M] () -- C:\Windows\SysNative\drivers\KmxAgent.asc
[2012/05/10 08:02:22 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\21st Sentry 001\Desktop\dds.scr
[2012/05/10 08:01:47 | 000,000,512 | ---- | M] () -- C:\Users\21st Sentry 001\Desktop\MBR.dat
[2012/05/10 08:00:08 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\21st Sentry 001\Desktop\aswMBR.exe
[2012/05/10 07:25:08 | 000,302,592 | ---- | M] () -- C:\Users\21st Sentry 001\Desktop\vunf8qee.exe
[2012/05/10 07:02:42 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/10 00:22:55 | 000,001,033 | ---- | M] () -- C:\Users\21st Sentry 001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/05/09 15:42:07 | 000,882,748 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/09 15:42:07 | 000,736,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/09 15:42:07 | 000,145,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/09 14:15:25 | 000,124,749 | ---- | M] () -- C:\Users\21st Sentry 001\Documents\dispute.pdf
[2012/05/06 01:26:20 | 000,003,343 | ---- | M] () -- C:\Users\21st Sentry 001\Desktop\VPW.lnk
[2012/05/04 20:17:52 | 003,665,920 | ---- | M] () -- C:\Users\21st Sentry 001\Desktop\easytether_x64-1.msi
[2012/05/04 20:01:04 | 000,002,625 | ---- | M] () -- C:\Users\21st Sentry 001\Desktop\WindowsIntune.accountcert
[2012/05/04 13:14:30 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/05/04 13:06:44 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\Windows Intune Center.lnk
[2012/05/04 13:03:23 | 000,000,434 | RHS- | M] () -- C:\Users\21st Sentry 001\ntuser.pol
[2012/05/02 23:14:14 | 000,033,268 | ---- | M] () -- C:\Users\21st Sentry 001\Documents\main2.pdf
[2012/04/30 14:05:21 | 000,141,759 | ---- | M] () -- C:\Users\21st Sentry 001\Documents\Quill_April2012.pdf
[2012/04/30 10:00:12 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/04/27 14:08:32 | 000,759,283 | ---- | M] () -- C:\Users\21st Sentry 001\Documents\6002x-MidTermReview-S2012.pdf
[2012/04/27 09:10:16 | 000,365,481 | ---- | M] () -- C:\Users\21st Sentry 001\Documents\March2012_Sprint.pdf
[2012/04/27 08:59:40 | 000,090,149 | ---- | M] () -- C:\Users\21st Sentry 001\Documents\April2012_Sprint.pdf
[2012/04/27 03:16:21 | 000,002,027 | ---- | M] () -- C:\WildTangent Games App - hp.lnk
[2012/04/27 03:16:20 | 000,002,522 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2012/04/26 01:18:46 | 002,382,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/21 23:00:48 | 437,626,286 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/18 22:47:28 | 000,003,127 | ---- | M] () -- C:\Users\21st Sentry 001\Desktop\FriendFinder Messenger v4.1.lnk
[2012/04/17 15:01:04 | 000,084,637 | ---- | M] () -- C:\Users\21st Sentry 001\Documents\9211030EST.pdf
[2012/04/15 23:54:08 | 022,259,528 | ---- | M] () -- C:\Users\21st Sentry 001\Desktop\vlc-2.0.1-win32.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

joblojr2 · 2012/05/10

continued log

========== Files Created - No Company Name ==========[/color]

[2012/05/10 10:16:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/10 10:16:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/10 10:16:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/10 10:16:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/10 10:16:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/10 08:01:47 | 000,000,512 | ---- | C] () -- C:\Users\21st Sentry 001\Desktop\MBR.dat
[2012/05/10 07:25:04 | 000,302,592 | ---- | C] () -- C:\Users\21st Sentry 001\Desktop\vunf8qee.exe
[2012/05/10 07:02:42 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/10 00:22:55 | 000,001,033 | ---- | C] () -- C:\Users\21st Sentry 001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/05/09 14:15:24 | 000,124,749 | ---- | C] () -- C:\Users\21st Sentry 001\Documents\dispute.pdf
[2012/05/06 01:26:20 | 000,003,343 | ---- | C] () -- C:\Users\21st Sentry 001\Desktop\VPW.lnk
[2012/05/04 20:19:03 | 003,665,920 | ---- | C] () -- C:\Users\21st Sentry 001\Desktop\easytether_x64-1.msi
[2012/05/04 13:14:30 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/04 13:06:44 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\Windows Intune Center.lnk
[2012/05/04 13:03:23 | 000,000,434 | RHS- | C] () -- C:\Users\21st Sentry 001\ntuser.pol
[2012/05/04 13:02:18 | 000,002,625 | ---- | C] () -- C:\Users\21st Sentry 001\Desktop\WindowsIntune.accountcert
[2012/05/02 23:14:14 | 000,033,268 | ---- | C] () -- C:\Users\21st Sentry 001\Documents\main2.pdf
[2012/04/30 14:05:21 | 000,141,759 | ---- | C] () -- C:\Users\21st Sentry 001\Documents\Quill_April2012.pdf
[2012/04/27 14:08:32 | 000,759,283 | ---- | C] () -- C:\Users\21st Sentry 001\Documents\6002x-MidTermReview-S2012.pdf
[2012/04/27 09:10:16 | 000,365,481 | ---- | C] () -- C:\Users\21st Sentry 001\Documents\March2012_Sprint.pdf
[2012/04/27 08:59:40 | 000,090,149 | ---- | C] () -- C:\Users\21st Sentry 001\Documents\April2012_Sprint.pdf
[2012/04/27 03:16:21 | 000,002,027 | ---- | C] () -- C:\WildTangent Games App - hp.lnk
[2012/04/27 03:15:17 | 000,002,522 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2012/04/21 21:50:32 | 437,626,286 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/04/21 04:18:58 | 000,002,022 | ---- | C] () -- C:\Users\21st Sentry 001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk
[2012/04/18 22:47:28 | 000,003,127 | ---- | C] () -- C:\Users\21st Sentry 001\Desktop\FriendFinder Messenger v4.1.lnk
[2012/04/17 15:00:59 | 000,084,637 | ---- | C] () -- C:\Users\21st Sentry 001\Documents\9211030EST.pdf
[2012/04/17 13:14:41 | 000,001,411 | ---- | C] () -- C:\Users\21st Sentry 001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/04/17 13:14:40 | 000,001,445 | ---- | C] () -- C:\Users\21st Sentry 001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/04/16 22:28:15 | 022,259,528 | ---- | C] () -- C:\Users\21st Sentry 001\Desktop\vlc-2.0.1-win32.exe
[2012/03/07 04:02:56 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\CSCC.DLL
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/02/19 00:57:14 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll
[2012/02/19 00:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll
[2012/02/19 00:49:46 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll
[2012/02/19 00:49:46 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll
[2012/02/19 00:49:46 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll
[2012/02/19 00:49:46 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll
[2012/02/19 00:49:45 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll
[2012/02/19 00:49:44 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll
[2012/02/19 00:49:44 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll
[2012/02/19 00:49:44 | 000,679,936 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll
[2012/02/19 00:49:44 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducoms.exe
[2012/02/19 00:49:44 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll
[2012/02/19 00:49:44 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduih.exe
[2012/02/19 00:49:43 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll
[2012/02/19 00:49:43 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll
[2012/02/19 00:49:43 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducfg.exe
[2011/11/06 23:43:32 | 000,000,600 | ---- | C] () -- C:\Users\21st Sentry 001\AppData\Local\PUTTY.RND
[2011/10/04 03:43:01 | 000,000,173 | ---- | C] () -- C:\Windows\ngstar.ini
[2011/10/04 03:34:02 | 000,000,064 | ---- | C] () -- C:\Windows\venus.ini
[2011/10/03 10:14:58 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/08/08 13:43:54 | 000,129,536 | ---- | C] () -- C:\Windows\SysWow64\np_hoem_x.dll
[2011/07/31 15:02:44 | 000,983,002 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/31 10:02:23 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/04 16:14:52 | 002,699,264 | ---- | C] () -- C:\Windows\gffx.dll
[2010/12/05 14:26:48 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/12/03 03:18:12 | 000,000,020 | ---- | C] () -- C:\Users\21st Sentry 001\AppData\Roaming\SN3Settings.dat
[2010/10/11 08:42:21 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\rqfdms.dll
[2010/10/11 08:42:20 | 000,000,056 | ---- | C] () -- C:\Windows\voqktj.dll
[2010/08/06 17:15:47 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/07/21 15:33:34 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\netdecdll.dll
[2010/07/21 15:33:31 | 000,000,229 | ---- | C] () -- C:\Windows\AngelCam.dat
[2010/07/16 15:57:50 | 000,640,320 | ---- | C] () -- C:\Windows\GoDBATL.dll
[2010/07/01 11:23:04 | 000,000,047 | ---- | C] () -- C:\Windows\AudioCtrl.ini
[2010/06/18 22:59:54 | 000,009,847 | ---- | C] () -- C:\Windows\SysWow64\mswtneote.dll
[2010/06/17 23:53:07 | 000,000,636 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/25 11:07:03 | 000,009,754 | ---- | C] () -- C:\Users\21st Sentry 001\AppData\Roaming\wklnhst.dat
[2010/05/17 14:22:22 | 001,089,536 | ---- | C] () -- C:\Windows\SysWow64\decoderdll.dll
[2010/05/17 14:22:22 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\Cpuinf32.dll
[2010/05/17 13:10:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/05/15 19:48:14 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

========== LOP Check ==========

[2012/03/29 08:52:36 | 000,000,000 | -HSD | M] -- C:\Users\21st Sentry 001\AppData\Roaming\.#
[2010/11/21 15:30:21 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\Audacity
[2011/12/22 12:25:56 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\betonline
[2012/05/10 11:19:36 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\Dropbox
[2012/02/10 01:07:06 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\DVRemote
[2010/04/30 21:56:22 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\ESET
[2010/12/03 03:18:12 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\eStream Presto
[2012/03/28 13:44:25 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\FileZilla
[2011/11/07 14:23:25 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\JungleDisk
[2012/05/03 13:02:14 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\KompoZer
[2010/10/23 05:12:50 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\Leadertech
[2010/11/05 14:52:03 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\Miranda
[2011/05/22 16:45:24 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\NAU Adapter
[2011/07/04 14:46:22 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\NetMedia Providers
[2012/04/21 04:18:57 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\OpenDNS Updater
[2010/04/30 21:28:34 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\PictureMover
[2011/06/06 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\Publish Providers
[2012/05/09 17:43:16 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\SanDisk
[2010/11/18 14:17:52 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\Screaming Bee
[2010/12/14 01:50:35 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\SmartDraw
[2011/06/06 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\Sony
[2012/03/18 18:17:06 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\TeamViewer
[2010/08/02 14:22:47 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\Template
[2010/05/17 13:10:26 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\Thunderbird
[2011/06/02 15:42:36 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\TopCMM
[2010/06/12 16:11:51 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\WinBatch
[2012/02/10 00:49:40 | 000,000,000 | ---D | M] -- C:\Users\21st Sentry 001\AppData\Roaming\{EC351E9C-0CD1-4459-9DA1-82BA5DC21729}
[2010/10/22 17:49:58 | 000,000,000 | ---D | M] -- C:\Users\Greg Sullivan\AppData\Roaming\ESET
[2010/10/22 17:49:59 | 000,000,000 | ---D | M] -- C:\Users\Greg Sullivan\AppData\Roaming\PictureMover
[2010/12/05 02:04:31 | 000,000,000 | ---D | M] -- C:\Users\Greg Sullivan\AppData\Roaming\WildTangent
[2011/07/13 00:54:08 | 000,000,000 | ---D | M] -- C:\Users\mediaruse\AppData\Roaming\ESET
[2011/07/13 00:54:09 | 000,000,000 | ---D | M] -- C:\Users\mediaruse\AppData\Roaming\PictureMover
[2012/04/30 10:00:12 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/04/13 03:29:34 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/10/02 19:41:16 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/02/28 12:56:27 | 000,516,461 | ---- | M] () -- C:\caisslog.txt
[2012/05/10 11:43:01 | 000,032,240 | ---- | M] () -- C:\ComboFix.txt
[2012/03/22 19:32:48 | 000,001,212 | ---- | M] () -- C:\DvrMainLog.dat
[2008/01/16 13:12:30 | 000,126,976 | ---- | M] () -- C:\gdobridge.dll
[2011/05/04 16:14:52 | 002,699,264 | ---- | M] () -- C:\gffx.dll
[2011/05/04 11:49:08 | 000,000,671 | ---- | M] () -- C:\gIPNC.inf
[2010/07/16 15:57:50 | 000,640,320 | ---- | M] () -- C:\GoDBATL.dll
[2012/05/10 11:15:19 | 3019,350,016 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/16 22:26:04 | 000,000,104 | ---- | M] () -- C:\installer_log.txt
[2012/05/02 03:35:01 | 000,028,280 | ---- | M] () -- C:\NET_21.log
[2010/11/23 20:46:54 | 000,000,000 | ---- | M] () -- C:\NET_admin.log
[2010/07/21 15:04:09 | 000,553,989 | ---- | M] () -- C:\P1_20100721_150339.mp4
[2010/07/21 15:06:38 | 000,846,866 | ---- | M] () -- C:\P1_20100721_150545.mp4
[2010/07/21 15:12:00 | 000,949,307 | ---- | M] () -- C:\P1_20100721_151100.mp4
[2012/03/22 19:41:06 | 001,557,713 | ---- | M] () -- C:\P1_20120322_194101.mp4
[2010/07/21 15:04:09 | 002,640,996 | ---- | M] () -- C:\P2_20100721_150339.mp4
[2010/07/21 15:06:38 | 003,464,357 | ---- | M] () -- C:\P2_20100721_150545.mp4
[2010/07/21 15:12:00 | 004,385,506 | ---- | M] () -- C:\P2_20100721_151100.mp4
[2012/03/22 19:41:06 | 000,218,544 | ---- | M] () -- C:\P2_20120322_194101.mp4
[2010/07/21 15:04:09 | 001,306,940 | ---- | M] () -- C:\P3_20100721_150339.mp4
[2010/07/21 15:06:38 | 001,999,353 | ---- | M] () -- C:\P3_20100721_150545.mp4
[2010/07/21 15:12:00 | 002,613,769 | ---- | M] () -- C:\P3_20100721_151100.mp4
[2012/05/10 11:15:21 | 4025,802,752 | -HS- | M] () -- C:\pagefile.sys
[2011/08/26 17:49:00 | 001,157,120 | ---- | M] () -- C:\rubygems-1.8.10.tar
[2010/08/12 12:53:08 | 000,003,232 | ---- | M] () -- C:\SettingLog.dat
[2012/04/27 03:16:21 | 000,002,027 | ---- | M] () -- C:\WildTangent Games App - hp.lnk

< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/04/27 03:15:18 | 000,000,304 | -HS- | M] () -- C:\Users\21st Sentry 001\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/05/10 08:00:08 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\21st Sentry 001\Desktop\aswMBR.exe
[2012/05/10 11:53:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\21st Sentry 001\Desktop\OTL.exe
[2010/10/22 15:01:42 | 000,879,880 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\21st Sentry 001\Desktop\procexp64.exe
[2011/11/06 23:42:00 | 000,483,328 | ---- | M] (Simon Tatham) -- C:\Users\21st Sentry 001\Desktop\putty.exe
[2011/12/08 12:37:54 | 489,506,208 | ---- | M] (Intuit, Inc. ) -- C:\Users\21st Sentry 001\Desktop\QuickBooksPro2010Updatev2.exe
[2012/04/15 23:54:08 | 022,259,528 | ---- | M] () -- C:\Users\21st Sentry 001\Desktop\vlc-2.0.1-win32.exe
[2012/05/10 07:25:08 | 000,302,592 | ---- | M] () -- C:\Users\21st Sentry 001\Desktop\vunf8qee.exe
[2012/05/04 20:01:04 | 015,694,632 | ---- | M] (Microsoft Corporation) -- C:\Users\21st Sentry 001\Desktop\Windows_Intune_Setup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/05/10 11:51:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/10 11:16:05 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/10 11:41:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/28 12:17:13 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-509302359-2067149998-3783769910-1000Core.job
[2012/02/28 12:17:13 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-509302359-2067149998-3783769910-1000UA.job
[2012/04/30 10:00:12 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/05/10 11:15:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/04/13 03:29:34 | 000,032,640 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/03/05 10:19:41 | 000,000,402 | -HS- | M] () -- C:\Users\21st Sentry 001\Favorites\desktop.ini
[2012/04/18 22:47:28 | 000,003,127 | ---- | M] () -- C:\Users\21st Sentry 001\Favorites\FriendFinder Messenger v4.1.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/09/29 00:38:12 | 000,000,252 | ---- | M] () -- C:\ProgramData\FastPics.log
[2012/02/19 00:45:20 | 000,013,440 | ---- | M] () -- C:\ProgramData\lxdu.log
[2012/02/19 00:42:12 | 000,000,431 | ---- | M] () -- C:\ProgramData\lxduDiagnostics.log
[2012/03/28 10:19:40 | 000,015,506 | ---- | M] () -- C:\ProgramData\lxduJSW.log
[2012/05/04 13:14:30 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/09/29 00:36:49 | 000,000,000 | ---- | M] () -- C:\ProgramData\UpdaterLog.txt

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"UseWUServer" = 1
"AUOptions" = 2
"IncludeRecommendedUpdates" = 0

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:8927A071
@Alternate Data Stream - 180 bytes -> C:\Users\21st Sentry 001\Desktop\id_docs.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

joblojr2 · 2012/05/10

extras log

OTL Extras logfile created on: 5/10/2012 11:55:55 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\21st Sentry 001\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 62.15% Memory free
7.50 Gb Paging File | 6.10 Gb Available in Paging File | 81.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.17 Gb Total Space | 479.69 Gb Free Space | 81.97% Space Free | Partition Type: NTFS
Drive D: | 10.90 Gb Total Space | 0.29 Gb Free Space | 2.67% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: 21st Sentry 001 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisabledInterfaces" = {9BBB3551-D953-41A8-9426-1B83F7B46FE8}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisabledInterfaces" = {9BBB3551-D953-41A8-9426-1B83F7B46FE8}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DisabledInterfaces" = {9BBB3551-D953-41A8-9426-1B83F7B46FE8}

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CBB3A7-6489-4991-A71A-4486E0ECD0E1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{08BB9460-2E11-461B-8998-56E9618ED676}" = lport=8000 | protocol=6 | dir=in | name=shoutcast |
"{0E9394A3-DB81-4E5C-80D9-8C8B8CADFEE8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11BE5BF1-E517-4D7F-B4E7-A9BFFAD02CB3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{158E8DC2-97BB-4910-A8CA-3656B0258730}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1E686729-6E97-4B83-98FD-B5B24F32F764}" = rport=445 | protocol=6 | dir=out | app=system |
"{211615A4-D945-49C1-8842-9425A6352C10}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{213AB420-D02B-44A4-93C5-E998E0B889E1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2B63E210-3320-4654-9019-F0965541D568}" = lport=138 | protocol=17 | dir=in | app=system |
"{32242120-622D-4785-9E79-D6D824D882AB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{350797E6-AA89-4CD8-97CF-54E13A8636E0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3D3D8623-A7E5-44B0-8FB4-9D6C879BA3FC}" = lport=139 | protocol=6 | dir=in | app=system |
"{3D460162-2C1E-4B88-BA0A-86201ED90FF9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{416F4999-7DB9-4564-AFE2-1E757EF8A8AE}" = rport=138 | protocol=17 | dir=out | app=system |
"{46981641-2D92-422A-84D9-0A469547F383}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4AF15116-0C42-4539-937A-873C5C5C304B}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{4BA7B8C5-4A8C-4B7D-A003-99757512061D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{51958A52-662B-4117-9A02-575A977EFD69}" = lport=2869 | protocol=6 | dir=in | app=system |
"{53111CC0-880C-4BDC-84D5-9D64069C6377}" = rport=8557 | protocol=6 | dir=in | name=ipcamera |
"{682F3957-2ACA-4FEE-B374-00E536FDBF9E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70072287-C60A-4D3C-A17D-8C907C68693C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7092BEBB-B819-453A-BD92-5410FAAE31FB}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{73B7BA04-2146-42BC-A8F4-24F73E503B03}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7453ABD7-2FF7-443A-9E91-29E6F38F9AC6}" = rport=137 | protocol=17 | dir=out | app=system |
"{7ACF8DF5-FB0B-4442-B32B-A5C14B44FDAE}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{82F594EF-3AC4-4AC2-A85A-C811F474D37B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{87B81FCC-B9E1-4490-A532-8678D8627DBB}" = lport=8000 | protocol=6 | dir=in | name=shoutcastradio |
"{8CC7F0B5-6CBA-4571-8AF3-EB2BFC70534A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D806FDB-C8AA-4A60-93BA-DD81C206534D}" = lport=445 | protocol=6 | dir=in | app=system |
"{94242F68-1D1F-4199-B286-96976E45596E}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{9916FA1A-0770-4F17-8F79-509597E1F399}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A4D8C447-61EC-4677-A5F7-DC563B8D758E}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A89EFD4C-E936-49EF-AE48-62FCD2838B60}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF58274A-1469-4565-B8A7-38F0774C43F3}" = lport=137 | protocol=17 | dir=in | app=system |
"{B20A25E5-7870-4E13-850C-072C2A0E379A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B2EC5FC2-1591-400C-8219-34F7CAEA8BBC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BFBA5C5B-E1F2-48DC-83DB-E0BEDC5B5C84}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C40445A4-DD52-4434-8B53-E1AA7E426BC5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{C4F77E1E-E3EA-411E-A96D-20CE5A6B9C1E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE7E91AD-519A-468C-BF95-FD4A91FE3E25}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D2811650-8647-43F7-A022-BD1EAE29B78B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D633B765-7482-4F4D-9B54-9AFD6DF3F7CB}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D72C131D-4DB0-406C-89B7-3BF49BC4C1BF}" = rport=2869 | protocol=6 | dir=out | app=system |
"{D8CBE18E-BCF6-4B79-B50F-0D1DBFACDE7B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D9C571A4-D509-4088-ADC5-29B5F477B5F0}" = rport=139 | protocol=6 | dir=out | app=system |
"{EECF3A51-DF34-485B-9B43-CBFCDDD9E6F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FFFAF0C3-D65B-4584-8F60-3F3C8A04821B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001B73BE-78BA-4129-881C-9320DD8A884D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{002FD9F4-76F0-49AA-A1A5-AAE167BE652B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{017EBBF8-3193-48AB-8F8A-506311028909}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{01AB1438-7880-4480-9296-871BFF578462}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{02ECF85D-A5D0-4F6A-9ADE-B2233D8A7500}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{042FA7F0-CD07-4EEC-BF0F-1B74C6D715FD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{0641BBB7-77E4-4051-91FF-E2DB3CE5F6C0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{08636213-C4C9-4F9B-AAB1-794F089741A3}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\frun.exe |
"{089F96CE-5F45-4EA0-A5E6-750144CE4B21}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{09B34EC4-A519-4BC2-8C93-702A379095F8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0A694D1B-FE1D-4370-81F2-FBD8434A8008}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0C6883CF-5A61-47F8-B49E-7C1582C005CE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0CE254AD-B58A-48C7-B97A-9688CBFCC756}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{0E2BD14E-2144-41DC-A33A-56B64FA7FE6D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1072F64B-8D1C-4CE0-9857-644667D78456}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{113B2104-E1F0-4515-BD85-7A19045D2BA4}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{128F0057-BD08-4A05-918E-8B3064C0F23E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{12A4BA15-B40A-4247-B347-6547BFE87DDC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{12D9AA06-6F17-44FA-B601-407FAD788291}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{14270598-50A2-4866-B40F-0B98FB7053A0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1486FF61-15CE-456D-9BDA-CF9E313D9992}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{14DF2C9C-A65D-4E65-83DA-69CEF1C6BF33}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{150080B0-67D3-4D31-9D03-61333A4C56F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{16458597-338A-4006-8CAC-EED535CDAC45}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{17DA2A79-1E75-4F49-B8D2-D3C7E4724599}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{18A24360-F062-4668-B177-FF7E8D98B7A0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{19B52159-B5DC-4596-BC56-0D429305A3B4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1C0AA5C0-FA81-4835-9182-A5FF488A9869}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1C5B8764-F302-4DB6-A2D2-07B071EC356D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1CD027D1-B3F3-4CE2-9C06-6D07C016B400}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1D5FABA6-B28B-47B3-8454-F0488D22D637}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1D833607-4E2B-48B6-B081-F76556135092}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1DE2AC68-A0C7-47F7-9474-07DCF3860012}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{1E623A1D-91FB-44D2-B069-D6F65D8DEFF4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1EC90705-F09B-4D80-A623-D6F1C2358BD6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1FC9FF20-7844-4A3D-A409-6DE37A4EB026}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{20CE128F-5071-40D1-A49A-9CDAC04095CF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{221DE1A1-34B8-43DC-A191-D10B5E26FE9E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{24D7681E-A50E-4C29-A86F-F8D707CBDE97}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{24EEB5FA-2794-44B4-A4A5-B361E284D3CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{250C6A66-8B5C-4DDD-887F-32A24A8B867C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{26202975-5401-4922-B512-3A7928E61A9D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{271D74F6-A12B-4C83-83C2-DFFFA3F997F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{27F20377-8F82-45D4-A08C-9CBB0041E576}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4059}" = protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4060}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{2D3F7E9C-93E0-448E-9E66-C702A73D469F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2D4FD7FC-36B1-43BD-88A2-44815BDEE62F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2DB46EA5-17A9-4A5A-9C3D-BDDCB3E6EA07}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2F494260-75EA-44F7-80C0-86C3112C4FFC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{30D37A19-0EC3-4585-B5A6-6ED14CF498A7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{30D5A9D1-8379-45BF-8AC8-5FFDF365593D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3148DF90-D5CF-4359-A95E-123A8AE076B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{317A85E3-1B89-4025-8238-3E9000CF0A62}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{31A5753A-59D8-4B55-B4F5-BC424B8F8348}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{325206D7-5AC3-428F-9FB4-D98998E4DE3C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3332194E-9E03-4E04-85BE-F0D830F54551}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{33D57CA0-097B-452C-8C02-4EA4A09D830F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{33F3B99C-8411-4D9E-9A9C-B699063AFE78}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{36191948-B4C8-4BC5-B0A9-263BD369469C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{36C77AF1-1644-46E4-8237-03163A9CAAE4}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{3853E44E-6725-4FD1-A463-089F85A84DBD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{3A988FF2-0955-4FFC-B28C-2A193149891B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3C4954FA-AF6A-48AE-B89B-513F2E8C34C0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3C905563-2523-48A0-BB7F-831ED5E7A9B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3D96D64F-5CAE-4539-9E1D-02662FDADA20}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3E78070B-1809-4D3E-A0C6-E27A8B2D8244}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F3EF4CE-B79D-4112-BACC-0E5D320BEF2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3F9CFA74-3653-431B-817B-6324ABF01691}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3FAFAFA8-42A7-40EA-BC3F-C1331F77C4F5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3FF02158-C13E-4044-99BA-1D32D856F5CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4097AC8A-8CF3-4044-B3F4-9BDAFAE0B26E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{41845A79-5C4C-47B6-BA61-B72EE21D9626}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{42202383-B188-4129-99B1-C5A3535744AB}" = dir=in | app=c:\windows\syswow64\lxducoms.exe |
"{428CBC37-0C02-458D-85B5-3648C74A1808}" = protocol=6 | dir=in | app=c:\program files (x86)\addonics\nau adapter\npw\npwservice.exe |
"{42D09C23-29B9-4A37-B56E-125214DDEC86}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{42FF74A7-1DA7-4CDC-A227-01521AE98B0D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{43995390-053C-4251-B927-89C18CA295B2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{443E7626-72A9-4668-AF53-85FA4296B9BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{44D60EC9-3775-408F-B409-40DD89E2C263}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{44D9C4CA-E01E-4E3E-BC49-AE68C63DC536}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{44EB2823-CBB9-4CFD-B08D-1D3F11A97C49}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{4689A87F-F0F1-4509-9D87-5C371A8FDB5C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{46F9A3CC-E3D4-4D6A-939F-6362AD8C2A10}" = protocol=17 | dir=in | app=c:\program files (x86)\att-hsi\mccibrowser.exe |
"{4788C464-B114-4046-851C-B9A5144C18A5}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{485B48D4-CF1B-45B1-9408-FB55966E85D0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B74F299-8431-44EA-AF6E-89B53147E0C5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4BD77730-5BE5-4949-AB09-D995506222E8}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe |
"{4C1477F8-991F-407C-9407-B016E911360A}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxducoms.exe |
"{4C606647-042E-4B19-A714-E3099939AAA9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4D6827EF-2918-4DDA-A117-790E3088286C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4E61F24D-49AA-4E44-AA61-6563191F9491}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4EA0FA1E-1BFB-4E95-8D7E-94D915F8EE2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4EA92A26-DF52-4700-A807-5ACD37F058D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4FA0A33F-F890-4D0D-A885-A08BB8EC2924}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4FF4378F-F043-4BDD-B51A-B512C2EE7138}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{50009417-D775-4726-A9C3-75B56C038722}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{505DFA47-44F7-4E3E-8210-EC3E425AE12D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{50AEA93E-CC90-4AE2-99B4-BEACAA88EC5D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{52658B76-8D49-4141-9017-02DD5E2D1F1E}" = protocol=17 | dir=in | app=c:\program files (x86)\addonics\nau adapter\npw\npwservice.exe |
"{52EB69D8-6028-459C-95F6-5A85FEE49BA4}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{54A9CC2D-4A4D-4E90-9B55-760373125AE8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{554A0B2C-ECB2-47BD-B320-D0F7932A5648}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxducoms.exe |
"{5581D0FF-3C37-4DE7-9BBA-A19896D0F4D6}" = protocol=6 | dir=out | app=system |
"{568EDCF7-37F3-491D-8968-A5592E00DC1A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5716FBB2-B062-4D3D-8FBB-2729F51F983F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{59151A1A-841E-4872-883C-3415B6944A0A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5BE294B5-ED57-4C3E-8BE9-B6958E1858C0}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"{5E94648A-7BA0-4D0D-8EDD-9518CABEFEF0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{5F1109B5-317B-43EB-B238-DEFDF29DFF58}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{5F19A76D-EC23-4610-B811-8523B651201E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{605C032D-5B69-4CC0-AAE5-2C5E10274A52}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{612F0E31-87D3-49A5-8A63-168021845124}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{626E03C6-96CD-4FDF-A0AB-3C15246B6043}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{63501D22-84AD-41F3-8D60-9FBD441D6F09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{63600E1D-E142-4B61-BE23-953776126C30}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{63632407-A9EA-499B-A55A-1DBE71E3CB39}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{65601D0B-3A4E-4C0C-B5F3-50B173615421}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{65819529-A357-4F0F-9581-29AD18402C3E}" = protocol=17 | dir=in | app=c:\users\21st sentry 001\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{66391AAA-41E5-4B48-845F-A65DD04D6784}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe |
"{671670AF-CB6F-4A8B-8A6E-FB2841950486}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{6A26DF5C-FBC3-413E-B10C-E9A8E35159AB}" = protocol=6 | dir=in | app=c:\program files (x86)\att-hsi\mccibrowser.exe |
"{6A699E54-3E3C-413E-965B-A539676D695E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6B25CD55-01FB-4196-B453-A8D8771FA167}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6B749BA5-4CA8-4326-8588-658B2281A52D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6BA12051-4204-4DCB-A13F-36C5CFF80EC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6CCB073C-786D-4AF9-8C37-9FBAEF238C3F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D040F31-5167-415C-AC6E-CBC8B52B1A9C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D30F72F-53DE-49EE-A093-A63F4350357F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D87A6B0-8B16-45BE-8D15-F87DE4ED57BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6E6CA91A-4CC2-4DFA-B37E-91928A83472E}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{6F461769-ED1A-4A10-9E9E-3D1A3BB21A0A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6FB76AAF-A5EC-4490-8318-DEBB9212DF16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{70DF878E-8199-458A-92B2-AE9C072B6D8E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{73007C33-33BE-4ABB-9CC3-6510BE62AAA2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{73263EEC-0F0A-4BB1-A59C-1286126C0534}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{73DF153D-56A6-4D9C-B43B-E5D15362F6DD}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{745345A4-1668-4747-95C5-1FEEF24361CF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{752A98CC-489F-411F-B472-26ED5938CEE5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7713CAC6-F3E2-4E45-8216-0F8653ECE88D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{771D0129-72F5-4401-825F-1E06CCB3CE19}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{78018560-2D14-4D53-9372-3A5F4FA14FC1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7810E028-48D0-433F-8DAA-5CFD008361CC}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{79459521-82A6-433E-B746-D4DCF40FE872}" = dir=in | app=c:\windows\system32\lxducoms.exe |
"{7A950C61-F8F3-42F0-BA31-1642205A9640}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7AF21660-1E13-4BAE-9625-CB6550D15847}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{7D2FE16D-288D-4468-8464-98D91DDD5DF5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7D341934-10CC-4B7F-AF82-B9FB574749DE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7D69900E-C380-4ECC-B31D-CA8A3539C659}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{7F172EB0-78E5-4330-BACB-C6620358DAE3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7FF3703F-59DD-4346-B467-1C7640851D0C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8253ADB6-C712-4AAB-93CF-C87551ABA974}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{82751493-B06C-4E22-89D2-C1DC214FF4F5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{827C8D13-FD14-476B-95AC-ED34A98030BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8491F22F-BF9F-4E77-9B06-91B66C2D6149}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{89CDDB4C-2584-44C3-94FC-F47FEBD49C53}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdupswx.exe |
"{8A2F3BAF-87F5-4875-A50F-BA48F4149C5F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8CC2B542-1C7C-4597-8735-69859EF22A95}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8E1381F8-1929-426A-A45B-B727C3A53F2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8E35A63C-BA0D-4D90-83E0-A0D13CC77094}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8E3CCE1E-954A-411F-8318-2004899236E5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8E6AB713-6DC4-46D7-AEAB-106C18387609}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8EDA690A-853B-4B76-B829-3253FD1E30A1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8F9E019C-E4E0-4CFA-96BA-81C224985C73}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{90465F60-094E-41FA-B62A-2C86694BF89E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{90FE6535-FBE2-4B76-B561-B9D233C6B19B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{91386438-D86A-4B35-97CA-AB9874F605AF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{92CCFA42-7A30-4AEB-BD01-4CB3C866A0A6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{944B27A8-7D13-4E8F-9B66-1F032CBBB0FC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{95AB59D8-F13D-4A6A-B647-EB605B43EA1D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{962517F1-075C-4662-BD6F-060E7B0E31E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{976AD4B8-4CDA-41BA-B55B-A87117461C54}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{98843A1B-2DA2-4241-AE2C-D922787357F2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A5427A2-9544-4D16-82E2-58128F2EA289}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdupswx.exe |
"{9EAC7D1B-88FC-4043-9679-07DB0F403E7E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9FAE4CE3-1A64-4CA4-BE8D-146D6D2E5022}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A1474C44-3462-4B45-B121-586F930F0B9D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A1729EFA-BA94-4EDD-8C40-70255D87B958}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A29D191F-DB82-429B-A512-33CF63E9D132}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A29D316C-385C-48A1-946F-E177DB38F9CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A2DCE7AC-C9BC-4A46-8CB3-3B10A061646F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{A373AA52-4407-4430-BCAF-11DDAC328FB9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A3F42ECC-9D0D-451E-8C02-D8FD43DC1FDC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A4166F83-60F5-4DDC-B724-22D9E4D2C899}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A43FFB9D-10C0-41A0-B541-5A0B522908B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A61E71D7-A819-4D8C-8781-0CDE240121DD}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{A64818CE-D0DB-44E1-814F-D7E4208668BB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A9FA2DF9-678F-4BDD-ACDA-15E863C78099}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AA6ECC6F-8B71-4A78-954C-FE37D33CC24D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AAD48D33-2BA6-46C9-A8A7-A1099E38C4D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AB378BFF-1FD3-403D-871D-F1C1E2BEBBA1}" = dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdupswx.exe |
"{ABE6BD52-5CE5-4C7E-935C-668DA7BC9FD4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ACE59733-7CB0-407D-8B6C-8A8FBB9D64C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ACFD9B8D-8E09-4346-A551-D13820078CE2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AE0D3368-6601-4B5C-90EE-318FA2EB9EEE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AE6BAAB6-03FB-4CA3-9DEB-800D939DBD49}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AF5204BE-75A3-40FA-A95F-48B268EDBF45}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B1E9B450-C88C-4A27-92CD-A18010E0B958}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B21C2396-7194-4CCB-B7D7-9836FB394045}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B26BE95C-D78E-4736-A434-2D1998380FE1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B344CE85-75FF-406C-B203-473B89B9F9CE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B47B88A8-E648-4360-B741-7887D36B3A7D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B592E5F6-F5A0-4266-8473-4EF5DE70B591}" = protocol=17 | dir=out |

joblojr2 · 2012/05/10

extras continued

app=%programfiles%\windows media player\wmplayer.exe |
"{B5DA3BE4-51C0-4C66-AE7E-B1D4FEB98907}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B6A7DF73-8DE4-4D3D-9952-928934B40894}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B6BD1539-6C50-4D58-B0A0-744AEDB287DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B7A4004F-270A-4C84-A5D8-B3376650F123}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B80DBD16-7DA2-477E-8B99-18894E6DDED9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B965EE53-580F-47E6-A028-64ADC980BAFA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BA07C990-B32F-4EF3-ACE6-9F880FCE43DB}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\lxduamon.exe |
"{BB87CA6F-4E9A-48D6-9BA4-D01CEFD4CB23}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BCB42FCF-69AD-43D9-8A4E-275694879CB4}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{BDBDB67E-A67F-4369-BC33-55BFA117B4A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BE28BFEC-BD60-4CD6-B4D8-392F57866EE8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C01DB818-A339-4F5B-83BE-E70A2339422C}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"{C0B2F44A-C543-487B-BEFC-EFFF4B18837C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C2589516-C9FB-42EE-BC91-DDEA0F15431F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C2A5F3EE-63D6-4021-993A-9483B222EA20}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C2C3F134-FDEE-4A5B-934E-64D76DD52E99}" = dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdutime.exe |
"{C38C85E0-706D-4662-B113-A36130AB4CD0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C3971074-67D2-4C69-84B2-DF311CE65BD4}" = protocol=17 | dir=in | app=c:\users\21st sentry 001\appdata\roaming\dropbox\bin\dropbox.exe |
"{C40351C9-F4D5-4DCD-ACC1-33966131AB63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C4621548-BC10-470A-A2E4-5AC4D9DDD273}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C481FC71-F481-44DC-82F0-B07DCD4781AF}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{C57BC7AA-DBEA-475A-8A0A-D7468CED0A2E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{C7BE617B-9F65-40D0-9A78-936C8BADD826}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C937CB9D-D698-4C61-AC2F-21577A0489F7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C9455309-A39E-438D-816D-7E69E33530DF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CA0F37BB-DFA0-47CF-95CD-E95E7093B7BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CAAC69E7-4084-44E5-81C7-58CEAB37CCBA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CB20A275-FE33-43D3-92CF-8217F188F2E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CBBA9612-622A-40B6-8F28-F48713AE0B2D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CDE6B90B-2353-4B0D-97B7-43B49959A3D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE1F84D7-A65D-40A7-9183-D7BA5E23D126}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE66B986-DEB8-4B2A-8E4E-02748A71DBF5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CED035D8-9B64-456F-975F-585C4C5778BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CF0FFBDD-D4F1-4A25-90F4-AA9552CD0974}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D1B915B4-1ED8-4B85-9B27-24837442946C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D22667D6-BE4D-47EB-94C3-34D78F57EB3F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D2EC2DA6-9C00-4563-96CC-65C1D93BDAB3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D308DAD8-D49F-43E2-8323-534362892052}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D3368C20-8763-4985-8335-255A845A3AF9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D645CD8A-78A0-4B7A-8AAA-5F2D4DAF3AED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D66A6C38-C9C2-4F2C-B5C5-5C561E503EC5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D67456D7-544E-49C9-9AC9-F21601952A4A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D6F72F05-38AA-43E4-9E70-14A130524C21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D725A2DB-EE2F-41A1-BFA7-A0DFD43BC4A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DA30DDE4-9373-4532-9FD1-CFEFF2D33C94}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{DA3CC070-9CEE-40E2-BDE4-FE15D487BD7A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DAA51AA0-EC40-4510-8CEE-27FA72EFBDEF}" = protocol=6 | dir=in | app=c:\users\21st sentry 001\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{DBF357FF-3B27-44D1-B1BF-710A9A15B133}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DD6991ED-08E9-4A05-BCF9-54D735E3AE74}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DDDD3508-E4B0-48A0-ABFA-9CC102561CC4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DE5183A5-9793-4511-88CB-5C937750E4A8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DEFF8FF9-C060-4EE6-AAE7-A93D93BECF09}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\lxduamon.exe |
"{DF069601-CCF6-4444-B49B-1F6171B9830E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DF342573-999B-41A7-9124-AD288B4BCC36}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E000C24E-8DCB-44E5-8ABA-CF5A1DFDE871}" = protocol=6 | dir=in | app=c:\users\21st sentry 001\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{E00B334D-A6F4-460C-B6DB-A973449BAF04}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E0B4E5D8-A8B9-45FA-8DF7-AC27BC06A95F}" = protocol=17 | dir=in | app=c:\users\21st sentry 001\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{E0E287B2-A1CB-44E5-93EA-B87456BB2003}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E2F86EB5-BF4A-447E-BA1B-56A4B11678AC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E359D292-D59F-4D54-BE9E-AE3B837CF57B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E37B217F-5F56-42D3-B574-642DB8C79808}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E42B0793-94B7-46B6-AE4E-CE3111488A1D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E4E6D675-D789-4297-8A72-1D3B9A119308}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E5BD5D96-3535-4AA9-B8D2-C11A63A50B81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E643AFDC-2C9C-4C63-BDD6-8616E25FF8DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E79E8ACF-A694-4A9C-B397-B386E3E62AAA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E821401F-A169-46A5-9AB3-7F89D2E44D5B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E908D1F2-A5D5-4520-B1B5-600ABC41216F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E96ED031-F1D7-4A4B-93A2-A25384E985A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EA98F159-5C79-45D2-A3B8-534E779AB5B5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EAC9173A-38B2-4352-9825-6793F7BC7B93}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{EAE82549-90F5-4AAB-934E-23A51A6B82D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EB23A768-3E59-44D4-90D2-05232C058D03}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EB4C0084-3F98-4AC3-80F7-2A3853984930}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{EC5F20AD-688B-436B-886D-99DC8DB5AFAA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EC679647-7E58-4F53-B7B5-D5BEAF499FAE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ED5E8B2B-60F0-4480-A011-3C40DED1F8AF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F236535D-492E-42D9-A567-20AB805B2609}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F2581C83-CFFC-4B5B-B689-22E717250480}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F3E5E18C-0BD1-4FB8-820E-142439C70861}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F440DA81-2C36-4231-979D-E2DE587C61DB}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\frun.exe |
"{F528CF9E-7291-44E2-88E1-36E515FABF8A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F53B52C2-D39A-4800-838B-D3D4CA173FDB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F5545C12-1531-4BF6-94E7-4CE1C4553A17}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F5A271F6-AB3F-4823-999A-E4EBE5BC2945}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F6222CF4-85A7-4F99-9A39-0B27273AFBA5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F9ADF7DF-BA7E-4BE8-A812-0D25707ACC33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F9EA1098-73CF-4324-8655-EE6D65CBD252}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FBA2098E-490D-4E1A-945B-D99ACFEAE142}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FDD7DC6F-25E0-4DDE-A0CE-018ED8E6D91D}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{FE562C58-A359-4156-906D-4B52ABB8B8CE}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{FF4B8C3F-9D61-47DC-A13B-34ACD5E758B3}" = protocol=6 | dir=in | app=c:\users\21st sentry 001\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{00D95D59-9A5F-4087-9337-56D8526F9C53}C:\users\21st sentry 001\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\21st sentry 001\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{2A426EBA-0698-417E-8581-C4CC17F7976C}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{2A86C273-99A8-4DD4-96B2-6A9A4490DD19}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{3152CF32-87F9-4786-A22D-2E5A05B63CEE}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{411B05C1-5C6B-4FC1-8697-AC4FAB5FBC89}C:\program files (x86)\addonics\nau adapter\nauadapter.exe" = protocol=6 | dir=in | app=c:\program files (x86)\addonics\nau adapter\nauadapter.exe |
"TCP Query User{52F1C92E-395F-4411-9C32-6A1593E9B0A6}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{61B2B03D-8446-4149-BDD6-F9280A9488A9}C:\program files (x86)\bitpim\bitpimw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitpim\bitpimw.exe |
"TCP Query User{6EA9AC79-DE7D-433A-891D-F28966FE4CC7}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{764BE41F-743A-4E61-966D-208A11C285F0}C:\program files (x86)\remote program\remoteap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\remote program\remoteap.exe |
"TCP Query User{83D7C779-8DDE-4EDF-B1F7-B62FB063ACCD}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"TCP Query User{85FC9126-481F-4B09-B8DC-12BAD0167B26}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{87EB698F-B253-4052-91F6-9C501CB01EC5}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{9548057E-6452-4A8C-970C-805E3362D1B5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{A18677CE-BB61-4268-80AB-06AE6D06A45C}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{A56A57E3-0ABB-4CAC-ADB3-44069A2859EB}C:\program files (x86)\addonics\nau adapter\nauadapter.exe" = protocol=6 | dir=in | app=c:\program files (x86)\addonics\nau adapter\nauadapter.exe |
"TCP Query User{B813BDD0-8D46-456C-97CF-34771384CA56}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{CCB6705F-3CBC-45A7-AA20-90661F20A774}C:\program files (x86)\central monitoring system\dbcassist.exe" = protocol=6 | dir=in | app=c:\program files (x86)\central monitoring system\dbcassist.exe |
"TCP Query User{DA10A105-7C45-4279-A814-2F710BF2EB3E}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{E1F19865-2D70-45E2-9FC3-CEA78C5B2B1A}C:\program files (x86)\central monitoring system\cmsmain.exe" = protocol=6 | dir=in | app=c:\program files (x86)\central monitoring system\cmsmain.exe |
"TCP Query User{ECA4193A-38C0-4D64-9E55-A67221D0665E}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{ECCB53F2-D0CC-4F3C-8583-DB8888181416}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{F9EE0079-09A1-4779-9451-0AD14DF29DC1}C:\program files (x86)\divis-net\multinet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\divis-net\multinet.exe |
"UDP Query User{08830CC4-81A6-476C-83BB-A34A84986FA3}C:\program files (x86)\bitpim\bitpimw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitpim\bitpimw.exe |
"UDP Query User{0E46098B-6C01-4758-BD18-6E22FEEBA742}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{103455A3-6766-4A2E-8808-EBB8DE40119C}C:\program files (x86)\remote program\remoteap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\remote program\remoteap.exe |
"UDP Query User{1A53C91E-0A9B-4C07-9C46-153C76DA9284}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{2DFB7CBF-E3ED-4BAE-ADFF-4D7F6CFF1BE2}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{30ECB21B-99A2-4A19-831B-6AC33AFACE34}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{5D7FCBCF-060D-4116-979C-81BB46EB6F0B}C:\users\21st sentry 001\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\21st sentry 001\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{6C89528E-EA12-4232-91B1-CE86EAA6AC07}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{8952F079-5BFB-4560-9B3B-5A66594A2195}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{98DA1450-059A-4A7A-AFF6-39045DD5274C}C:\program files (x86)\central monitoring system\cmsmain.exe" = protocol=17 | dir=in | app=c:\program files (x86)\central monitoring system\cmsmain.exe |
"UDP Query User{A1665CC6-36AF-48BA-9B54-633A72AAC8C3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{A76A5C1C-E8FC-479E-AFE8-5D599243FF6A}C:\program files (x86)\central monitoring system\dbcassist.exe" = protocol=17 | dir=in | app=c:\program files (x86)\central monitoring system\dbcassist.exe |
"UDP Query User{AACA9FEC-04BE-41E5-9025-2C03A6870C26}C:\program files (x86)\divis-net\multinet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\divis-net\multinet.exe |
"UDP Query User{AD942F05-16AF-4FD8-96FC-60ECD27C2C52}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{B212EDA2-7EE2-4635-83F8-ED42C48D3451}C:\program files (x86)\addonics\nau adapter\nauadapter.exe" = protocol=17 | dir=in | app=c:\program files (x86)\addonics\nau adapter\nauadapter.exe |
"UDP Query User{B804502C-ECC5-46E9-A60A-18935EE66A8F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{BF9E7B66-88DB-4C4A-AB4B-6EE4282310CB}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"UDP Query User{C542AD27-CB91-47A7-8BAD-56390E99E428}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{D13E9689-5326-45C8-BA5E-37F35062B7FB}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{D4EF6AE4-FB4C-4D65-A73A-AC105B5BB45D}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{F40D1004-CD7A-4928-B1E5-77646426A3F6}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{F6C42A41-B7E3-489E-87DA-4AD8C2297FC8}C:\program files (x86)\addonics\nau adapter\nauadapter.exe" = protocol=17 | dir=in | app=c:\program files (x86)\addonics\nau adapter\nauadapter.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BBDE5E-6B09-36CD-B5C3-E537E3F49051}" = Microsoft .NET Framework 4.5 Extended Developer Preview
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0FB70098-B0CC-4079-9D03-78A71FD76C97}" = Microsoft Online Management Update Manager
"{139D6308-027D-31C5-B43D-C13F8A8CCC98}" = Microsoft Team Foundation Server 2010 Object Model for Lightswitch 2011 - ENU
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1FADFB59-F37B-447C-BCDB-7ABE91AD3B53}" = Microsoft Online Management Client
"{25097770-2B1F-49F6-AB9D-1C708B96262A}" = System Center Operations Manager 2007 R2 Agent
"{2C3E0F57-547A-3AF4-B6DB-2CA5969518D1}" = Microsoft .NET Framework 4.5 Client Profile Developer Preview
"{4DED284C-2104-4520-892C-AD9F41490F59}" = Windows Intune Center
"{4DF327E7-5A47-434E-86EF-99CDF10E03B3}" = Microsoft System CLR Types for SQL Server "Denali" CTP3 (x64)
"{51ABA93A-6F05-4E97-A8EB-A2CD85ECF134}" = Microsoft Web Deploy 3.0
"{5A822425-4622-474F-BBB5-9900D0FA5629}" = Windows Firewall Configuration Provider
"{5D62CA9E-C68A-4BED-A1E9-7D38D9DDC2DB}" = Microsoft Online Services Sign-in Assistant
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{700F5896-E3D7-44BE-BA86-945B7D19E359}" = Windows Intune
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8424B163-D1E0-48B7-88A2-C7A61767B3D7}" = Microsoft SQL Server Compact 4.0 x64 ENU
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{A3FAE73B-4474-4A1D-A343-2FE248F05265}" = EasyTether
"{A76236D0-E716-45A7-AC9C-2B79757315F3}" = Windows Intune Notification Service
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3E15453-C9FB-49D1-BD59-F1186E2B26D4}" = Microsoft Online Management Policy Agent
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B916036A-B073-4473-815F-B58463EB276E}" = Microsoft Policy Platform
"{C40F5F38-76A7-4F18-B858-08A70E0DD0A9}" = Microsoft SQL Server "Denali" Management Objects CTP3 (x64)
"{C4143969-E470-4BBA-BFFA-45C07E9DD6D0}" = Windows Intune Monitoring Agent
"{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}" = Microsoft SQL Server 2008 Native Client
"{C8A65378-6D4F-41D3-A715-00593385CEF3}" = Windows Intune Endpoint Protection Agent
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D5B7CA4F-9ECB-4205-8B1A-4A85FAC4CE94}" = SmartFTP Client
"{E10EFE55-EE87-4D8C-953C-4397732F7505}" = Microsoft Web Platform Installer 4.0
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4.5 Client Profile Developer Preview
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4.5 Extended Developer Preview
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Team Foundation Server 2010 Object Model for Lightswitch 2011 - ENU_Lightswitch" = Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{120a0630-0f8e-4b82-aef0-5d21698730b5}" = Slots Jungle Casino
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1662ca57-c388-4f6f-8e97-7962b027ae98}" = Prism Casino
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}" = Microsoft Silverlight 4 SDK
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C82A9A8-06C7-46C7-AF7A-E7BF55A87B88}" = Sony ACID XMC 6.0
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{208e1700-6471-4db1-b9d7-6416c99e77f2}" = Slot Madness
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{293c8461-5817-46ce-936e-6d326e961de0}" = Casino Titan
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{37491A3D-B2A6-402D-898E-5C4EF3984C29}" = Adobe Flash Media Live Encoder 3.1
"{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}" = IIS 7.5 Express
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3e387d5e-05c8-4c0d-b128-6044cdac8eed}" = Slots of Vegas
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F7D09B0-13B0-4BBF-B5EB-2E04EA66D8FD}" = STAR 100R
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51286472-D746-4AD1-936B-B7A87FC9DF07}" = Microsoft SQL Server "Denali" Management Objects CTP3
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D05CEB3-647F-4408-BC8C-B1247B107E61}" = Microsoft Silverlight 5 Beta SDK
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{64546360-362C-11D4-9AC5-F6DBB4409A3E}" = MaxView
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{817662b3-3cff-40a0-97ac-1dc3bc0f14d7}" = WinPalace
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{880485F3-04BD-4605-A7A3-B141DF7A84A6}" = Microsoft System CLR Types for SQL Server "Denali" CTP3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSSUB_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSSUB_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSSUB_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSSUB_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSSUB_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Office Subscription (English) 2010
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91140000-011D-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus Subscription 2010
"{91140000-011D-0000-0000-0000000FF1CE}_Office14.PROPLUSSUB_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92370c6e-8809-42ad-9f68-86e850a7afbf}" = Cherry Red Casino
"{929D870A-E498-4748-90A2-C1D1D8976143}" = DVR Utility
"{9480A7FC-C476-4881-A92C-2E415DD362AE}" = DiViS-Net
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{af3a7743-9f92-4b64-a65b-4c80de6ad372}" = Wild Vegas
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{cd18be10-99c1-4a70-ad3a-3ca88606edb8}" = Club Player Casino
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1" = BovadaPoker
"{D8AAAC80-5C9F-48F1-BA95-4A410AE4609A}" = CMS
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E277AB0B-BAF5-31D3-9EAF-F59EF9BB9AED}" = Microsoft .NET Framework 4.5 Developer Preview Multi-Targeting Pack
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}" = FriendFinder Messenger v4.1
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{f51a5449-9174-4e90-a0b2-bd67e0a9a87e}" = Palace of Chance
"{F9A035E8-731F-4437-93E1-8CD9CB9AACF5}" = Video Poker for Winners
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"21j19estv_is1" = All In One
"Adobe AIR" = Adobe AIR
"Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"AudibleManager" = AudibleManager
"Barona Online Poker" = Barona Online Poker
"Belarc Advisor" = Belarc Advisor 8.1
"BetOnline Poker 8.2" = BetOnline Poker 8.2
"CamStudio" = CamStudio
"CMS_is1" = CMS
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Eldorado Palace 0" = Eldorado Palace
"FileZilla Client" = FileZilla Client 3.5.1
"GoldenCherryCasino" = Golden Cherry Casino
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{38CC9E7D-09E8-4528-BFFC-3162AECA02A6}" = Motorola CoreScanner Driver
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Miranda IM" = Miranda IM 0.9.10
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Mozilla Thunderbird 11.0.1 (x86 en-US)" = Mozilla Thunderbird 11.0.1 (x86 en-US)
"Office14.PROPLUSSUB" = Microsoft Office Professional Plus 2010
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"Picasa 3" = Picasa 3
"PokerStars.net" = PokerStars.net
"RealPlayer 12.0" = RealPlayer
"SHOUTcast" = SHOUTcast DNAS Server v2
"SHOUTcast Transcoder" = SHOUTcast Transcoder v2
"SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client Setup Files 4.0 (x64) (remove only)
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 1.1.9
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"Yahoo! Messenger" = Yahoo! Messenger
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-509302359-2067149998-3783769910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17E73B15-62D2-43FD-B851-ACF86A8C9D25}_is1" = Ruby 1.9.3-p194
"{BD5F3A9C-22D5-4C1D-AEA0-ED1BE83A1E67}_is1" = Ruby 1.9.2-p290
"c05b0d1b0a21ecbd" = DistanceCalculator
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

broni · 2012/05/10

I have to restart my computer to get the exact message, is it ok to do that?
Click to expand...

It's OK now.

You can reinstall your AV program at any time.

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
IE - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = *.local;192.168.*.*
IE - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = localhost:6544
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found
O15 - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\..Trusted Domains: asapcctv.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\..Trusted Ranges: Range2 ([http] in Trusted sites)
O15 - HKU\S-1-5-21-509302359-2067149998-3783769910-1000\..Trusted Ranges: Range3 ([http] in Trusted sites)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_10)
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
[2012/03/29 08:52:36 | 000,000,000 | -HSD | M] -- C:\Users\21st Sentry 001\AppData\Roaming\.#
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:8927A071
@Alternate Data Stream - 180 bytes -> C:\Users\21st Sentry 001\Desktop\id_docs.jpeg:3or4kl4x13tuuug3Byamue2s4b

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
==============================================================.

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

joblojr2 · 2012/05/10

logs

All processes killed
========== OTL ==========
HKU\S-1-5-21-509302359-2067149998-3783769910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-509302359-2067149998-3783769910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ not found.
Registry key HKEY_USERS\S-1-5-21-509302359-2067149998-3783769910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\asapcctv.com\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-509302359-2067149998-3783769910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Registry value HKEY_USERS\S-1-5-21-509302359-2067149998-3783769910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range2\\http deleted successfully.
Registry value HKEY_USERS\S-1-5-21-509302359-2067149998-3783769910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range3\\http deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\belarc\ deleted successfully.
File Protocol\Handler\belarc - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\intu-help-qb3\ deleted successfully.
File Protocol\Handler\intu-help-qb3 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\qbwc\ deleted successfully.
File Protocol\Handler\qbwc - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
C:\Users\21st Sentry 001\AppData\Roaming\.# folder moved successfully.
ADS C:\ProgramData\Temp:8927A071 deleted successfully.
ADS C:\Users\21st Sentry 001\Desktop\id_docs.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: 21st Sentry
->Temp folder emptied: 0 bytes

User: 21st Sentry 001
->Temp folder emptied: 1055732 bytes
->Temporary Internet Files folder emptied: 9099343 bytes
->Java cache emptied: 1133833 bytes
->FireFox cache emptied: 134369261 bytes
->Google Chrome cache emptied: 417803969 bytes
->Flash cache emptied: 3092482 bytes

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Greg Sullivan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 28888090 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46523362 bytes
->Flash cache emptied: 3774 bytes

User: Guest
->Temp folder emptied: 0 bytes

User: mediaruse
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2751225 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54974441 bytes
->Flash cache emptied: 756 bytes

User: Public
->Temp folder emptied: 0 bytes

User: testing01
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 258265 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 81920 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 668.00 mb

[EMPTYJAVA]

User: 21st Sentry

User: 21st Sentry 001
->Java cache emptied: 0 bytes

User: Administrator

User: All Users

User: Classic .NET AppPool

User: Default

User: Default User

User: Greg Sullivan
->Java cache emptied: 0 bytes

User: Guest

User: mediaruse
->Java cache emptied: 0 bytes

User: Public

User: testing01

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: 21st Sentry

User: 21st Sentry 001
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: Classic .NET AppPool

User: Default

User: Default User

User: Greg Sullivan
->Flash cache emptied: 0 bytes

User: Guest

User: mediaruse
->Flash cache emptied: 0 bytes

User: Public

User: testing01

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.42.3 log created on 05102012_155621

Files\Folders moved on Reboot...
C:\Users\21st Sentry 001\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

joblojr2 · 2012/05/10

logs continued

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Adobe After Effects CS3 Presets
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 31
Mozilla Thunderbird (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE
Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe
Microsoft OnlineManagement Common omsvchost.exe
Microsoft OnlineManagement Common omsvchost2.exe
Microsoft OnlineManagement Updates Bin\omupdclt.exe
``````````End of Log````````````

-----------------------------------------------------

Farbar Service Scanner Version: 08-05-2012
Ran by 21st Sentry 001 (administrator) on 10-05-2012 at 16:16:37
Running from "C:\Users\21st Sentry 001\Desktop "
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-03-01 13:47] - [2011-12-27 20:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 17:09] - [2009-07-13 18:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 16:36] - [2009-07-13 18:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2012-05-04 22:56] - [2009-08-06 19:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

-------------------------

C:\Program Files (x86)\GoldenCherryCasino\Loader.exe Win32/RubyRoyal application cleaned by deleting - quarantined
C:\Users\21st Sentry 001\Downloads\SlotsofVegasInstaller.exe a variant of Win32/CasOnline.B application cleaned by deleting - quarantined

broni · 2012/05/10

You didn't reinstall your AV program.
Do it as soon as possible.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

broni · 2012/05/14

Still with me?

broni · 2012/05/16

The issue seems to be resolved.

Log in or Sign up

Solved Update fails & other

joblojr2 Inactive Thread Starter

broni Moderator Malware Analyst

joblojr2 Inactive Thread Starter

broni Moderator Malware Analyst

joblojr2 Inactive Thread Starter

broni Moderator Malware Analyst

joblojr2 Inactive Thread Starter

broni Moderator Malware Analyst

joblojr2 Inactive Thread Starter

joblojr2 Inactive Thread Starter

joblojr2 Inactive Thread Starter

joblojr2 Inactive Thread Starter

broni Moderator Malware Analyst

joblojr2 Inactive Thread Starter

joblojr2 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Update fails & other

joblojr2 Inactive Thread Starter

broni Moderator Malware Analyst

joblojr2 Inactive Thread Starter

broni Moderator Malware Analyst

joblojr2 Inactive Thread Starter

broni Moderator Malware Analyst

joblojr2 Inactive Thread Starter

broni Moderator Malware Analyst

joblojr2 Inactive Thread Starter

joblojr2 Inactive Thread Starter

joblojr2 Inactive Thread Starter

joblojr2 Inactive Thread Starter

broni Moderator Malware Analyst

joblojr2 Inactive Thread Starter

joblojr2 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Useful Searches